The purpose of this article is to shed some light on why Account Abstraction will play a crucial role in future blockchain adoption. To illustrate the point, we will examine a number of potential use cases that Account Abstraction can facilitate. Where the benefits of Account Abstraction will be most pronounced will undoubtedly be in UX and Security. From a technological standpoint, Everscale’s network architecture has made the network the best fit for the full-fledged realization of this concept.
Note: For readers’ convenience, we will repeatedly use two abbreviations throughout this article. One for Account Abstraction, which is AA and the second for externally owned accounts, which is EOA.
Nowadays, there are only two types of accounts: EOA and contract. The latter is made possible with the help of AA. To understand what AA is, we will first recap how traditional accounts, or EOAs, work. This is important because most user wallets today, irrespective of their outdated and limited functionality, are still EOA. If you are not an Everscale or other TVM network user, your wallet is most likely to be as well. To stay competitive, most networks will inevitably have to implement AA shortly. Ethereum has already been plodding down this course for some time now, striving to change its core protocol to enable AA.
Externally Owned Accounts
These accounts are secured by a multi-character, impossible-to-guess secret number, called a wallet private key. The state of an EOA can only be modified through a new transaction, and a new transaction can only be initiated by another EOA. So, when the Ethereum Virtual Machine (EVM) executes a transaction, the first EOA with which the EVM comes into contact is the initiator of the transaction (this account pays for the transaction fee, also known as gas fee). When the EVM receives a request to conduct a transaction, it verifies the validity of the sender’s signature (private key), and also verifies that the nonce element of the transaction corresponds to the nonce element of the account, then executes the transaction, and then charges the transaction fee from the sender’s account. Then, it executes the transaction and deducts the transaction fee from the sender’s account.
nonce is the abbreviation for the ‘number used once’. A randomly generated number proving that a function or value was used only once.
An EOA account has:
- state: balance + nonce
- address — the last 20 bytes of the public key paired with a private key
- the ability to validate and execute transactions
At this point, it is important to clarify that: if someone has a private key, then they have an account. if A and B have the same private key, then they both own the account. This is how EOA works today.
The main issues that this logic gives rise to are: if A lost their private key to the account, then A no longer has access to the account. If B finds A’s private key, then A’s former account has become B’s current account (and all their tokens too).
What is the alternative?
Once again, in the case of EOA: account = signature
AA separates these two elements. In other words, with AA, assets are stored separately and transactions are signed separately.
AA
Contract accounts or simply smart contracts, in turn, are entirely controlled by the code deployed on Everscale and other TVM (Threaded Virtual Machine) blockchains. Don’t be alarmed, this is in complete accordance with AA theory. Rather than a cause for concern, this characteristic is actually the most interesting aspect of AA accounts. Basically, their main functionality is to carry and implement any pre-programmed logic. This means that, thanks to AA, each user can have an account that is customized to fit their needs.
AA goes beyond seed phrases
As already mentioned above, EOA accounts are secured by wallet private keys calculated from seed phrases. This makes them very vulnerable in the hands of inexperienced users. If someone gains access to a seed phrase, they can easily figure out the private key securing an account and empty all its tokens. More than that, if an account private key and recovery seed phrase are lost, they can never be recovered. Correspondingly, the tokens under their control are lost forever. It is worth mentioning that recovery phrase phishing is one of the most common ways users get scammed.
AA solves this issue by employing smart contracts used for both holding assets and authorizing transactions. The respective smart contracts can be customized with almost any logic to make them as secure and tailored to the user as possible. Ultimately, you are still using private keys to control access to your account, however, now you have some additional security measures in place making them safer to manage.
Some common examples of security logic that can be coded into an Everscale smart contract wallet:
- Multisig: share transaction signing responsibilities with multiple trusted parties. Contracts can be configured for transactions exceeding a pre-set threshold to require signatures from a certain number of trusted parties. For instance, high value transactions might require the approval of a set of family members.
- Account freezing: block an account from another authorized device, if, for instance, a current device linked to the account is lost. This way your tokens are 100% protected even if someone finds your device and gains access to your account.
- Social recovery: with EOA when you lose a device or forget a password, it effectively means that your tokens are lost forever. Conversely, with a smart contract wallet, you can customize some accounts to allow for the authorization of new devices and recover access.
- Set limits: specify daily, weekly or monthly limits for how many tokens can be transferred from an account. This means that even if your account is compromised, whoever gained access to it will not be able to empty it out all at once, which will allow you to promptly react and block the account.
- Create whitelists/blocklists: allow transactions to only take place with certain addresses that you know to be safe. This means that even if your smart contract wallet private key is stolen, whoever gained access to it will not be able to send tokens to non-whitelisted accounts. Also, you can restrict transactions to addresses you don’t want your account to interact with, for instance, sanctioned addresses or those known by you to be involved in illicit activities.
For illustration, please see below the animations for three common cases of pre-programmed logic.
Setting up limits
Social recovery
Blocklisting addresses
AA goes beyond security
With AA it is possible to make multicall transactions. This means that you can bundle several transactions into one, then process the respective sequence of operations via one atomic transaction. For instance, providing liquidity to a decentralized exchange usually requires three transactions: approving each of the two tokens, then depositing them. With AA, you can do it in just one atomic transaction. It is quicker and much more secure due to the elimination of excessive approvals.
Notwithstanding this, the benefits of AA extend much further than just reducing three transactions to one. AA can simplify even more complex processes into a one-click experience for the end user. For instance, you can pre-approve rules for interacting with a dApp in order to use it as much as you want within your preset parameters, which eliminates the need to sign each transaction. This will be particularly useful in blockchain gaming.
Put simply, you can enjoy using a blockchain game while knowing your assets are safe. The reason being is that you have set the conditions stipulating what the respective dApp is allowed to do and what it is not. This way we achieve both ease of use and risk minimization. This comes in contrast to the current modus operandi (EOA) where you either have to constantly sign transactions or put your faith in an entity that will act on your behalf.