⚠️
Disclaimer: The contents of this report reflect the opinions of the author and are provided for informational purposes only. It is not written with the intent to recommend the purchase or sale of tokens or the use of protocols. Nothing contained in this report is investment advice and should not be construed as such.

1. ERC-4337 and Account Abstraction

While there were a variety of significant developments occurred in the blockchain ecosystem in 2023, one of the standout pieces of news was the release of ERC-4337. At WalletCon in March 2023, the Ethereum Foundation announced the completion of the audit for the ERC-4337 implementation, making it official that Account Abstraction(AA) based on ERC-4337 could now be utilized across all EVM (Ethereum Virtual Machine) chains.

Yoav Weiss announces that the ERC-4337 Entrypoint contract is now live, source: CoinDesk

Nearly a year after the release of ERC-4337, the AA ecosystem has undergone significant changes and developments. This period has seen considerable discussion and progress within the ecosystem, reflecting on the evolving nature of blockchain technology and its applications. This article explores the discussions that took place within the AA ecosystem over the course of 2023 and anticipates potential future changes.

2. What Does ERC-4337 Abstract?

2.1. The History of AA

Before diving in, let's first clarify what AA and ERC-4337 are, and what their purposes entail.

AA refers to a proposal to use smart contract-based wallets to improve Ethereum's UX, a topic that has been under continuous discussion since 2016. The most commonly used wallets today, such as MetaMask, which are Externally Owned Accounts (EOA), have four main disadvantages from a user experience perspective.

  1. Losing or having your private key stolen means you cannot recover ownership of the funds in your account. This leads to both major and minor security incidents every year.
  2. You are required to use a standardized signature mechanism. The current signature algorithm used in Ethereum is ECDSA alone, which not only prevents the use of signature algorithms with various advantages like BLS but also poses a security risk with the advent of quantum computing.
  3. There is a lack of flexibility in paying gas fees. Currently, Ethereum does not allow tokens other than ETH for gas payment, and you must have ETH in your account to send a transaction.
  4. There is also a lack of flexibility in transaction execution. The characteristic of EOA, which can only send one transaction at a time, causes various inconveniences for users. A typical example is the additional transaction required for the approval of ERC20 tokens when using DeFi, etc.

Using smart contracts as accounts can solve most of these problems. Moving from EOA to Contract Accounts (CA) and abstracting the solutions is referred to as Account Abstraction.

The concept was introduced to the Ethereum community by Vitalik Buterin in 2017 through EIP-86. EIP-86 proposed a solution that abstracts transaction signature verification and nonce checks through contract accounts. However, this proposal was not accepted because it required too many changes within the protocol. Subsequent proposals, such as EIP-2938 and EIP-3074, suggested incorporating AA into Ethereum clients through protocol changes, but for similar reasons, none were implemented in Ethereum updates.

2.2. The Advent of ERC-4337

Subsequently, in September 2021, developers from the Ethereum Foundation, including Vitalik Buterin, proposed ERC-4337. Unlike previous EIPs, ERC-4337 emerged with the goal of implementing AA without changing the protocol. To achieve this, ERC-4337 uses a separate off-chain mempool instead of the official Ethereum mempool, and transactions utilize a distinct object called User Operation (UserOp).

ERC-4337 has the following structure.

The structure of ERC-4337, source: ERC-4337 Docs

Users of ERC-4337 wallets sign a UserOp instead of a transaction and send it to the mempool. In this mempool, an entity called a 'Bundler' verifies the validity of UserOps on behalf of the traditional validators, collects various UserOps into a Bundle, and then submits them as a single transaction to Ethereum.

ERC-4337 Entrypoint contract, source: ERC-4337 Official Docs

To ensure consistent calling, ERC-4337 introduces a contract known as the Entrypoint. When a Bundler receives a user's UserOp, it gathers them and sends a call to the Entrypoint contract. The Entrypoint contract then performs verification and execution for each UserOp, and the results are recorded on the blockchain in the form of transactions.

2.3. The Abstraction of ERC-4337

ERC-4337 can enhance the functionality and convenience for Ethereum users through the abstraction of three main areas:

Authentication and Verification

  • ERC-4337 allows for transactions to be authorized using any verification method. This means that, unlike traditional transactions, it is possible to use signature algorithms other than ECDSA.
  • A notable use case is signature aggregation using BLS. BLS is a signature algorithm that utilizes pairing-based elliptic curves to aggregate multiple signatures into a single one. This characteristic of BLS offers the advantage of significantly reducing the resources needed for verification. It is currently used within Ethereum clients to aggregate the signatures of validators verifying blocks, thereby reducing the size of signatures and the time required for verification.

Discussions in ERC-4337 have extensively focused on account models that reduce transaction costs utilizing this feature. Vitalik himself has conducted research showing that using BLS for signature aggregation can compress transaction sizes by approximately 17%, and when combined with other compression techniques, it can reduce the transaction costs of rollups by up to sevenfold.

Transaction size compression with BLS, source: Vitalik Twitter

ERC-4337 supports the use of BLS and has separately implemented methods to handle transactions aggregated within the verification of its official implementation and execution functions.

A second use case involves making the interaction process with blockchain easier by leveraging existing Web2 signature systems. Contract accounts cannot generate signatures on their own and require a separate signer. However, traditional EOA accounts use ECDSA-based private keys exclusively, leading to the inconvenience of users having to manage 12 or 24-word mnemonics.

Using ERC-4337, it is not necessary to manage private keys as before, and tools more familiar to Web2 users can be utilized. A prime example is using an iPhone itself as a wallet.

Apple incorporates a piece of hardware called the Secure Enclave in iPhones, MacBooks, etc. It is isolated from the main processor where applications operate, providing an additional layer of security and safely performing security-related actions like cryptographic signing within. If signing for UserOps is conducted inside the Secure Enclave, it can offer an experience akin to having MetaMask built into the iPhone, while also preventing security incidents like private key theft through hardware-level security.

Currently, the Secure Enclave uses the secp256r1 signature algorithm, and its verification logic can be incorporated into ERC-4337 contract accounts to implement such wallet applications. However, one issue is the high gas cost associated with verifying secp256r1 within the contract. This could be addressed in the future with RIP-7212.

Gas Payment Method

  • AA allows for the gas fee to be paid by another contract, a feature referred to as "paymaster" in ERC-4337. This enables two main benefits:
  • First, accounts no longer need to retain ETH for gas fees. By using a paymaster, users can pay USDC to the paymaster, who then pays the corresponding amount of ETH to the bundler, enabling the use of custom tokens for gas payment.
  • Second, it enables a user experience where the full gas fee is supported by the account. This makes it easier to onboard users into applications who are not familiar with Web3 or the concept of gas fees .

Transaction Execution

  • Unlike EOAs, which can only make one call at a time, contract accounts in ERC-4337 can execute multiple calls at once. The official implementation of ERC-4337 includes an executeBatch function that allows users to execute multiple desired calls in one go. Additionally, bundlers have the discretion to include multiple UserOps in one transaction for execution.

3. Account Abstraction 2023

3.1. AA in 2023 with Statistics

Monthly UserOp count

As of now, there have been approximately 8.92 million UserOps since the release of ERC-4337, showing a steep increase initially. Although about 1 million UserOps occur monthly, this is not considered a high level when compared to Ethereum's daily transaction count of approximately 1 million. This suggests that the adoption of AA and ERC-4337 is still limited, indicating potential issues or disadvantages with ERC-4337.

Number of UserOps with and without a Paymaster

Most UserOps involve gas fees being subsidized through a paymaster or paying gas fees with tokens other than ETH. Given that about 96.5% of all UserOps to date have involved a paymaster, it can be considered that ERC-4337 is successfully achieving its goal of abstracting the method of gas payment.

Number of UserOps per chain
Number of ERC-4337 accounts deployed per chain

The chain with the highest number of UserOp occurrences and contract account deployments is Polygon. Compared to Arbitrum or Optimism, Polygon has relatively lower gas fees, which can be attributed to a higher number of apps aiming to build a better UX on this basis. This ties into the gas fee issue of ERC-4337 that will be discussed in the following article.

3.2. Key Infrastructure Builders

Companies building infrastructure based on ERC-4337 are primarily conducting their business by providing Bundlers, wallet contracts, or SDKs.

Number of UserOp execution per Bundler
Number of contract wallet deployments per wallet provider

Numerous companies and protocols are in the process of building, but among them, some stand out. As illustrated, approximately 83.4% of UserOps have been processed by Pimlico, Biconomy, and Alchemy, and about 87.2% of contract wallets have been deployed using the SDKs of ZeroDev and Biconomy.

This article will focus on introducing these four companies that are responsible for handling the majority of UserOps.

Pimlico

  • Founded last year, Pimlico is an actively engaged startup within the ERC-4337 ecosystem. Pimlico operates a Bundler named Alto, which is utilized by various contract wallets and apps including ZeroDev, thirdweb, CyberConnect, and Safe. This positions Alto as the most used Bundler in the ERC-4337 ecosystem, handling 51.5% of all UserOps to date.
  • Moreover, Pimlico contributes to the ERC-4337 ecosystem in various ways. By introducing permissionless.js, they have made the integration of contract wallets easier. In addition, by building infrastructure to support bundle compression, they are reducing the costs associated with ERC-4337. Pimlico is making several significant attempts to accelerate the adoption of contract wallets.

Biconomy

  • Biconomy is a company that has been researching relayer infrastructure for meta transactions and has focused on building infrastructure for AA since its release. Biconomy currently offers an all-in-one SDK that includes contract wallets, Bundlers, and Paymasters, facilitating the easy integration of contract wallets into dApps. Collaborating with applications like FanTV and CapX, Biconomy has executed over 2.83 million UserOps.

Alchemy

  • Alchemy is a company that has been providing blockchain node RPC services and has continuously been engaged in development and business activities related to ERC-4337. Alchemy currently offers a Rust Bundler called Rundler and provides a contract account SDK known as AccountKit. Additionally, the Alchemy team has proposed ERC-6900, aiming to establish standards for contract accounts and increase account reusability.

ZeroDev

  • ZeroDev is a startup engaged in the wallet provider business offering contract accounts. ZeroDev provides an optimized contract account called Kernel, and as seen in the illustration below, it is building the most gas-efficient wallet among the existing ERC-4337 accounts at the production level.
  • ZeroDev provides accounts to entities like CyberConnect and has been responsible for the highest number of contract account deployments among ERC-4337 compatible wallets to date. Furthermore, ZeroDev has recently adopted ERC-7579, as will be explained in the next article, to form a modular contract account structure and provide a more convenient UX.
Gas fee test results for current contract wallets, source: aa-benchmark GitHub

3.3. Chains with Built-in Account Abstraction

Aside from the ERC-4337 standard, there are chains that inherently support features like contract wallets and paymasters within their protocol. Currently, zkSync and Starknet are adopting this approach.

3.3.1. zkSync

From the launch of Era in March 2023, zkSync has natively incorporated AA, supporting contract accounts by default, as well as functionalities similar to paymasters.

However, a downside is that zkSync's AA is not compatible with ERC-4337. Consequently, most major wallet providers supporting ERC-4337 (such as ZeroDev and Biconomy) do not yet support the zkSync chain, and adoption has not been rapid.

Nevertheless, as the zkSync ecosystem grows, AA within the zkSync network is increasingly being utilized. Recent trends in zkSync show a surge in the use of AA for the following reasons.

Number of zkSync transactions through Paymaster

In zkSync, SyncSwap, the DEX with the highest TVL, launched a Paymaster feature in December last year through a collaboration with HoldStation, a wallet provider. As a result, SyncSwap users can now pay gas fees using USDC or HOLD (HoldStation's governance token).

The launch of SyncSwap Paymaster, source: SyncSwap Twitter

Additionally, although not yet launched, there is a project in zkSync called Clave. Clave aims to provide an exceptionally easy wallet user experience on iPhones through Apple's Secure Enclave, as mentioned earlier. For the universal use of this application, it is necessary to solve the issue that verifying the secp256r1 signature algorithm used in the Secure Enclave consumes too much gas. Specifically, the secp256r1 verification contract created by Obvious wallet requires about 43% additional gas (from 330,000 to 590,000 gas) just for verification, as illustrated below.

Obvious wallet’s gas fee, source: Polygon Mumbai Scan

The Clave team proposed that instead of processing the verification logic in a regular contract, it should be handled at the protocol level to reduce costs. They suggested through EIP-7212 to make the verification of secp256r1 a precompiled contract.

Precompiled contracts are contracts predefined within Ethereum nodes, which perform complex logic executions off-chain (inside the node client) rather than on the EVM, thereby reducing the gas cost for execution. A notable example for precompiled contract is the ECRECOVER function used for verifying ECDSA signatures of EOAs.

Currently, this proposal has been transferred from an EIP to a RIP (Rollup Improvement Proposal), with discussions underway to implement it at the rollup level. If this precompiled contract is implemented in rollup networks, including zkSync, it is anticipated that wallet applications that rely on strong hardware security while offering convenience could emerge.

3.3.2. Starknet

Starknet, along with zkSync, has implemented a native account abstraction. However, Starknet is not compatible with EVM and instead of Solidity it uses Cairo, a language specialized for ZK, which has resulted in limited adoption of AA.

Nevertheless, there are wallets and applications being built with AA on Starknet. A notable example is Argent, a contract wallet that has been developed since 2020 and is now available on Starknet. Argent offers a feature called Argent Shield, which requires 2FA to be completed before transactions can be sent. This means that even if the seed phrase is stolen, as long as the email account used for 2FA is not compromised, hackers would not be able to send transactions.

3.4. What Applications Are Using Account Abstraction?

Protocols and the number of users and UserOps using ERC-4337, source: BundleBear

3.4.1. DeFi & Payment

SyncSwap

  • As mentioned earlier, SyncSwap, through its collaboration with HoldStation, provides a paymaster feature, allowing users to pay gas fees with tokens like USDC. This enables users to escape the inconvenient UX of having to keep ETH in their wallets.

Visa

  • Since last year, Visa has shown interest in adopting AA to activate payment solutions in the cryptocurrency market. Visa deployed two types of paymasters on Ethereum's Goerli testnet and developed a monthly payment model utilizing Starknet's AA features. Although these functionalities have not yet reached the production stage, Visa is pursuing innovation in the payment market by leveraging AA.

Circle

  • Circle, the issuer of the most widely used stablecoin USDC, also supports AA. Circle's Programmable Wallet provides an SDK that enables the creation of wallets compatible with ERC-4337. Accounts created within the Programmable Wallet currently support features like paymasters on the Polygon network.
  • Additionally, Circle has updated USDC to make it easier to use with contract accounts. With the v2.2 upgrade on November 9 last year, Circle updated USDC to support EIP-1271 signatures. EIP-1271 is a standard for verifying signatures when the account is a contract, including a function that verifies whether a signature made by an EOA is valid for contract accounts that cannot generate their own signatures. By supporting this method within USDC, it facilitates easier interaction between contract wallets and USDC.
Circle’s Programmable Wallet, source: The Crypto Times

Grindery

  • Grindery is a contract wallet that utilizes Telegram, currently providing a Telegram payment solution for applications. It features easy account creation via Telegram and gasless transactions through paymasters. The Grindery wallet, based on the Telegram app without requiring separate installation, offers the advantage of easy user bootstrapping. To date, approximately 240,000 users have sent a total of 3.37 million UserOps via the Grindery wallet, with an average of about 14 UserOps sent per account, indicating a relatively high account reuse rate.

3.4.2. Social Apps

CyberConnect

  • Cyberconnect is a Web3 social network service that provides infrastructure enabling users to own their data. With the recent introduction of V3, Cyberconnect created CyberAccount, compatible with ERC-4337, achieving the highest number of users and UserOps among apps using ERC-4337.
  • CyberAccount offers a gas-optimized experience through a partnership with ZeroDev and has built a paymaster in collaboration with stackup / Pimlico. It also allows gas payments with its native token $CYBER highlighting its user-friendly experience.
CyberAccount architecture, source: CyberConnect Docs

FanTV

  • FanTV, which is building a Web3 streaming platform centered around the creator economy, is also leveraging AA to improve UX. Based on Biconomy's technology, FanTV supports gasless transactions for the transfer and trading of IOU tokens, FanCards, etc., through paymasters. With its convenient UX, FanTV was able to generate a total of 1 million UserOps by January.

CapX

  • CapX is an infrastructure project that allows for the pre-distribution of tokens before its launch, enhancing early participation and laying the foundation for growth. Participants in each project's quests can earn IOU token rewards, which can later be exchanged for actual tokens upon their release. CapX implements this through Biconomy's paymaster and social login features, enabling participants to easily create contract accounts on CapX and engage in various activities without the need to fill up on gas fees.
  • CapX maintains a high retention rate because users are continuously motivated to participate in project quests for future rewards. CapX users send an average of about 12.7 UserOps per account, which is among the highest for projects using ERC-4337.

3.4.3. Gaming & Metaverse

ZTX

  • ZTX is a blockchain initiative aimed at bootstrapping the creator economy using the IP of ZEPETO, one of Asia's biggest metaverse projects. In September last year, ZTX enabled ZEPETO users to claim on-chain hoodie NFTs, facilitating easy wallet creation on Arbitrum for users through contract accounts provided by Obi. Although it was a one-time event, resulting in an average of only about 1.02 UserOps per wallet, the event successfully concluded with over 200,000 participants within the period.

Xai

  • Xai, gaining attention as a gaming appchain using Arbitrum Orbit, is another protocol utilizing AA. Enhancing user experience is one of the protocol's objectives, which Xai is achieving by leveraging the SDK from thirdweb.

4. Conclusion

As observed from the statistics provided, it is evident that most applications have adopted AA with paymaster as a key feature. Furthermore, AA is predominantly used in social applications, DeFi, and payments. To date, there hasn't been a game that fully adopted AA and generated noteworthy transactions.

The year 2023 can be seen as the inaugural year for substantial discussions and developments around AA. It can be seen as a positive trend that the adoption and experimentation by various entities across different sectors continue to appear.

Conceptually, using ERC-4337 can significantly improve UX. However, to date, ERC-4337 has not been widely adopted by most apps, nor has any app achieved meaningful user retention with it. This could be attributed to the apps that have adopted ERC-4337 not capturing users' interest, but it's also clear that there are certain drawbacks to ERC-4337 that hinder its adoption. In the following article, we will explore what solutions are being developed to address these issues and how the ERC-4337 and AA ecosystem might evolve in the future.