So you think you can Abstract: improve your dApp’s onboarding with Account Abstraction ERC4337 aka smart wallets
If you’ve been around web3 for any amount of time, one of the first things you’ve had to learn to use was a “wallet".
It makes sense, the gateway to Web3 is cryptocurrency and wallets are the way to keep your coins safe.
Let’s be real the ecosystem has matured and the wallet construct doesn’t work as well anymore. Crypto isn’t the only use case for Web3. Today’s dApps help you prove your identity, track real world assets, play games and more. Yet the wallet hasn’t improved much for everyday people.
Let’s begin with the Metamask wallet, you install a browser extension or mobile app, next you generate a seed phrase, which must be kept securely or else you lose access to your wallet permanently. That’s not all, every interaction you make with a dApp has to be authorized on this wallet. Finally, you must own enough native tokens to pay for gas.
Though it’s painful for beginners, wallets give the user complete ownership of their data and assets. Even the most powerful governments can’t authorize actions on your wallet (unless they have your private key) which is not true for traditional applications.
Why should you care?
Immutable Passport a web3 gaming wallet that uses MPC(multi-party computation) to give it’s game players a frictionless wallet sign up flow saw a 250% increase in onboarding completion when they switched from traditional wallets.
That’s the point, frictionless wallets means everyday people can use dApps without giving up security.
This is where the Account Abstraction (AA) ERC4337 standard shines. It’s arguably the most impactful Ethereum UX improvement because developers can integrate familiar authentication and authorization features into their dApps.
What is AA (Account Abstraction)?
It’s an improvement to the accounts architecture on Ethereum (and other EVM Blockchains). It gives developers the option of using smart contract wallets instead of EOAs. Learn more here.
Here’s how it works.
First, accounts (or wallets) are no longer public-private key pairs, they are smart contracts.
The implication is that accounts can be generated with different methods e.g an email address, phone number, social media account (Facebook, Twitter, Instagram or LinkedIn) or biometrics.
Secondly, because accounts can be generated in so many ways, the way User Operations (aka transactions) are sent to the Blockchain has changed as well.
This is important to remember as a developer. But, for users, it makes it so much easier for them to use dApps and interact with on chain data.
How to use Account Abstraction (AA) in your project
Luckily using AA in your dApp is easy because you don’t have to implement the standard yourself or worry about infrastructure e.g (alt mempool, paymasters). Instead, integrate your dApp through the convenient APIs of a managed AA service. Think of it like using OAuth but for Web3.
Bear in mind that they are paid on mainnet and free on testnets. They offer:
- Audited wallet contracts
- Audited entry point contracts
- A paymaster service
- A bundler/alt mempool service
- APIs for the most common sign up and validation methods i.e social accounts
- Wallet recovery options
If using a third party service is not your cup of tea, read to the end to learn how to setup your own AA infrastructure. This is a great option for those who need to own the entire stack for security or privacy reasons.
Managed AA services
- ZeroDev: a headless smart wallet SDK for your dApp. It’s also composable at the infrastructure level. That means you can switch their bundler or entry point contract for another.
- StackUp: they offer a fully managed service that is very convenient. I haven’t seen options to customize their AA infrastructure, but they provide a lot of features.
- EtherSpot: a wallet SDK that provides wallet contracts, bundler and paymaster.
When implementing AA in your dApp, you should consider:
- Ease of customisation and maintenance
- Account recovery options
- Custody of private keys
- Gas payment options
I’ll focus on ZeroDev’s managed service, because they have some extensive docs, their API is composable i.e you can use a different bundler or entry point with their smart wallets and it’s free on testnets.
See how you setup a project with a ZeroDev API key and interact with a testnet with your new wallet.
Create an AA account
This is what happens when your user’s sign up to your dApp. Before you use ZeroDev’s API there are a few things to decide.
- Validation method: this is how the User Operations (aka transactions) from the smart wallet gets marked as correct or not. Options are ECDSA (default), KillSwitch, MultiECDSA (aka multisig) & Session Keys.
- Signing method: define the method that your dApp’s users will use to authorize User Operations. The options are raw private key, email/social accounts, biometrics(passkeys) and anything else you can imagine.
Use an AA account
- Gas: when using EOAs the sender always pays gas, but with AA, you can choose to pay gas through a “gas station” on behalf of your users. You can also let your users pay with an ERC20 token instead of the native token.
- User Operations: there are some improvements to User Operations (aka transactions), you can batch transactions together before authorization. There are session keys which are similar to JWT tokens in Web2 and allow you to sign any User Operations within a certain time and makes it really convenient for users.
- Manage Wallets: you can change who owns the account based on the validator rules you set earlier. You can also recover an account, but that feature is in beta.
Implementing your own AA infrastructure
Based on your project’s requirements, you can decide to build your own AA infrastructure bear in mind that it must include:
- A wallet contract
- A wallet factory
- Alt mempool
- Entry point contract (you don’t have to deploy your own entry point contract, because it’s already deployed to the Blockchain and already audited)
Reference the ERC4337 spec and these open source implementations:
AA is a welcome improvement in my opinion. New users to your dApp should have a smooth and pleasant experience, it might be their first time on Web3.