research EIP-4337 (account abstraction)

[Keyrxng]

Research task for implementing AA

Current available options

• research EIP-4337 (account abstraction) #219 (comment)

High level overview of changes

...

Breaking Changes introduced

• Viem will definitely be a requirement

additional context

• Implement eip-6963 (multi injected provider discovery) #218 (comment)

I really dislike wallet connect, or any of the existing UX. I think modern web3/wallet UX is horrible. I would like to implement something different.

To be honest, in regards to innovation, I would prefer to figure a way for a user without a web3 enabled wallet to be able to claim. For example, generating an in-browser wallet based on some webauth API etc. They can use on-device biometrics as a type of seed key. There's even a way to share the biometric seed across all iCloud connected devices (I've done with with logging into Cloudflare, GitHub, from iPhone and Mac.

Originally posted by @0x4007 in #218 (comment)

[Keyrxng]

I think of those below the top three should be considered for use. Considering pricing I'd expect Alchemy SDK to be the winner. Not everything that we'd need is built into Alchemy SDK but either has support or integrations for it (such as passkeys). Will know what's going to break after I dig deeper into the implementation as well as what the new user flow will look like

ZeroDev SDK

• URL: ZeroDevo SDK
• Notes: Really promising, has passkey handling built-in, session keys, lots of auth integrations and plugins
• Pricing: Pay as you go, $0.01 per userOp and gas sponsor info (which doesn't apply), so not a lot to go on. Growth: $69 10k userOps p/m, passkey support

Alchemy AccountKit

• URL: Alchemy AccountKit
• Notes: Considered the most trusted and the most robust, modular, up-to-date, and ideal. Has been audited by Spearbit and Quantstamp.
• Pricing: Free tier includes 300 million compute units per month, webhooks, NFT API, embedded accounts, and access to all main and test RPCs. Although the expectation is that only a small portion of the embedded accounts SDK will be used.

Safe Core SDK

• URL: Safe Core SDK
• Notes: Gnosis based, reliable. However, it's not as robust and up-to-date as the Alchemy AccountKit SDK.

ThirdWeb Embedded Wallet

• URL: ThirdWeb Embedded Wallet
• Notes: Smart contracts are bloated and super-inefficient, which likely extends to their AA implementation.
• Pricing: Offers 1,000 monthly active wallets with a $0.02 increase after that.

Etherspot

• URL: Etherspot.fyi
• Notes: The SDK initializes with an Externally Owned Account (EOA), which is limiting or adds some sort of "we own your wallet" vibes. It has good features but is outshone by the Alchemy SDK.
• Pricing: Free tier includes 350,000 monthly API requests, 17,500 user operations, and 20 requests per second.

AARC SDK

• URL: AARC SDK
• Notes: Offers promising features, the most interesting being that it supports custom contract interactions using/during Permit2 for direct swaps and bridging.

Biconomy Client SDK

• URL: Biconomy Client SDK
• Notes: Lacks popular support and is not as optimal as the Alchemy AccountKit SDK.

Dynamic Embedded Wallets

• URL: Dynamic Embedded Wallets
• Notes: Features transaction bundling, account recovery, and session keys allowing for signing on behalf of a user. integrates with most AA provider smart accounts (zerodev, alchemy, biconomy)
• Pricing: $99 p/m, first 2k MAUs free and $0.05 beyond that

[Keyrxng]

Requirements

• We don’t need: Gas sponsorship
• We might use: Transaction bundling
• We do need: Passkey, account recovery, session keys

Options

Modular Account

• Features: Implements ERC-4337 & EIP-6900 making it fully customizable with plugins. Offers existing plugins such as multi-owner and session keys. It's more complex but maintains security, supported by two audits.

Light Account

• Features: Implements only ERC-4337 and includes message signing, batched transactions, ownership transfers. This option is simpler compared to the Modular Account but can be upgraded if this is chosen and then a move to modular is decided.

Alchemy Signer

• Requirements: Requires an Alchemy account and API key, customizable signup email.
• Passkey Signup: Allows passkey signup by passing type: "passkey" and createNew: true as authentication to signer.authenticate().
• Passkey Signin: Allows passkey sign-in by passing type: "passkey" and createNew: false.
• Session Storage: Uses localStorage cached for 15 minutes.
• Account Export: Has an exportPrivateKey() method to allow users to 'leave' the app.

UI Changes?

• Custom signers are available for direct MetaMask connections, so the UI might need to present two options for users preferring the traditional MetaMask approach.
• Login with GitHub: If no provider is detected, hide claim buttons until logged in?
• No Login, Just Claim with MetaMask: If a provider is detected, show claim buttons?

[0x4007]

Perhaps we can eventually host a node and implement our own RPC. We should get great performance if it's private and only Ubiquity apps use it.