This new technology, Account Abstraction, is all the rage in the web3 community over the past year. Well, more so from the Ethereum-first developer community. But in the EVM landscape, anything Ethereum does, so goes the rest.
To paraphrase all the available content online, Account Abstraction is a next-gen standardized smart contract wallet that is slated to provide more bells & whistles with less onboarding friction for users.
What does that mean and how is this different from our current “regular” crypto wallets?
The wallet’s logic and security is essentially a smart contract. And with smart contracts comes the availability of your slew of advanced functionality such as multi-signers, time-locks, spend limits, whitelisting, on-chain recoverability, and etc.
Account Abstraction was born from the finalization of ERC-4337. It’s essentially a backwards-compatible (no network hard fork needed) set of protocols & services that allow for this concept of an easier, yet Swiss army knife like, wallet that the industry needs for the next onboarding of 1 billion users.
So I did my research and am still a bit stumped. It also doesn’t help that many talks on Account Abstraction (AA) are just merely talks without contextual demonstrations.
There’s still a lot of misconceptions about Account Abstraction. Here’s a few that need to be rethought in the way it's communicated by the community.
Alot of the AA explainer/blogs I've come across, the majority of them seem to implicate the rhetoric of AA wallets replacing EOAs. EOAs are skeptically notorious for being complicated because you need to deal with those precarious BIP39 seed words. AA implies that it’ll be “seedless”.
But from my understanding, you still need an EOA behind an AA. Regardless if it's with an actual hardware wallet (which is an EOA), or if it's with your email/pw combo (which can be argued as also being a single point of failure).
So when I see overreaching tweets pushing for AA replacing EOA, it's actually coming off as nonsensical. Because at the end of the day, there will ALWAYS be an EOA or some form of single point of failure behind an AA. Meaning that the issue with protecting/remembering your “private key” will persist. There’s no going around that.
Can someone tell me why does it cost about 0.005 ETH (as of time of writing) just to send 0.01 ETH via my new fancy AA smart wallet? I thought the whole point of a smart contract wallet is to save fees. I get that network fees are a bit high right now but it costs less to use an EOA wallet to send ETH rather than this fancy new gadget right now.
Hold that thought.
Batching transactions in tandem with pre-paid gas fees can incrementally reduce gas fees per tx in a linear fashion. So it's like, if you spend more (have more on-chain activity), the more you'll benefit from AA wallets. But if you don't garner enough web3 activity/needs, then AA is not really worth it. So is AA’s intended target market a power user or a beginner? I’ve spoken to a few web3 power users and many still haven’t even tried smart wallets yet.
I've also been seeing dApps that are implementing smart wallets/AA in their dApp client. So if I am prompted to create a smart wallet in their dApp, is that smart wallet ONLY applicable/usable to that dApp? Perhaps so…
But what about interoperability? Oh, so then I need to export the key of that siloed smart wallet into a normal EOA wallet? This already seems more complicated than just starting with an EOA.
During my course of AA research, it's been noted many times that during the initial setup of an AA wallet, the UX will be made easier because there will be these paymasters that can help with paying network fees.
False.
During my initial setup of an Ambire smart wallet, I had to take care of my own fees, which was quite hefty.
So here’s the thing. Experiencing gasless transactions is up to the discretion of the provider of your AA wallet. How long could a provider sustain this model? How long could a token project sustain free airdrops all day long? Hmmm…..
There’s an obvious tradeoff between convenience and security. All wallet teams & developers know this. AA smart wallets give us the optionality of 1-click logins via current flows: Login with Google, Facebook, Apple, etc…
Are we inadvertently becoming too reliant on web2 security models by pushing the convenience factor too high? Will the next onboarded users into web3 even know what a private/public key pair is? Is abstracting away arguably fundamental knowledge of wallets removing the intangible self-custody magic we all adhere to with the proverbial “Not Your Keys, Not Your Crypto”?
The continuous and unstoppable improvement on crypto wallet tech is a double-edged sword. But some incidents continue to baffle me: recently a friend of mine who’s been working in this industry for quite a few years didn’t even know what a UTXO is.
Having spent some time tooling with ThirdWeb’s open-source SDKs on AA & embedded wallets, there’s no doubt the onboarding experience is seamless. But at what cost? Each variation of AA & embedded wallets seems to implement some type of ‘2 of 3’ party recoverability setup from the sharding of the actual private key. This means parts of your private key are held by different 3rd parties. I know I previously gave verbal support to Ledger’s Recover service, and I continue to condone it, but it just accentuates the unfortunate trajectory we are heading towards: losing the raw artisanal nature of true self-custody. I believe it's only a matter of time we start seeing complications arise with AA smart wallets.
But that 1-click login flow for a beginner truly can give them a faster crypto onboard. I’ll admit that.