Cointime

Cointime

Download App
iOS & Android

EIP-3074: Risks/Opportunities for Smart Account Adoption (and why we need EIP-5003)

From Safe by eb©hia.eth, Lukas Schor

Co-authors: Lukas Schor, Richard Meissner, Tobias SchubotzSpecial thanks for your feedback: Martin Köppelmann, Konrad Kopp, Itamar Lesuisse, Matt Garnett, Kristof Gazso, Ahmed Al-Balaghi, Vitalik Buterin, Yoav Weiss

On the journey to full account abstraction (AA) on Ethereum, we stand at a crossroads: ERC-4337 lies behind us, while ahead, EIP-3074 opened up a new path towards full AA. However, there is a risk to diverge onto the dangerous path of EOA Enshrinement. To prevent this it's critical to support EIP-3074 with the addition of EIP-5003 in the upcoming hardfork. This builds a sturdy bridge to full AA, avoiding the risk of fragmentation and leading Ethereum safely towards the bright future of smart accounts.

Tl;dr:

The Ethereum Core Developers have aligned to incorporate EIP-3074 in the upcoming Prague/Electra hardfork, targeted for Q4 2024 / early 2025. EIP-3074 allows externally owned accounts (EOAs) to delegate their transaction capabilities to smart contracts, enhancing functionalities like transaction sponsorship and batch processing. While EIP-3074 serves as a short-term fix to improve the UX of EOAs, most of the Ethereum community is still aligned that the end-goal is to move all users to smart accounts. EIP-3074 brings some improvements to smart accounts and is a stepping stone towards full AA, but it absolutely requires EIP-5003 to fully get there. Without EIP-5003, we would enshrine EOAs further.

What is EIP-3074?

EIP-3074 modifies the Ethereum protocol to allow EOAs to delegate (AUTH) their transaction capabilities to smart contracts (so-called “invokers”), enabling additional functionality like:

  • Sponsored transactions: Ability for dapps or other parties to sponsor the gas of a transaction.
  • Batched transactions: This allows for two or more contract calls to be executed in the same transaction. Users can call approve and transferFrom in a single transaction, for example.
  • **Access delegation: **Users can delegate control of their EOA to other keys which might have different security properties. For example, a user may add a phone hot wallet key with a daily allowance to their account.

These features were so far only accessible to smart accounts. Which meant that applications had to build two different user experiences for EOAs and smart accounts.

Opportunities for smart accounts

EIP-3074 primarily empowers EOAs, but it also brings some new beneficial side-effects for smart accounts:

  • Easier migration: With empowered EOAs, users could more easily migrate to smart accounts. A crucial challenge for users to switch to smart accounts so far was the effort and gas cost of migrating existing assets. EIP-3074 allows smoother migration in a single batched & gas-sponsored transaction.
  • Unified UX/DevEx: Dapps can build better user experiences without having to exclude EOAs. This increases significantly the incentives to leverage sponsored transactions and transaction batching, as well as standards around them. Dapps would generally need to adjust to more flexible account logic, which would allow smart account features like session keys or multisig to fit better into overall development frameworks.
  • Hybrid accounts: EOAs can set smart accounts as invokers. For example, this would enable a Safe Smart Account to control an EOA, while the EOA’s private key retains superiority and could disable the Safe’s control. This could lead to interesting new hybrid custody use-cases or allow EOA users to “test” a smart account before migrating assets.

EIP-5003: Closing the gap to smart accounts

While EIP-3074 allows to delegate control over an EOA to smart accounts, the original private key can still authorize any action on the EOA. This prevents EIP-3074 to introduce any (security) features such as:

  • Multisig: Multi-signature wallets or onchain multi-factor authentication still require a smart account as EIP-3074 EOAs at any point are still controlled by the original private key.
  • Recovery: While certain recovery schemes may be possible, it is never possible to recover (rotate) the primary private key controlling the EOA with EIP-3074, so many recovery schemes require a full smart account.
  • Quantum-resistance: Eventually we’ll need to migrate users anyways to smart accounts to achieve quantum-resistance, either naturally or through an emergency hardfork.
  • Others: Deny-lists, co-signers/guards, fallback handlers that require different signature schemes depending on the use-case.

There is a viable migration path discussed that would close the gap and allow a full migration of existing EOAs into smart accounts: EIP-5003. This upgrade extends EIP-3074, allowing for deployment of smart contract code at the address of the EOA, while revoking access of the original private key in the process. This allows fully converting EOAs into smart accounts while keeping the public address, soulbound tokens and non-transferable reputation and generally guaranteeing forward-compatibility with the future account abstraction roadmap.

However, there have been some concerns on the viability of this upgrade path, particularly related to edge-cases where the private key, that was assumed to be revoked, could still authorize actions on the account:

  • Cross-chain: The revoked EOA key remains valid on other networks, including those that may emerge in the future. This could allow anyone having access to the OG private key to claim the same account on different networks and move assets.If an EOA is migrated to a smart account on a specific network, it should not be assumed that the EOA is migrated on new networks automatically. Smart accounts already face a similar issue today, with them not being deployed on new networks as well as state changes (key rotations) not being synced. Cross-chain approaches like keystore rollups may mitigate this to a certain extent.
  • If an EOA is migrated to a smart account on a specific network, it should not be assumed that the EOA is migrated on new networks automatically. Smart accounts already face a similar issue today, with them not being deployed on new networks as well as state changes (key rotations) not being synced. Cross-chain approaches like keystore rollups may mitigate this to a certain extent.
  • Off-chain signatures: The compromised key can still be misused in off-chain systems, such as the login processes of dapps or permit2 token approvals, which verify signatures. While these systems may support smart contract signature standards like EIP-1271, they typically default to this only if the standard ecrecover fails, leaving room for the revoked key to potentially compromise accounts.The sensible approach would be, as part of EIP-5003, for ecrecover to always fail for EOAs that were migrated to smart accounts. A migration to a smart account should be an explicit and complete move to a new authentication logic.
  • The sensible approach would be, as part of EIP-5003, for ecrecover to always fail for EOAs that were migrated to smart accounts. A migration to a smart account should be an explicit and complete move to a new authentication logic.

Is EIP-3074 good or bad for AA?

Over the last months, the community leaned into ERC-4337 as a first step towards full AA. It allowed kick-starting a developer ecosystem, stabilizing the spec and tooling for bundlers and creating learnings. It was subsequently planned to implement native AA on L2s (RIP-7560) and eventually bring a similar EIP on L1.

ERC-4337 initially got started with hugely inflated expectations, which helped gather momentum and attract developers. There have been positive signals that we are close to reaching the tipping point, with major exchanges (OKXCoinbase) and wallets (TrustMetamask) investing into support for ERC-4337. But the inflated expectations also meant the inevitable sobering moment that full AA (via RIP-7560 or similar) will take longer than initially expected, as the appetite / urgency for L2s to work on RIP-7560 is still small today.

AA-related Ethereum standards/upgrade going through their respective “hype-cycles”

This is one of the reasons, parts of the community turned to EIP-3074. As the migration of users to smart accounts seemed too far out, some voices became loud to at least partially fix EOAs in the meantime. EIP-3074 does not replace ERC-4337, they are actually quite synergetic, but it does shift the focus further away from ERC-4337/RIP-7560.

In order for full AA to be feasible, we need to find ways to migrate existing EOAs. As EOAs still make up a majority of users in Ethereum, impacting priorities of developers and teams. This can happen in two ways, (1) have users manually switch to smart accounts or (2) implement ways to turn EOAs into smart accounts.

The inclusion of EIP-3074 carries the risk that it will bring us further away from achieving full AA. It enhances EOAs, so it negatively contributes to (1), while not actually solving for (2).

Without EIP-5003, EIP-3074 is currently lacking any clear pathway to full AA and has a net-negative impact on AA adoption. Even more, after the Prague/Electra hard fork there might not be a window to include AA-related upgrades for another 2 years as focus will shift towards verkle trees. Therefore we should include EIP-5003 in the Prague/Electra hardfork, to prevent having EOAs enshrined further.

Effects of EIP-3074 on AA roadmap, with/without EIP-5003

Summary

The debate around EIP-3074 is a critical juncture for Ethereum's account abstraction trajectory.

Original AA Roadmap

Experiment with application-level AA (ERC-4337), showcase native AA via L2s (RIP-7560) and eventually bring native AA to L1. Solve for legacy EOAs via migration transaction (EIP-5003, EIP-7377 or even force-migration). This path is likely to take significantly longer than expected and is held back by EOA dominance.

What we SHOULD be doing instead

Implement EIP-3074, but also include EIP-5003 in the Prague/Electra hardfork, allowing for a full migration to smart accounts. This allows not leaving legacy users behind while ensuring that they don’t hold up AA efforts.

What we are currently planning to do (Worst case)

Only implement EIP-3074, and risk enshrining EOAs, or at least holding up the adoption of smart accounts significantly.

The cross-road of Ethereum’s AA roadmap (thanks to Vitalik for the improvement ideas)

Comments

All Comments

Recommended for you

  • Crypto trading ecosystem LazyBear completes strategic financing of 4 million USDT

    The cryptocurrency trading ecosystem LazyBear announced the completion of a strategic financing of 4 million USDT, with participation from Gogeko Labs, DWF Labs, Shadow Labs, Salad Labs, Bees Network, REI Network, IBIT, Crypto Bullish, SYNBO Protocol, Bazaars, Sypool, Bitcoin Gbox, GemX Crypto, Wikibit, and others. It is reported that LazyBear is a cryptocurrency trading ecosystem for retail traders, committed to providing users with an industry-leading, low-fee, inclusive, and enjoyable trading experience.

  • Tether Invests $200M in Majority Stake of Brain-Computer Interface Company Blackrock Neurotech

    Tether's venture capital division, Tether Evo, has invested $200 million to acquire a majority stake in Blackrock Neurotech, a company that develops medical devices powered by brain signals to aid those impacted by paralysis and neurological disorders. The investment will fund the roll-out and commercialization of the devices and research and development purposes. Tether, the issuer of stablecoin USDT, has recently established four divisions to expand beyond stablecoin issuance and believes in nurturing emerging technologies with transformative capabilities. Paolo Ardoino, CEO of Tether, stated that Blackrock Neurotech's brain-computer-interfaces have the potential to open new realms of communication, rehabilitation, and cognitive enhancement.

  • Turnkey Raises $15M Series A Funding to Expand Wallet Infrastructure for Crypto Developers

    New York-based Turnkey has secured $15m in Series A funding led by Lightspeed Faction and Galaxy Ventures, with participation from Sequoia, Coinbase Ventures, Alchemy, Figment Capital, and Mirana Ventures. The company, founded by the team behind Coinbase Custody, offers a wallet infrastructure that enables developers to build anything that involves a wallet or cryptographic transaction. Turnkey plans to use the funds to expand operations and development efforts, and has already integrated with companies including Alchemy, Dynamic, Goldfinch, Halliday, Thunder Terminal, and Kinto. The product suite offers embedded and smart wallet services, biometric passkey logins, and seamless onboarding experiences for users.

  • Thai regulator to crack down on deceptive cryptocurrency ads

    Cryptocurrency advertisements that contain false, exaggerated, distorted, concealed, or misleading information violate Thai regulations. Regulatory agencies in major cryptocurrency markets have also taken similar measures to minimize investment losses in cryptocurrencies. For example, the UK Financial Conduct Authority (FCA) issued 450 illegal cryptocurrency advertising alerts in 2023 alone. In addition, in November 2023, the Spanish National Securities Market Commission, the main securities market regulatory agency, condemned fraudulent cryptocurrency asset promotion activities on X and reiterated the company's obligation to comply with local laws. The Thai Securities and Exchange Commission reminded cryptocurrency exchanges to include appropriate warnings about investment risks and to avoid attracting new users through special promotions. He warned that violating the above guidelines would result in "legal punishment".

  • Cointime精选 ·

    Enshrine AI into EVM

    Axonum enshrines AI into blockchain to build a decentralized supercomputer powered by global collective intelligence.

    Enshrine AI into EVM

  • Russia to impose cryptocurrency restrictions, exempting miners and central bank projects

    Russia will implement cryptocurrency restrictions, exempting miners and central bank projects. Starting from September 1st, Russia will impose strict restrictions on the circulation of cryptocurrencies such as Bitcoin, only allowing the issuance of digital financial assets within its jurisdiction. Anatoly Aksakov, Chairman of the Financial Market Committee of the State Duma, led this initiative. This is part of a wider government effort to control the cryptocurrency ecosystem in the face of escalating geopolitical tensions. Aksakov stated that the upcoming legislation aims to restrict non-Russian cryptocurrency transactions to strengthen the dominance of the ruble. Meanwhile, recent reports indicate that Russian entities have used cryptocurrencies, particularly Tether's USDT, to purchase key components for military technology.

  • Ethereum stablecoin transaction volume exceeds $1 trillion so far in April, setting a new record

    On April 29th, The Block data shows that as of April 28th, the trading volume of stablecoins on the Ethereum blockchain reached a record high of $1.08 trillion in April, with DAI trading volume ranking first at $578.07 billion, followed by USDC at $268.15 billion in second place, and USDT at $198.62 billion in third place.

  • Shenyu: Up to one billion users' cloud input methods may have leaked input content. Please take immediate measures to reduce the risk.

    On April 29th, Cobo co-founder and CEO Shen Yu wrote on X platform that the cloud input method used by up to one billion users may have leaked input content. If you have entered mnemonic words or other sensitive information through any of the following cloud input methods, please take immediate measures to reduce the risk.

  • EU member states prepare to enforce landmark crypto law, MiCA

    The European Union is set to enforce MiCA, a crypto law that mandates national regulators to license and supervise service providers. While the regulation is EU-wide, countries can implement slightly different technical standards that crypto firms must adhere to. MiCA's specialized rules for stablecoin issuers will take effect in a few months, followed by licensing and other requirements for crypto firms broadly in December. Each jurisdiction must transpose the EU regulation into local law, select which of their regulators will oversee crypto, and prepare to authorize token issuers and other service providers. Regulators are facing challenges in implementing the new legislation, particularly in terms of licensing requirements, and each country's crypto industry has its own concerns about implementation and proposed laws.

  • The total open interest of BTC contracts on the entire network dropped to $29.83 billion

    According to Coinglass data, the total open position of BTC futures contracts on the entire network is 478,180 BTC, equivalent to 29.83 billion US dollars.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company