Zero-Knowledge Virtual Machines Key to Ethereum Growth, Says Hashkey Capital

October 5, 2024 Bitcoin.com

Ethereum Proposal by Vitalik Buterin Introduces Advanced Account Abstraction Features

May 8, 2024 Bitcoin.com

Altcoin Explodes by Over 50% in Less Than Two Days After Update Promising a ‘Whole New World’ Goes Live

February 15, 2024 The Daily Hodl

Fireblocks, UniPass Wallet tackle Ethereum ERC-4337 account abstraction vulnerability

October 27, 2023 Coin Telegraph

account abstraction

Fireblocks assists smart contract wallet UniPass to address ERC-4337 account abstraction vulnerability.

Cryptocurrency infrastructure firm Fireblocks has identified and assisted in tackling what it describes as the first account abstraction vulnerability within the Ethereum ecosystem.

An announcement on Oct. 26 unpacked the discovery of an ERC-4337 account abstraction vulnerability in the smart contract wallet UniPass. The two firms worked together to address the vulnerability, which was reportedly found in hundreds of mainnet wallets during a ‘whitehat’ hacking operation.

According to Fireblocks, the vulnerability would allow a potential attacker to carry out a full account takeover of UniPass wallet by manipulating Ethereum's account abstraction process.

As per Ethereum’s developer documentation on ERC-4337, account abstraction allows for a shift in the way transactions and smart contracts are processed by the blockchain to provide flexibility and efficiency.

Conventional Ethereum transactions involve two types of accounts, externally owned accounts (EOAs) and contract accounts. EOAs are controlled by private keys and can initiate transactions, while contract accounts are controlled by the code of a smart contract. When an EOA sends a transaction to a contract account, it triggers the execution of the contract's code.

Account abstraction introduces the idea of a meta-transaction or more generalized abstracted accounts. Abstracted accounts are not tied to a specific private key and are able to initiate transactions and interact with smart contracts just like an EOA.

As Fireblocks explains, when an ERC-4337-compliant account executes an action, it relies on the Entrypoint contract to make sure only signed transactions get executed. These accounts typically trust an audited single EntryPoint contract to ensure that it receives permission from the account before executing a command:

“It’s important to note that a malicious or buggy entrypoint could, in theory, skip the call to “validateUserOp” and just call the execution function directly, as the only restriction it has is that it’s called from the trusted EntryPoint.”

According to Fireblocks, the vulnerability allowed an attacker to gain control of UniPass wallets by replacing the trusted EntryPoint of the wallet. Once the account takeover was complete, an attacker would be able to access the wallet and drain its funds.

Several hundred users that had the ERC-4337 module activated in their wallets were vulnerable to the attack which could be performed by any actor on the blockchain. The wallets in question only held small amounts of funds and the issue has been mitigated at an early stage.

Having ascertained that the vulnerability could be exploited, Fireblocks’ research team managed to carry out a whitehat operation to patch the existing vulnerabilities. This involved actually exploiting the vulnerability:

“We shared this idea with the UniPass team, who took it upon themselves to implement and run the whitehat operation.”

Ethereum co-founder Vitalik Buterin previously outlined challenges in expediting the proliferation of account abstraction functionality, which includes the need for an Ethereum Improvement Proposal (EIP) to upgrade EOAs into smart contracts and ensuring the protocol works on layer-2 solutions.

Magazine: Ethereum restaking: Blockchain innovation or dangerous house of cards?

Account abstraction will drive a billion users from Asia to Web3: ConsenSys exec

July 5, 2023 Coin Telegraph

account abstraction

In addition to “smart accounts” Ethereum adoption will be boosted by Web3 gaming along with zkEVM scaling and security, says Laura Shi.

Account abstraction, also known as “smart accounts” could eventually onboard a billion users from the Asia region to Web3, according to an executive at Ethereum software solutions provider ConsenSys.

Speaking to Cointelegraph, the director of strategic initiatives at ConsenSys, Laura Shi, noted that the Ethereum and Web3 ecosystem has seen a strong expansion in Asia this year.

“More dApps are improving UX for the Asian market, including introducing Asian language support,” she said.

Shi added this expansion is primarily being driven by the introduction of zero knowledge Ethereum Virtual Machine (zkEVM) rollups and the mass adoption of Optimistic rollups.

The two rollups are layer-2 scaling solutions with zkEVM offering developers security, scaling and direct compatibility with Ethereum smart contracts.

Shi believes the development of account abstraction, which offers greater programmable functionality and more “bank-like” features than a regular crypto wallet, would increase adoption in the region.

“The development of account abstraction will facilitate the onboarding of billion-level users in APAC to Web3”

Account abstraction was proposed by Vitalik Buterin and other developers in EIP-4337 to “completely avoid consensus-layer protocol changes, instead relying on higher-layer infrastructure,” in September 2021. However, the concept goes much further back in Ethereum’s timeline.

According to the 2022 Chainalysis Global Crypto Adoption Index, the top two crypto-adopting countries in the world were in Asia — Vietnam and the Philippines. Thailand, China and India were in the top 10 despite anti-crypto sentiments from their respective governments.

Shi believes mass adoption in Asia is also being driven by social gaming and Web3 gaming, citing South Korea and China as examples.

“South Korea's gaming publishers are continuously focusing on Web3 RPG game publishing, attempting to optimize the sustainability of the on-chain economic model,” said Shi.

“Meanwhile, the Chinese-speaking developer ecosystem is focusing on onboarding Web2 users to Web3 gaming through adopting account abstraction solutions.”

Both use cases will rely heavily on zkEVM roll ups and account abstraction development, she added.

“From the use-case perspective, we see Web3 social and gaming content has the largest potential in the coming years. It is powered by [a] zkEVM rollup solution and [an] account abstraction solution that enables gas fee subsidy and social recovery.”

Asked whether the current U.S. industry crackdown could be driving Ethereum and Web3 ecosystem growth in Asia, Shi said she didn’t see any correlation.

“So far we have not observed any direct correlation between these and the regulatory dynamics in the United States.”

The pivot to Asia has been a hot topic recently as U.S. crypto and Web3 companies seek friendlier jurisdictions in the Far East.

However, the Ethereum ecosystem in Asia appears to be doing fine on its own without the catalyst of Uncle Sam’s war on crypto.

Magazine: Crypto City: Guide to Osaka, Japan’s second-biggest city

Ethereum ERC-4337 ‘bundlers’ — How hard is joining the network?

April 4, 2023 Coin Telegraph

4337

Ethereum’s new account abstraction features make crypto more user-friendly, but how hard is it to join the new network?

A new decentralized layer has been added on top of Ethereum to make smart accounts possible with the introduction of ERC-4337 and account abstraction — but infrastructure providers suggest it may be tricky to participate profitably right now.

ERC-4337, commonly called “smart accounts” or “account abstraction” was deployed on the Ethereum mainnet on March 1. “Smart accounts” are essentially a supercharged version of an Ethereum wallet. Although smart contract wallets already exist, they rely on centralized components. ERC-4337 changes that with a distributed network of “Bundlers” and “Paymasters.”

Under the hood, there are a few subtle but significant changes — namely the addition of the “User Intent Layer” — explained Matt Cutler, co-founder and CEO of Blocknative, a core Ethereum infrastructure provider.

According to Cutler, an Ethereum transaction today involves several discrete steps.

*A model explaining the current Ethereum transaction flow. Source: Blocknative*

A user accesses their standard externally-owned account (EOA) or private key to compose a signed transaction — for example, transferring a nonfungible token (NFT) to another user.

This transaction is then sent to the public mempool — which could be described as a shared queue for transactions — to be plucked out by a “Builder” who organizes it into a “profitable block.” From there the block is proposed to a Validator who ultimately proposes and publishes it on-chain, completing the transaction.

Under ERC-4337, the new “User Intent Layer” is introduced before the current EOA step.

*A mental model explaining the new Ethereum transaction flow with ERC-4337. Source: Blocknative*

This additional layer allows a user to initiate more complex transactions in a single step. To make this possible, ERC-4337 introduces an “Alternative Mempool” and a network of transaction Bundlers, and along with it — a new way to earn fees.

Becoming a undler

A Bundler is a node that does a very similar job to the block “Builder.” Instead of organizing signed transactions from the public mempool to assemble a profitable block, a Bundler grabs User Operations, or userOps, from the Alt-Mempool to create the most profitable bundle which is signed and submitted to the network as a single transaction. This is all part of the newly added layer that makes smart accounts possible.

Bundlers get compensated via userOp gas fees for providing their much-needed service.

Will Account abstraction bring a billion people to crypto?

NO. Solving a problem that billions of people have will bring a billion people to crypto.

Account abstraction enables the distribution of the solution.
— John Rising (@johnrising_) March 24, 2023

While anyone can be a Bundler in theory, in reality, being a successful one might be another story, warned Cutler.

Like Builders, Bundlers are “specialized actors” made up of “relatively sophisticated development teams operating substantial computational, storage, and networking infrastructure,” he said.

“ERC-4337 is trustless and permissionless. So if you're technically adept, by all means, you can stand up and operate your own Bundler. The challenge is Bundling is a competitive market. So you will be competing against relatively sophisticated teams that are investing heavily into being a competitive Bundler,” he said.

“Bundlers are not the sort of tooling that you just stand up, forget about and it starts printing you money. We expect Bundling to be substantially more technically sophisticated than being a validator, for instance.”

Cutler noted there are already a number of open-source bundler code repositories.

There is an ongoing debate about whether ERC-4337 will have an impact on Ethereum gas fees, particularly given the increase in transaction complexity associated with the introduction of the new User Intent layer.

ERC-4337 and AA are all over the news, but with that comes a lot of misinformation. Here are some common misconceptions (and valid concerns): https://t.co/MkVoOvR44y
— ZeroDev (@zerodev_app) March 9, 2023

“While it is still too early to tell, my current expectation is that, on average, gas fees will not change all that much. If ERC-4337 has an impact, it's going to be pretty slight — either up or down. We do not expect transaction fees to suddenly go to zero, or suddenly become 100x more expensive,” said Cutler.

Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide

Ethereum ERC-4337 ‘smart accounts’ launch at WalletCon: Account abstraction is here

March 1, 2023 Coin Telegraph

account abstraction

The long awaited account abstraction standard was believed to be many months off, but will be launched in a surprise announcement at WalletCon in Denver.

Smart accounts, enabled by the launch of the new ERC-4337 standard, are now available on Ethereum and are expected to help mainstream adoption by finally making crypto user friendly.

Ethereum Foundation security researcher Yoav Weiss will make the surprise announcement at WalletCon in Denver today that the core contracts for ERC-4337 — known by blockchain developers as “account abstraction” — have passed an audit by Open Zeppelin and will be made available on every Ethereum Virtual Machine (EVM) compatible network including Polygon, Optimism, Arbitrum, BNB Smart Chain, Avalanche and Gnosis Chain.

New users will no longer need to learn about complicated seed phrases or the technical process of setting up a wallet to onboard into the decentralized world of crypto, Weiss told Cointelegraph.

“The next billion users are not going to write 12 words on a piece of paper. Normal people don’t do that,” he said. “We need to give them better usability, they shouldn’t need to think about cryptographic keys.”

"EIP-4337 is going to take a year or whatever" - @sashaaldrick of @gelatonetwork

You're in for a big surprise
— John Rising (@johnrising_) February 25, 2023

Account abstraction also enables the unique cryptographic keys used for cryptocurrency to be stored on standard smartphone security modules, upgrading them to de facto hardware wallets. However the screen remains a security issue compared with traditional hardware wallets and gas costs could be prohibitive on mainnet initially — although other EVM chains and Layer 2s have low enough fees to make it viable.

It also enables the use of two-factor authentication; signing transactions on your phone using a fingerprint or face-scan; the setting of monthly spending limits on an account; and the use of session keys to play blockchain games without constantly having to approve transactions.

Users who lose their phone or device can use time-locked social recovery of their account via a group of trusted friends or even a commercial service. Weiss said:

“It gives you the same features a bank would without having to trust a bank.”

The standard has been in development for two years with the team funded via grants from the Ethereum Foundation. While similar functionality is available on smart contract wallets from Argent and Gnosis, these solutions require centralized components called relays to pay gas fees whereas ERC-4337 decentralizes the entire system.

Weiss was one of the lead authors of Etherum Improvement Proposal (EIP) 4337 alongside Ethereum co-founder Vitalik Buterin and five others. He said Buterin had first posted about the concept nine years ago "before Ethereum even launched, it has taken us this long to get here."

There have been numerous proposals to enable account abstraction prior to this but all required a difficult hard fork of Ethereum, and took a back seat to more pressing upgrades like the Merge. ERC-4337 is an alternate approach that makes use of decentralized infrastructure called “bundlers.”

Account abstraction is extremely powerful.

Here are a few of the things you can do to make the most of it: pic.twitter.com/jWavGLzBhE
— John Rising (@johnrising_) February 25, 2023

In very simple terms, the process works like this: a smart wallet signs a “user operation” which gets fired to a special mempool, which is basically just an organized queue of transactions (albeit a different queue than Ethereum’s normal mempool).

Bundlers are like miners or validators, taking user operations from the mempool and delivering the desired result back to the wallet. The bundlers also pay for the gas (transaction fee) required and are compensated by the user’s contract account or by a third party known as a “paymaster.” This could be a decentralized application (DApp) or it could be a wallet provider.

The first production grade bundler to be deployed on mainnet is from wallet and infrastructure provider Stackup, but more will be available soon. “It’s permissionless; anyone can run a bundler,” says Weiss. “It’s not censorable.”

Smart accounts, or account abstraction, is shaping up as a key theme for crypto in 2023. The technology has already been incorporated natively into zk-Rollup layer 2 solutions from StarkWare and zkSync and Visa designed an automated crypto bill payment system that makes use of it.

John Rising, the co-founder of Stackup, tweeted this week that an added advantage of account abstraction is that projects can use plain and easily understood language to onboard new users rather than arcane technical terms.

“Because the contract handles the esoteric blockchain stuff, you don’t have to use words like ‘gas’ or ‘nonce’ to accurately describe what’s happening. This is a huge win for crypto adoption and security.”

account abstraction

Becoming a undler

Share this video