ERC-4337: The Game Changer for Token Security?

Blessing Alabi

Ethereum, the second-largest cryptocurrency network, has revolutionized the way we think about digital assets. Its native token, Ether (ETH), not only serves as a means of payment like other cryptocurrencies like Bitcoin (BTC) and Litecoin (LTC) but also enables the development of smart contracts and decentralized applications (DApps). Additionally, it allows for the issuance of tokens that represent a wide range of assets, such as cryptocurrencies and non-fungible tokens (NFTs).

One of the key features of Ethereum is its token standards, also known as Ethereum Request for Comment (ERC). These ERC standards provide a set of guidelines and requirements that tokens on the Ethereum network must adhere to. The most popular standard on Ethereum is ERC-20, which defines procedures for issuing new fungible tokens on the Ethereum protocol. Another popular model is ERC-721, a token standard for non-fungible tokens, which allows developers to create and manage NFTs on the Ethereum network.

There are other ERC token standards on Ethereum such as ERC-777, ERC-2222, ERC-1155, and more. However, for a new ERC token standard to be widely recognized and accepted, it must be proposed and authorized through on-chain governance in the global Ethereum community.
Proposed standards are initially submitted as Ethereum Improvement Proposals (EIPs) on the Ethereum protocol. The community discusses and evaluates the proposals, and some EIPs may be rejected, while others are accepted as new ERC token standards.

What is ERC-4337?

Now that we have a basic understanding of various token standards on the Ethereum network, let’s take a closer look at the ERC-4337 standard.
First off, let’s start with a basic description of what this standard is really about. ERC-4337 is the latest ERC standard deployed on Ethereum, aimed at improving the token security on the network through a phenomenon known as “account abstraction.” Originally tagged EIP-4337 when initially proposed in 2021, it was recently authorized to become ERC-4337 in March 2023. This new standard has the potential to revolutionize crypto wallets and provide enhanced token security on Ethereum and other EVM-compatible chains like Polygon, Avalanche, Optimism, Binance Smart Chain, Arbitrum, and more.

At its core, ERC-4337 proposes a novel approach for managing transactions on the Ethereum network that separates the transaction’s execution from its validation using smart wallets. This approach, referred to as account abstraction, allows for more flexibility in how transactions are validated, enabling the implementation of new and more advanced security mechanisms. For example, account abstraction makes it possible to implement multi-signature authentication for transactions, where multiple parties must sign off on a transaction before it can be executed. This lowers the possibility of a single point of failure, which can significantly increase the security of transactions.

Account abstraction also provides other features such as two-factor authentication, signing transactions on your phone, setting monthly spending limits on an account, approving multiple transactions at once, setting up smart accounts to automatically pay bills and subscriptions, and much more, which we will discuss in much detail later on.

How Does ERC-4337 Work?

In the Ethereum ecosystem, the idea of account abstraction is not entirely a new concept as there have been efforts to implement it a long time ago. There have been a number of EIPs suggested, but they would have required a hard fork, which might not have received enough support considering that it would draw focus away from other crucial upgrades like the merge. However, the idea of a hard fork to upgrade all existing user accounts to smart accounts has not been completely ruled out, as Ethereum Foundation security researcher Youv Weiss explains that a hard fork in the future to enable the upgrading of all accounts will inevitably occur, but "it'll take a long time to get there."

ERC-4337 works by creating smart wallets that allow users to execute transactions without exposing their private keys. These smart wallets are smart contracts that store tokens and execute transactions. When a user decides to transfer tokens, they invoke the smart contract, which generates and signs a new transaction using the user's private key.

Now comes the interesting part. In the Ethereum ecosystem, there is a decentralized infrastructure known as “bundlers” that handles transaction gas fees. When a user sends a transaction, it is added to the mempool, which is an organized queue of pending transactions awaiting validation.

Bundlers work by aggregating multiple mempool transactions into a single block, which they subsequently submit to the network for approval. This technique not only lowers users' gas fees by allowing them to pool their resources, but it also helps to optimize network resource consumption by minimizing the number of individual transactions that must be handled.

The bundlers are later compensated for the gas fees by the user's contract account or by a third party known as a "paymaster." This might be a decentralized app or a wallet provider.

What are the benefits of ERC-4337?

Here are some benefits of ERC-4337 in relation to different use cases:

Accelerates Crypto Adoption

One of the biggest challenges to crypto adoption on a global scale is the stress involved in the wallet creation process. Imagine explaining to no-coiners that they would need to write down their seed phrases in order to log in or recover their account. This might sound tasking compared to existing centralized systems that have better interfaces and more features for their users.

Account abstraction aims to usher in a new wave of features that allows new users to onboard into the decentralized world of crypto without having to worry about complicated seed phrases or learning the technical process of setting up a wallet. They can easily create accounts using their fingerprints or face scanners, which are common in most modern smartphones.

Smartphone as a Hardware Wallet

ERC-4337 also provides enhanced security to users' assets by incorporating a hardware wallet embedded in the phone’s hardware security module, making mobile wallets ‘almost’ as safe as hardware wallets.

While this is a breakthrough in asset protection, it also poses a potential security risk. For instance, larger screens on smartphones may be vulnerable to hacking, which could trick users into authorizing transactions without their consent. Nevertheless, the risk can be minimized as smart accounts provide users the option to impose restrictions requiring two-factor authentication for higher-value transactions or to set a daily, monthly, or annual spending cap from the account.

Account Recovery

Account abstraction introduces the concept of multi-signature authentication when recovering accounts without using seed phrases. This is a method known as social recovery, where a group of trusted companions can help recover the account without putting the funds at risk.

Zero-Gas Fee Transactions

DApps developers can really benefit from this breakthrough, especially when it comes to testing smart contracts, which can incur excess gas fees. With smart contracts like Paymaster, users can conduct transactions gas-free for a set amount of time using smart contracts. Paymasters decide whether or not a transaction is worth paying for.

Crypto Subscription

Finally, ERC-4337 can help the cryptocurrency subscription model by enabling the development of more adaptable and secure tokens for subscription payments. Account abstraction makes it possible to design tokens that represent various subscription plans without disclosing the precise Ethereum addresses linked to each one. Users may find it simpler to manage their subscriptions as a result, and it may also make it possible for subscription providers to develop more sophisticated payment systems.

Final Words

The ERC-4337 standard is a huge step toward the widespread adoption of cryptocurrency. With massive improvements to the user interface and simplifying complex concepts like seed phrases, private keys, and public keys, we can envision a new wave of users transitioning into the crypto space.

ERC-4337 also improves security and flexibility by incorporating concepts like smartphone hardware wallets and multi-signature authentication into its system. Other use cases such as account recovery, bundled approvals in blockchain gaming, and crypto subscriptions are made possible by this standard.