Over the past few months, I have been deep diving into web3 passports and testing as many as possible. I’m starting to realize a common pattern of how they are all built and have been trying to figure out what components make up a passport/wallet. In this piece I will be dissecting the web3 passport stack, with a particular focus on mobile wallets.
I also replaced the word “wallets” with passports for this article. I believe protocols such as Ethereum Name Service (ENS), Lens Protocol, Disco and Safe extend web3 wallet infrastructure with identity, social interactions and security to a more general purpose utility compared to a traditional blockchain address.
Wallets have evolved over the past few years and are no longer just transaction and balance lists. Gaby Goldberg put it very well in her post “Stop Calling it a Wallet”. We should recognise the changing landscape and adjust our language accordingly to reflect this behaviour.
I believe the stack will become more modular and easier for wallet developers to build upon with more speed and security. This will help unlock more use cases and improvements to the passport experience. This includes the current hype around Account Abstraction and Wallet-to-Wallet communication which were the highlights at the inaugural WalletCon.
Let's dive into the web3 passport stack.
The current landscape of passports can be referenced via WalletConnect’s Explorer where over 250 wallets have been registered. JerichoGG/Valha’s wallet landscape article is also useful to understand the different category verticals.
Nichanan from 1kx has also written two great articles on the ecosystem regarding WalletConnect which powers a lot of web3 mobile dapp and wallet infrastructure as well as her in-depth article about different types of passports in the space (conventional / smart contract / Multi Party Computation (MPC)).
In order to understand the various components of passports, I also recommend downloading and playing with mobile passports such as Zerion, Rainbow, Omni or TrustWallet.
TLDR: Passports have evolved to become more than transaction and balance lists.
The following are common components and tooling that I’ve seen in passports. I have used the Zerion mobile passport to demonstrate most of the stack.
Seed Phrases: Save or backup your web3 ‘password’
Authentication: Connecting to your web3 account via WalletConnect.
Actions (Read and Write)
Financial Reading: Transaction List and Multi-chain balances
Financial Write: Swaps, OnRamp, Staking, Bridges and transfer limits
NFT Read and Write: Display, Trade and more.
Namespaces / Identity: Domain name (i.e. ENS / Lens) and Decentralized Identity
Blockchain Interactions: RPCs
Browser: The Fat Wallet Thesis
Networks: Chain switching and Multi-chain UX
Data: Human readable data and API Endpoints
Security: Hardware security, Multi-signature wallets and social recovery
Social: Read, Write and Follow
Communication: Chat and Push Notifications
Multi Party Computation (MPC): Social Login
Account Abstraction: Improved passport UX with paymasters and batched transactions
Transaction Security: Domain Binding, transfer limits and transaction simulations
This is the hardest part for individuals entering the web3 space. They are usually greeted via a welcome screen to save and store a 24 word seed phrase. It is very different user behavior to signing up with email or logging in with Google. I have seen some passports with great education onboarding but others make the mistake of assuming the user knows what a seed phrase is. Using Account Abstraction and MPC infrastructure, this will help improve the process. More in a section below.
Currently I have seen various onboarding approaches with respect to the user experience and the learning curve / barrier to entry for new people entering the space.
There are two ways of authentication:
dApp to Wallet (the most common pattern)
Wallet to Wallet (bring your own wallet)
dApp to Wallet
Communication protocols such as WalletConnect facilitate the connection and authentication between dApps and mobile passports.
The standard flow is to:
Have an Ethereum Account on your mobile passport
Connect to a decentralized application (dApp) by providing permissions and signing that with your private key. This is usually represented as a QRCode via WalletConnect.
You are now connected. You can perform signing and transactions between the two applications.
Wallet to Wallet
Most passports allow individuals to another one. Think of it as bringing your own cell phone to a sim card plan. As seen in the above image where you can “Import existing wallets”. This allows you to connect all your wallets into one which is quite a useful solution.
These actions demonstrate the various activities users may make within their passports. They might make simple transactions, swaps, view their NFTs or add social recovery. This vertical is where the usage of passports will continue to grow then.
This is where most mobile passports started. Onboard via a seed phrase and then show them how much money they have in their respective accounts. It usually consists of a graph of the portfolio and the tokens tied to the account. Initially it was reserved for just ETH balances but as the multi-chain EVM world grew, more data across chains such as BSC, AVA, FTM etc became accessible.
Most passports have this feature as it is a fundamental piece of how passports were architected in the beginning and using infrastructure such as Zerion API can easily help with transaction history and portfolio data.
Financial Write: Swaps, OnRamp, Staking and Bridges
With the advent of Uniswap and DeFi summer, various financial writing actions were introduced. This was translated to the mobile passport experience.
Swaps: This was demonstrated with introduction of Uniswap where you have two assets you want to change (i.e. ETH to USDC). 0xSwap API is a useful API that facilitates and finds the optimal route for swapping via the various decentralized exchanges (DEXs) that exist.
OnRamps: This is the module powered by the likes of MoonPay, OnRamper and Ramp Network which allows people to purchase crypto with their ApplePay or Credit Card. This is a very great experience and is quite seamless. Financial asset access such as crypto should be as easy as paying for groceries via ApplePay.
Bridges: With the advent of other Ethereum Virtual Machine (EVM) chains and other Layer 1 and 2’s, people wanted to easily swap one asset onto another network. I.e. ETH to Polygon Network. This ties in the mult-chain balance component where individuals may have assets across multiple networks. Zerion is powered via Socket which is an interoperability stack that helps developers build cross-chain apps. Lifi is also another great developer experience where passports can integrate their SDK and can easily bridge and access DEX aggregators across multiple networks. More info in the Networks Section.
Trade / Transfer Limits: This is a simple but interesting feature but some passports recognise the need to not overtrade on mobile phones as it is not the most secure so provide transfer and trade limits which is quite useful for the onboarding process
Staking: The action to stake a token into a liquidity pool was introduced during Defi Summer and this is another common action people may take in order to receive tokens in return for their risk. Coinbase Wallet shows simple steps and suggestions for users to stake their tokens in order to earn X APY or via their CbETH for Lido. Also a special mention to Valha.xyz who are creating an Defi API that aggregates staking and more financial actions into one resource.
With the NFT boom, passports started by displaying NFTs so users could visualize the items they have in their address and swap them. I imagine more innovation will occur within this domain with the growing intersection of NFT and finance (i.e. NFT lending). At the moment, it still feels like the 2018+ era with transaction lists on mobile where NFT’s are solely displayed with a transfer functionality. Protocols such as Reservior are useful to power such solutions.
This is one of the main reasons why passports > wallets. Our real life passports represent a certain identity associated with a nation and this is what name resolvers such as ENS, Lens and Decentralized Identifiers (DIDs) via Disco enable. You can register tom.eth or tom.lens which creates a relationship with that ‘nation’ we call Ethereum and Lens Protocol. ENS has existed for quite some time in the ecosystem, however the best example is by Rainbow where I can purchase and register my ENS name in several minutes and see what I registered.
Additionally the innovation with DIDs and Verifiable Credentials by harmonizing on-chain and off-chain activity into “data backpacks” is really interesting. They extend what we know of just tying ourselves to an ENS domain and enable people to store and carry data they want to share to third parties (i.e. like a backpack or a passport). Check out companies such as Disco and Webacy. Also highly recommend checking out Evin’s talk at EthDenver below.
Infura, Alchemy, QuickNode and Pokt are the main players that serve users to make Remote Procedure Calls (RPC) / requests to respective blockchains and this is the underlying technology that enables blockchain methods and actions to be processed.
The Fat Wallet Thesis is the thesis that wallets could be the main accrual platform to help users interact with the blockchain. As Jeremy from Lightspeed wrote, “the majority of customers and assets will gravitate towards the most useful and trusted tools.” In web2 analogy, it is akin to travelers using aggregator sites like booking.com since flights, hotels and car rentals are all under one site. Coinbase and Metamask have the largest web3 userbase however there is room for a passport to become an aggregator like booking.com.
However, there has been significant progress in using an in-passport browser to interact with the blockchain. At WalletCon, Zerion explained that 50% of their transactions actually occur within their in-built dApp browser which was quite impressive. Let’s see if the Fat Wallet Thesis prevails.
Within each blockchain ecosystem, there are several flagship mobile passports in the space:
Ethereum / EVM: Rainbow, Trust, Zerion, Metamask, Argent
Polkadot / Substrate: Talisman
As the mobile passport development improves and becomes more interoperable (actually possible at the moment), I can envision a passport who manages several L1’s/L2’s in one of their passports will be able to have a significant market share. I.e. A mobile passport that can handle Ethereum, Solana and Cosmos which has great marketing across all chains. Phantom seems quite well positioned here at the moment.
With the large amount of data that exists on various blockchains, for each mobile passport developer to index and write their own methods to call data is arduous. Therefore a lot of the underlying data you see in mobile passports are powered via Debank, Zerion and Covalent. This is a hidden but core piece of infrastructure.
Security is of paramount importance in the web3 ecosystem and key management is a very high priority for individual users. In the onboarding process, I demonstrated the various steps necessary to create a passport and then ‘back it up’. However if you lose your phone and your seed phrase you are in trouble. Hardware passports are more robust as you keep them in a secure physical place. Ledger is a leader in space and has done a very great job with mobile compatibility. Several of their physical products work well with bluetooth and I can sign a transaction via my mobile. Stacks will also be an interesting product and one to keep an eye out for.
Multi-signature wallets are another alternative to create ‘safer’ passports. They are smart contract wallets that allow N amount of parties to govern the actions of a passport. The gold standard of this is driven by Safe (formerly known as Gnosis Safe). A notable mention is given to Tribes who facilitate the creation of social Safe multi-signature wallets which is quite cool.
Social Recovery is also another interesting security feature. The concept is driven via “guardians’ where you can delegate N amount of friends to help you recover your passport account if you ever lost it. Argent are the main pioneers in the space that brought this concept to web3 and is possible via their mobile passport.
The rise of web3 social has been very interesting. The introduction of decentralized social networks such as Lens Protocol, Farcaster and xBackPack represent a new shift in the way we interact and port our social identities. Various mobile passports have started to integrate these social networks as features within their application. This use case will continue to expand.
This is a very hot topic at the moment and no one has really cracked the messaging component. Protocols such as WalletConnect, XMTP, Push, Notifi and Wherever are moving the needle in the space where address to address messaging can occur alongside notifications.
We are on the cusp of seeing new web3 inboxes integrated into passport communication. This could entail protocols messaging their users, providing exclusive on-chain suggestions and deals or re-imagining concepts like the aforementioned Tribes passport.
It represents the re-invention of message communication in this new domain called web3. However we will need to be careful with spam prevention and phishing through these messaging protocols and platforms.
Another hottest topic in the passport space is Account Abstraction (AA). It is similar to Gnosis and Argent and is a smart contract wallet that delegates the creation and management of the transactions. Several features such as paymasters, social recovery and atomic/batch user operations are enabled by AA.
There are now several Account Abstraction passports such as SoulWallet and PatchWallet being built in the space so it will be interesting to see their products and how that will influence the onboarding and key experience on mobile.
Notable infrastructure projects powering the space include Stackup, ZeroDev, Biconomy, EtherSpot and Safe. Check out this thread reply by Alexander Chopan for other AA projects.
MPC (Multi-party computation) crypto passports are a type of digital passport that uses sophisticated cryptographic technology to secure cryptocurrency assets. The private key is divided into multiple pieces, which are distributed among several parties. These parties work together using a mathematical algorithm to reconstruct the private key when it’s needed to sign a transaction. This approach eliminates the risk of a single point of failure and reduces the chances of the private key being stolen or compromised. It has been around for a few years but this technology is now being brought mainstream via projects such as Web3Auth, Intu, Lit Protocol.
With various phishing methods, many people have been caught signing transactions or approvals to malicious sites and contracts which can drain their account. Domain binding browser extensions such as Fire and transaction simulations via Tenderly and Blocknative allow users to verify that the signing experience is coming from safe sites / contrasts which is a very positive step. More of these safety experiences will definitely move into the mobile passport experience.
Transfer Limits are also a simple but interesting feature. Some passports recognise the need to not overtrade on mobile phones as it is not the most secure so provide transfer and trade limits which is quite useful for the passport experience.
It requires both users and passport developers to realize what pieces of this passport stack they want to incorporate or interact with. Will passports decide to integrate every part of the passport stack or focus on a few with a great experience. Will certain passports do well for NFTs and DeFi? Time will tell.
Personally I am looking to see if a wallet can conquer the fat wallet thesis, how far web3 identity will be extended with DIDs and how account abstraction passports will be built with features such as paymasters. With regards to developer tooling, I also believe that more innovation and effort will be made to support this growing mobile passport stack.
Hopefully you enjoyed this piece and let me know if you have any feedback. Am reachable via Twitter
Thank you to Pedro, Abi, Sophie, Mikey and Nich for their feedback and suggestions.