Account Abstraction: not an upgrade but a downgrade to UX and security
Account Abstraction (AA) is going to solve UX, security, and allow innovation — this is what web3 investors and even Vitalik, one of crypto’s brightest minds, are saying. Yet this is frankly so wrong. Account abstraction results in poor UX. Nevertheless, AA has substantial benefits for privacy and decentralization.
Almost all promised “super feature” unlocks claimed to be uniquely enabled by AA are untrue. While I am confident AA will solve some problems in Web3, the intent of this article is to convince people that AA’s predominant narrative is not only flawed but opposite from the truth of the situation.
AA Is All The Buzz
Many VCs I know tend to have funds allocated for exciting new account abstraction tech. I see why; wallets like metamask can make hundreds of millions of dollars annually, and improving UX through AA can 100x the market size. Plus Vitalik, the man who exhales recipes to innovative startups with every blog post he writes, is behind it. It’s a compelling narrative. But I think when you do the homework, the narrative disappears.
Account Abstraction Brings Great UX?
EIP 4337 brought AA to Ethereum but (currently) leaves a wallet only compatible with Ethereum, which is undesirable from a UX standpoint. Can you imagine how high gas fees might look when an AA wallet onboards the “next billion users?” But you may say this is an unfair critique since more chains than solely Ethereum will support it. Well, ask yourself: what happens when they support more chains and you need to complete a multichain action, such as changing your settings for spending limits? You want that to update on all chains. So you have to pay gas to each chain, including Ethereum if you plan to use Ethereum from the wallet. If the “next billion users” have been onboarded, this fee becomes untenable. Note the alternate mempool and paymasters will likely cause transactions to have fees beyond just gas.
But ah, L2s will fix fees! Not so fast — while this is true under normal usage, it’s not true when you post the same exact transaction to every L2. Then adding an L2 doesn’t even help with scaling because transactions are just duplicated onto it. When you change your settings or recover an AA wallet, a transaction would likely have to be sent to every L2 your wallet interacts with. You better hope they all confirm, otherwise you will get a UX nightmare after waiting a long time for every transaction to go through. Could the average user deal with an error in confirming on all chains except Arbitrum? And it applies to far more than changing spending limits. It applies to
- Spending limits
- Social recovery: adding, removing, or updating social recovery contacts
- Social recovery: recovering the wallet
- 2FA: Adding, removing, updating, 2FA
- 2FA: Enabling 2FA
- Changing signature schemes
- Misc. settings that require being sent to multiple chains
Can AA improve UX if we just limit users to one cheap L2? If you’re willing to give up multichain support and therefore some UX, there’s still another issue: finality, which affects AA wallets even on one chain. One chain is better than multichain — with multi chain smart contract wallets, you’d have to wait and hope hard that every transaction is confirmed — if they aren’t I can’t imagine what UX would be. But it won’t be pretty. Whereas on just one chain, it’s far smoother. However, it’s a significant delay, and AA was supposed to improve good UI / UX. Regular wallets have no delays.
AA is less secure than MPC
We’ve covered the bad parts of AA UX — what about security? You may have heard AA enables alternate authentication methods like single-sign-on and biometric authentication! Nope. It supports them, but doesn’t enable them…they were already enabled! Web3Auth, ZenGo, DFNS, and more have done so via MPC. So AA does not add alternate authentication methods; it only does existing ones.
But Vitalik said AA gives the ability to revoke authentication methods, which neither EOAs nor MPC can do?! No, MPC can; shockingly, Vitalik was wrong about something. However, AA’s revocation methods are more easily made censorship resistant. Is it safe to say AA wallets are more secure because revocation cannot be censored? No, because in order to gain this robust revocation of AA wallets, you need to post the authentication methods on-chain.
This gives attackers information about the authentication methods! To mitigate this, you could use ZK but you’d have to do non-native field arithmetic for common authentication types which would render proofs far too slow to be practical on consumer hardware. To retain privacy and censorship resistance, you need to run them on consumer devices, so there’s no currently effective solution for hiding these on-chain.
On the notion of security, which AA is supposed to improve, AA is by definition less secure than MPC. This is because there’s always a single point of failure: the smart contract itself. No matter how many authentication factors an AA wallet has, its security rests on one smart contract on a public blockchain. Smart contracts on public blockchains, especially using EVM or EVM-adjacent blockchains, are notoriously error-prone and can often be exploited by anybody. You could say MPC wallets have a single point of failure: the private key or the MPC protocol itself. But nobody has the private key, and protocols such as DKLs19 are proven secure with no new assumptions beyond those Ethereum already has. Furthermore, even if an MPC protocol is implemented incorrectly despite being provably secure, it is unlikely to be publicly exploitable. MPC ECDSA has never been clearly exploited (the Liquid hack likely was not an MPC problem). I’d go even further estimate the vast majority of possible MPC ECDSA implementation errors would require an attacker to compromise a node to even exploit. This makes MPC signatures far more difficult to attack than a smart contract wallet that anyone can interact with.
AA has some strengths — just not UX or security
There’s at least one advantage of AA that no wallet, including MPC, can do: social recovery. Social recovery does warrant skepticism. It’s not the solution to onboarding the next billion users to crypto. Few crypto-native people use it, and few crypto-novices seem keen on using it — likely because you must understand the concept of guardians and elect guardians who *already* use crypto. It’s also likely prone to phishing attacks, impersonating a victim to their publicly visible recovery contacts. All that being said, I think social recovery is an novel architecture which can be improved upon to fix its current challenges…
No but really
More generally than social recovery, AA does add some flexibility — I wouldn’t be surprised if there are other innovations you can’t do with EOAs but only via AA. AA is just a new technology so I haven’t seen many, other than social recovery.
There’s another important advantage of AA wallets with EIP 4337: privacy. You can make an ephemeral address to transact without revealing your identity to a fiat onramp. That will be a boon for privacy. This was possible before. But the paymaster system is more universal and decentralized. Even this has a downside — facilitation of crime, as with all privacy — yet I would say privacy’s benefits to human rights far outweigh its disadvantages.
In conclusion, while AA benefits flexibility and privacy of wallets, its narrative is absurd. It’s not fixing UI or security. Without a doubt, there is innovation happening in the AA space with some very talented builders working on paymasters, social recovery, and other potential features of customizable wallets. So AA is great — it’s just doesn’t do what most people think it does.
