Account abstraction and EIP-4337 have been hot topics in the decentralized wallet space lately. The main reason is that compared with the current EOA wallet, which is the majority on the market, they solve the pain point of seed phrase backup. At the same time, the user experience and security of the wallet are greatly improved, just like web2 applications. Therefore, they are expected to be the wallets that people want to use on the first day in web3.
To date, most wallet accounts created on Ethereum are externally owned accounts (EOA). Users directly control the account through the private key which is an extremely large and random number. The private key generates a public key to create a unique wallet address that can only be used to receive funds. The process of a user sending a transaction is essentially signing the transaction data with a private key, which is triggered by an external account. From the perspective of storage and use of the private key, EOA wallets can be classified into software wallets and hardware wallets.
EOA software wallet is a wallet with a seed phrase that uses a private key to protect users' digital assets. The wallet consists of a pair of keys: a public key and a private key. After a user creates a wallet, a public key is generated, which creates a wallet address for receiving funds. In the account creation process, the user will also get a private key. Usually, the private key is 12 words (or 24 words) in a certain order and this is the seed phrase. Users need the seed phrase to be able to migrate and restore their accounts. If the user accidentally loses or forgets the phrase, it means that the digital assets in the account will never be found.
Most EOA software wallets support users to create multiple accounts. The advantage of this type of wallet is that you can create a wallet for free or with lower costs. While the disadvantages are that users must back up the seed phrase, and need to authorize frequently during transactions, which gives crypto hackers opportunities - they can use smart contract to steal the assets away instantly. This is an important reason why the digital assets in EOA wallets often get stolen. In the aspect of usage method, EOA software wallets can be classified into browser plug-in wallets, website wallets, and mobile wallets. At present, browser plug-in wallets (such as Metamask) and mobile wallets (TokenPocket, Imtoken) are more popular among users, occupying most of the market share of EOA software wallets.
The hardware wallet stores the private key in the hardware device, and its built-in security chip has a processor and a storage unit, which can independently generate the key. Since the key is stored in the hardware, the stolen data cannot be decrypted. As a result, user privacy and data are protected. Because the EOA hardware wallet is isolated from the outside compared to the software wallet, this greatly reduces the risk of the wallet being hacked and the possibility of crypto assets being stolen.
When a user generates an account on the EOA hardware wallet, the key will be generated in the secure enclave. During a transaction, the user signs on the wallet device, and then the device sends the transaction to the network. This process does not expose the private key so that the assets are kept secure. Compared to the EOA software wallet, it is safer but less portable.
A smart contract wallet is a wallet managed by a contract account instead of an EOA (Externally Owned Account). In fact, it is a smart contract, but it can be executed like a wallet: a wallet that allows users to manage funds, log in with web2 accounts, and interact with dApps. Different from the EOA wallet, it is controlled by code and can implement any logic. More importantly, there is no seed phrase. But its creation requires an initial cost because smart contracts need to be deployed on the chain. There are several popular smart contract wallets on the market as follows.
Avatar Wallet is a smart contract wallet and it solves the private key problem through EIP-4337 and OAuth protocols and by utilizing account abstraction. The account abstraction separates the signer from the account so that the account does not need to use Elliptic Curve Digital Signature Algorithm (ECDSA) to define valid transactions, for it has its own logic to judge. The smart contract account can perfectly achieve account abstraction and set its own code logic. Therefore, users do not need to face lengthy key pairs and seed phrases and the wallet can be customized for other functions according to their needs.
EIP-4337 further implements the concept of account abstraction. In the current wallet market, Avatar Wallet is the first decentralized wallet using EIP-4337 technology. The OAuth protocol allows users to log in directly with their Google accounts. Users no longer need to install browser extensions or download Dapps, recreate wallets, and complete other cumbersome operations.
The security and usability of Avatar Wallet have reached the level of web2 applications, which is conducive to allowing Web3 users to create decentralized digital identities (DID). The role of the Avatar wallet is similar to that of email on the Internet before. It is a wallet that people want to use that first day in web3, aiming to pave the way for web2 users to enter the Web3 world.
Avatar Wallet now enables login to PlaNFT, providing it with its smart contract wallet technology services. PlaNFT is an innovative web3 trading platform for multi-chain NFT casting, trading, NFT swapping, mystery box issuing, and club creation. It builds a series of web3 infrastructures to connect ordinary web2 users to the NFT world.
The mission of PlaNFT is to introduce billions of web2 users to the world of web3, where user data is owned by individuals and generates huge revenues for content creators. In terms of mission, PlaNFT coincides with Avatar Wallet.
Argent is an Ethereum-based smart contract wallet as well as a non-custodial mobile wallet. It can be used with WalletConnect to connect to Ethereum dapps and DeFi. By adding the role of "Guardians" and binding the on-chain accounts of their friends and family members, users can manage and restore their accounts with no need for a seed phrase.
Argent has the following features:
User does not need to backup the recovery phrase
Private keys are controlled by Smart Contracts
Support Meta-transaction, users do not need to pay gas fees with ETH
Users can get a free ENS (Ethereum Name Service) domain
The highlight feature of Argent is the "Guardians" which are people and devices you choose to help keep the wallet even safer. Users can add other Argent accounts (contract accounts), EOA accounts such as MetaMask, and hardware wallets to Guardians. Additionally, Argent allows users to adjust daily transfer limits which are set to 10 ETH by default, but users can change the limits by themselves if they want. Transactions beyond the maximum limit will fail. The purpose of this feature is to prevent malicious Guardians from stealing all digital assets at once.
Insufficient: Argent cannot restore wallet accounts via email, and the security of the contract code is relatively low. Even though Argent released Argent X, a browser plugin wallet based on StarkNet, on November 17, 2022, Argent updated a bug that sending a legacy transaction to a new account triggered the Cairo virtual machine to bypass the validate method and its security checks.
Torus is a non-custodial smart contract wallet that users can log in through their Google, Facebook, Twitter, LinkedIn, or other OAuth accounts. What's more surprising is that it also allows users to log in through biometric authentication.
Torus manages keys with MPC (multi-party computation) system that generates user keys with certain shares and distributes them to independent nodes that map these keys to "validator" accounts (such as Google and Reddit), allowing users to use these accounts for login verification. After a predefined period, it migrates keys across nodes and forms a dynamic node set.
As a decentralized smart wallet, Torus supports any EVM chain and can interact through JRPC. It supports BSC, Polygon, and SKALE chains by default. Just change the JRPC endpoint of the Ethereum node to use Torus. Torus' OAuth login supports the account recovery and management mechanisms of existing account management systems (for example, Google's password recovery system, or Facebook's security questions). If users forget their passwords, they can use tools to recover their accounts and passwords themselves.
Insufficient: Torus is highly dependent on OAuth and has no censorship-resistant capability. Strictly speaking, it is not a real smart contract wallet.
UniPass is a smart contract wallet using MPC technology. It functions as both a smart contract and an MPC wallet. It uses the Domain Keys Identified Mail (DKIM) of the guardian email to authenticate reset requests. With the email social recovery solution on the chain, users can choose someone who has never set foot in Web3 as the guardian of the account, and he or she only needs to use the email account to assist users in social recovery by auxiliary verification.
UniPass adopts DKIM to protect emails from malicious modification, DNS (Domain Name Service) spoofing and flooding of spam. DKIM is a standardized email authentication technology that adds a digital signature to outgoing emails. When an email server receives a message with a signature attached, it can verify that it is from the real sender and that the content has not been modified. UniPass uses the Threshold Signature Scheme (TSS) of MPC, and relies on the EOA wallet for its security and usability, avoiding the biggest single point of failure caused by private keys.
The mechanism of DKIM is: users send emails in some way, and the content of the email address is hashed and signed by DomainKeys that then broadcast the hash values that have been signed with any remote procedure calls (RPC) service to call the reset function in the smart contract, after which the domain key signature of the guardian email is verified on the chain.
DKIM can simply complete the authentication by sending emails, and during the verification process, it does not involve any server that requires the user's request. This feature effortlessly eliminates the risks of centralization. With zero-knowledge proof, UniPass keeps user's information completely private on the chain, which protects user privacy while completing decentralized verification.
Insufficient: some operations in the wallet have a delayed response; the wallet cannot be logged in via the social media account; the wallet does not have the function of cross-platform; the process of restoring the account when replacing the device is not user-friendly enough, and so on.
As an innovation-driven dapp, Avatar Wallet is the first decentralized wallet to apply EIP-4337 technology on the market. This allows web2 users to enter more seamlessly into the web3 world and brings a daily dapp used by consumers, promoting the large-scale popularization of web3. Avatar Wallet and PlaNFT work together to empower each other, which also benefits PlaNFT to go further in the web3 space and to develop into a unicorn in the crypto field in one fell swoop.