Wallet experience with ERC4337

In the wake of account abstraction's surge, smart accounts and their modules have unlocked unprecedented potential, sparking debates about the ultimate wallet experience. A key conversation is the trade-off between a unified wallet experience across multiple dApps and the creation of distinct, embedded wallets within each dApp. This junction primarily influences user experience, privacy, and wallet portability.

Our alignment is firm with Vitalik in his AMA on Farcaster: a separate account for each dApp to maintain privacy, with all such accounts manageable by one master wallet or validation secret to avert vendor lock-in and preserve wallet portability.

Existing modular smart accounts tiptoe towards this ideal, with nuanced differences

Smart Accounts with ECDSA Module

Imaging that smart accounts in each dApp are appointed with an ECDSA validator as the standard validator. Users can control these accounts through MoonChute’s unified smart account manager, executing user operation across these smart accounts.

The downside is apparent: there's a clear lack of privacy as the linkage between smart accounts and their EOA wallet counterparts is laid bare.

Smart Accounts with Stealth Address Module

Opting for a stealth address module over an ECDSA Validator enhances privacy by concealing the interconnections of smart accounts within a dApp. This method still permits operations to be initiated from the EOA wallet while keeping the smart accounts' connections under wraps.

Problems

These methods, while forward-thinking, are not devoid of complications. Firstly, a security breach necessitating the update of each linked smart account is a daunting task, scaling in difficulty with the number of accounts. Secondly, the user experience is diminished by the need to engage with the parent EOA wallet during the creation of child accounts. Moreover, the burgeoning diversity of validation methods within modular smart accounts is chipping away at the very portability we strive to maintain.

Our answer to these dilemmas lies in the concept of hierarchical smart accounts—a structure designed to streamline management while preserving privacy and portability.

Hierarchical Smart Account

Parent Smart Account

In hierarchical smart accounts, a “Parent smart account” is the linchpin, generating “Child smart accounts” for each dApp. The parent wallet must feature paramount security measures and have recovery options in case of loss of control.

Child Smart Account

Child smart accounts, on the other hand, can afford to offer a more relaxed security setting that is adjusted according to the dApp's specific modules. For instance, a child account within a GameFi dApp may allow transaction approvals solely through a passkey.

ValidateUserOp From Parent

If a user wishes to perform actions not supported by the dApp, like listing an NFT on OpenSea, they can execute it from the parent smart account without worrying about the validation module signature construction used in the dApp which increases the portability of the smart accounts.

Moreover, in the event of a compromised validation secret of the parent account, “condition” in the validation module of child smart account, exemplified by the Rhinestone modulekit, would shield child smart accounts from from being compromised by the parent smart account.

Goal

The goal behind the Hierarchical Smart Account is to provide a seamless, secure, and private blockchain experience for users that consolidates control, ensures privacy across dApp activities, and eliminates the burden of managing a multitude of dApp credentials.