Redline DAO in-depth research: Why are we optimistic about the future of Web3 wallets?

Original author: Ggg, Redline DAO

This article is original content of Redline DAO and is only for industry learning and communication. It does not constitute any investment advice. If you need to quote, please indicate the source. If you want to reprint, please contact Redline DAO for authorization.

Abstract

-「Not your key, not your coin」, no matter it is a smart contract wallet or a personal account wallet, the private key has absolute control over the wallet. Once the private key is lost, our wallet is completely exposed to risks

-The private key is the basis of the wallet, and the mnemonic is the recovery solution for the private key, which is also the current obstacle to the development of wallets

-The mnemonic-free solution brought by MPC and social recovery is the basis of Mass Adoption

-More possibilities for wallets in the future, expectations for EIP-4337

Main text

In 2010, Ethereum founder Vitalik Buterin had a warlock account in World of Warcraft. One day, Blizzard decided to slash the warlock character and removed the magic damage part of the life siphon spell. He cried himself to sleep, and on that day he realized the horror of centralized servers, so he decided to quit and created the decentralized network Ethereum. In November 2022, the world's largest derivatives exchange FTX was exposed to embezzlement of user funds, and its founder SBF was arrested by the Bahamian police and prepared to be transferred to the United States for trial.

From the warlock player who was inexplicably backstabbed by Blizzard 13 years ago to the FTX victims who are defending their rights today, we are increasingly aware of the importance of the phrase "Not your key, not your coin": Even with third-party audits/regulators, centralized servers can still tamper with and whitewash data at will, while on decentralized networks, the on-chain ledger is transparent and cannot be tampered with. As long as we have the private key to our own account, we have absolute control over our personal assets.

Decentralization is wonderful, but what is the price?

We who live in the blockchain network are the first person in charge of our personal assets. When most users choose an on-chain wallet, the most critical consideration is how much risk and responsibility am I willing to take for my assets? Take traditional financial institutions as an example: - In the eyes of users who pursue security, they want to put their money in banks with complicated account opening procedures but large scale: Big banks have fund security (risk) > Standard and strict account opening procedures (responsibility)

- In the eyes of users who pursue applicability, they only need to put their money in WeChat and Alipay. WeChat and Alipay can conveniently complete P2P transactions, and only require an ID card and a mobile phone number to complete registration, even though WeChat and Alipay are just two listed companies rather than state-backed banking institutions: WeChat's Convenience (Responsibility) > WeChat's Operating Status (Risk)

Back to web3, there are two ways to store assets in web3, custodial wallets and non-custodial wallets. Before that, we need to give a brief introduction to the principles of wallets:

Wallet and Private Key

Account generation is the process of creating a private key. On Ethereum, there are two types of accounts: EOA accounts (External Owned Accounts) and contract accounts (smart contracts deployed on the chain through EOA accounts): 1. Take the EOA account as an example, EOA address is generated by generating a 256-bit random number as the private key, and then the corresponding public key is derived from the private key by the SHA 3 algorithm, and then the address is calculated by keccak-256 (the last 20 bytes of the original hash), and a personal account corresponding to the unique private key is obtained. In this process, the private key will calculate and generate 12 mnemonics, and we can use the mnemonics to re-derive the private key.

Currently, the most mainstream dApp wallets on major main chains are EOA wallets, such as Metamask, Phantom (Solana), BSC Wallet (BSC), Keplr (Cosmos)

2. The smart account is a piece of EVM code deployed on the chain through the EOA account, which can realize different functions. However, unlike the EOA account, the contract account has no private key and cannot be actively executed. It can only be called by the EOA account. For this reason, the ultimate control of the smart contract wallet = the EOA account private key used to deploy the contract. At this level, the smart contract account is also controlled by the private key. As long as the wallet address is a contract, it is a smart contract wallet

Smart contract wallets are divided into multi-signature wallets (Multisig account) and account abstract wallets (Abstract account):

-Multi-signature wallet: As early as 2013, multi-signature wallets have become the first choice of the Fund. This technology was originally developed in the Bitcoin ecosystem. Now there are also excellent multi-signature wallets in Ethereum (such as Gnosis Safe): The Ethereum Foundation uses a 4-of-7 multi-signature wallet (that is, create a smart contract to store funds, and control the contract through 7 EOA accounts. Only when more than 4/7 EOA accounts sign, can the signature be completed) - Account abstraction controls the contract address with a single EOA wallet to achieve the effect of simulating EOA with smart contracts. Popular projects such as Argent/Loopring belong to account abstraction wallets. Apecoin Contract Address 3. After the account is created, we cannot participate in any on-chain activities without the participation of private keys.

According to Professor Liao Xuefeng’s introduction:

In a decentralized network, there is no trust institution like a bank. In order to reach a transaction between two nodes, a mechanism for secure transactions under zero trust must be implemented.

Let’s assume that Xiao Ming and Xiao Hong want to reach a transaction. One way to create a transaction is that Xiao Hong claims that Xiao Ming gave him 10,000 yuan, which is obviously unreliable;

Another way to create a transaction is that Xiao Ming claims that he gave Xiao Hong 10,000 yuan. As long as it can be verified that this statement was indeed made by Xiao Ming, and Xiao Ming really has 10,000 yuan, then the transaction is considered valid:

How to verify the statement made by Xiao Ming?

1. The signature created by the private key allows the verifier to confirm the initiator of the statement: anyone can verify the digital signature and the transfer result through the public key. Since only Xiao Ming who has the private key can initiate this statement, it can be confirmed that this statement was indeed made by Xiao Ming.

2. In the Ethereum network, such transactions include not only P2P transfer transactions, but also calls to smart contracts.

3. So when we use the wallet in daily life, it is equivalent to calling the local private key through the wallet platform to complete the signature on the chain.

Wallet security, threshold and anti-censorship

Everything in the wallet is built around the private key. A wallet is essentially a tool for 1. creating private keys, 2. keeping private keys, 3. using private keys, 4. backing up private keys, and 5. restoring private keys. The current mainstream private key backup/recovery solution is the mnemonic, which is the 12/24 word combination that appears when registering a wallet:

The mnemonic can derive the plaintext of the private key. When the user migrates the wallet to a new device, he only needs to enter the mnemonic on the wallet app to derive the private key and regain control of the wallet

For users, private key = mnemonic, but these two concepts are still different in the daily use of wallets: mnemonics are backup and recovery solutions for users' private keys

A metaphor: mnemonics are equivalent to copying your key. When your key is lost, you can generate the same key through the mnemonic

Source: Binance  

In general, in a custodial wallet, the project party keeps the mnemonic words on behalf of the user, and the threshold for registering and restoring the wallet is low, but the security of the wallet depends on the project party rather than the user himself, and the project party has actual control over the wallet; the mnemonic words of a non-custodial wallet are in the hands of the user, and the threshold for registering and restoring the wallet is high, but the security and anti-censorship are very high.

Flaws of the mnemonic solution

As WEB3 continues to move forward, more and more demands and application scenarios have emerged, and the on-chain ecosystem has flourished, especially the Defi Summer in 2021, which attracted a large number of users who originally only traded on exchanges to migrate their assets to the chain. As of March 2022, MetaMask has 30 million monthly active users. However, at the same time, mnemonics, as the most mainstream mnemonic account recovery solution, have become the main target of hackers: for ordinary users, the most common wallet theft is that the mnemonic is copied on the clipboard, or the private key file stored locally is stolen when encountering a phishing website

When a hacker attacks, he needs to weigh the cost of the attack and the reward he gets. All private keys (12 mnemonics) are all subsets of the dictionary. As long as the dictionary is exhausted, hackers can obtain all assets on the chain. However, this input-output ratio is poor. If the dictionary arranges all combinations through a brute force algorithm, the current mainstream mnemonics are 12 English words, and the vocabulary has a total of 2048 words. That is, 2048 ^ 12 = 5.44 e 39 kinds (5444517870735000000000000000000000000000000) If such a huge computing power is to be used, hackers can already control the BTC network through a 51% attack. Therefore, a method with a higher return rate for hackers is to obtain users' mnemonics through phishing, or steal the private keys stored in users' local devices.

Continuing with Metamask as an example, hackers can obtain the saved mnemonics and private keys in two places:

1. Mnemonics

After the wallet is created, the user needs to keep the generated mnemonics. It is generally recommended to copy them on white paper with pen and paper and keep them properly, but there are also lazy people who use the clipboard to copy and paste, save them in doc documents, or even in WeChat chat records

If the hacker has installed malware on the user's mobile phone/computer and monitors the user's clipboard at all times, he can steal the private key that has just been created. For example, QuickQ VPN was once exposed to rumors of copying the user's clipboard to steal the mnemonics

2. Private key

At the same time, Metamask generally encrypts the private key and saves it on the local device where the wallet is created so that it can be called at any time. If the Metamask plug-in is installed on Chrome: the storage location on Windows, the private key save address of Metamask is: C:\Users\USER_NAME\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn.

Storage location on Mac: Library>Application Support>Google>Chrome>Default>Local Extension Settings>nkbihfbeogaeaoehlefnkodbefgpgknn

That is, the security of Metamask depends on the security of Chrome. Once Chrome's firewall is hacked, hackers can obtain the user's address private key and transfer all assets. This is why hardware wallets are superior to plug-in wallets such as Metamask in terms of security

In addition to Metamask, some non-custodial wallets do not even achieve high anti-censorship, such as the theft of Slope wallet on Solana: Slope's mobile app sends mnemonics to their Sentry server via TLS when creating a Phantom wallet. These mnemonics are then stored in plain text, which means that anyone who can access Sentry can access the user's private key.

In addition, there are more wallet security incidents that deserve our reflection:

EOA account stolen

Fenbushi Capital founder’s wallet stolen: Link

Shen Bo’s wallet was stolen due to mnemonic leakage. The wallet used at the time of the theft was Trust Wallet. The stolen amount included approximately 38.23 million USDC, 1,607 ETH, 720,000 USDT and 4.13 BTC.

Wintermute wallet was attacked and lost approximately $160 million. The reason for the theft was that Wintermute used Profanity to create a Vanity wallet (starting with 0 x 0000000, which can save Gas when calling smart contracts) in order to save Gas fees: Link

Profanity is designed to help people generate an account with special visual effects, such as an account that starts or ends with a special character. On the other hand, some developers use it to generate accounts that start with a lot of zeros.

After Profanity obtains the first 32-bit private key SeedPrivateKey, in order to collide with the required account address, it will continuously iterate this private key through a fixed algorithm, up to 2 million times (the value comes from the article disclosed by 1inch). When the PublicKey is known, we can get the SeedPrivateKey by exhaustively enumerating the SeedPrivateKey and Iterator. The calculation amount is about 2^32 times 2 million times, and a graphics card with high computing power can complete it in a few days or even hours.

Contract account stolen

Paraswap's contract deployment address was stolen: Link

According to SlowMist's investigation report: The hacker address (0xf358..7036) has obtained the private key permissions of ParaSwap Deployer and QANplatform Deployer. The hacker withdrew $1,000 from ParaSwap Deployer and transferred it to and from the QANplatform deployer address as a test. We used the AML platform to analyze 0 xf 358..7036 and found that the hacker also stole The SolaVerse Deployer and multiple other vanity addresses. So far, the hacker has stolen more than $170,000 in funds.

Ronin Bridge was hacked in March this year, losing 173,600 ETH and 25.5 million USDC: Link

The hacker created a non-existent company, hooked up with a senior engineer of Axie through Linkedin and WhatsApp, lured him with a new job opportunity, arranged an interview, and finally offered him a generous salary, but the offer document was poisonous, so he successfully hacked into the Axie system and stole the private key of the EOA address where the engineer deployed the contract

In addition to being the main target of hackers, the mnemonic solution is also a high threshold to prevent new users from entering WEB3.

When creating a wallet, you need to manually copy 12 words for safety reasons, and it is best not to take a photo of this white paper for preservation. Even if we use trusted open source password saving software (such as 1password), we cannot use convenient copy and paste to save because there is a risk of clipboard theft

When restoring the wallet, that is, when changing the login device, you need to turn out this white paper and re-enter 12 words

The act of keeping a piece of white paper with 12 words on it sounds unreliable and un-web3: We look forward to living in the future of metaverse, but our account security depends on a piece of white paper invented in the Song Dynasty. So far, these two steps are enough to dissuade most web2 players. After all, in the world of web2, most registration processes can use Google accounts/ios accounts to log in with one click.

New account recovery scheme without mnemonics

In order to lower the threshold of wallets and attract more users to WEB3, we need to use social account login schemes such as Web2 without losing the security and anti-censorship of wallets. Therefore, we need a more convenient and secure account recovery solution. All current discussions point to one end: no mnemonics. There are currently two solutions for implementing no mnemonics: MPC solution and social recovery solution.

MPC solution: The private key is generated by multiple parties to avoid single-point accidents caused by loss/theft of the user's private key

It can be understood as: MPC is a 3 FA, each verification method holds a key fragment, and the door lock does not have a separate key. When one of the key fragments is lost, the user can use other verification methods to restore the lost key fragment

Social recovery solution: Store funds in smart contracts, controlled by EOA wallets through multi-signature/single-signature solutions, and designate trusted third-party guardians. When the EOA wallet private key is lost, the control of the contract is replaced by a third-party guardian, so users do not need to save mnemonics

Current discussions usually discuss social recovery and account abstraction wallets side by side. It should be noted that the social recovery scheme is a standard and function on smart contracts, proposed by EIP-2429 in 2019, which means that users can replace the control private key of the contract through the guardian; the recently hotly discussed EIP-4337 is a discussion about account abstraction, which we will discuss in the following chapters

MPC scheme

The MPC scheme is that when creating an EOA wallet, multiple parties jointly create private key fragments. In 2019, the paper of "Two-party Elliptic Curve Digital Signature Based on Secure Multi-party Computation" was published at CRYPTO 2019, officially bringing the implementation of MPC into everyone's vision. MPC is Secure Multi-Party Computation.

Multi-party computation (MPC) is a branch of cryptography that began with the pioneering work of Andrew C. Yao nearly 40 years ago. Using MPC, private key generation no longer needs to be done at a single point, but can be jointly calculated and held by a group of mutually untrusting parties (n parties), a technology called DKG (Distributed Key Generation)

Distributed key generation can be done in a way that allows different types of access structures: the conventional "t out of n" setting will be able to withstand up to t arbitrary failures in private key-related operations without compromising security.

Threshold Signature Scheme (TSS) is the name for this combination of Distributed Key Generation (DKG) and Distributed Signature.

At the same time, when the private key fragments of one party are lost/exposed, the MPC solution supports the recovery and replacement of private key fragments, so that the account security can be guaranteed without changing the account

The MPC solution does not have a complete private key during account creation, use, storage, backup and recovery. Through the joint generation/holding of private key fragments by multiple parties and the "t out of n" TSS threshold signature scheme, it achieves higher convenience than single-point generation/holding private key wallets such as Metamask. Security and anti-censorship: Compared with the traditional mnemonic solution, it greatly improves the security of user use, and can even be comparable to hardware wallets

1. Security

No private key/mnemonic phrase: During the wallet generation process, each party (wallet project party and user) generates private key fragments through MPC. The complete private key has never appeared in the whole process. It can be understood that MPC is a true private keyless wallet

The cost of hacker attacks is greatly increased: Even if hackers invade the user's local device, they can only obtain private key fragments. Only when hackers have control of the wallet server + the user's local device can they steal the user's property

2. Threshold:

Social login: Users can create accounts on MPC wallets through identity authentication methods such as email (assuming that the MPC wallet adopts a 2/2 signature scheme, that is, two private key fragments must be used at the same time to sign),

3. Anti-censorship:

Centralized institutions (wallets/backup devices) only hold account private key fragments and cannot control user accounts

Social recovery solution

The social recovery solution is deployed on the smart contract account. The smart contract wallet can be understood as a contract for managing funds deployed on the chain with an EOA account. Like ordinary smart contracts, the deployer's EOA wallet has control over the smart contract

The smart contract wallet is not a private key-free solution because the controlled EOA The wallet has a private key

But the smart contract wallet can change the user's signature private key through a social recovery scheme.

Continue with the door lock analogy. The social recovery solution is to ask the guardian to change your key after your key is lost

Two years after the EIP-2929 proposal, in 2021, Vitalik first proposed a wallet application case for social recovery in the forum:

When creating a smart contract wallet, users can specify other EOA addresses as "guardians", and the "guardian" address needs to be signed and confirmed on the chain and pay a gas fee

The user's EOA account is used as a "signature private key" to approve transactions

There are at least 3 (or more) "guardian" EOA accounts, which cannot approve transactions, but can change the "signature private key". Changing the "signature private key" also requires the "guardian" to pay a gas fee for signature confirmation

The signature private key has the function of adding or removing guardians, but the whole process takes some time (usually 1-3 days)

In daily usage scenarios, users can use smart contract wallets with social recovery functions (such as Argent and Loopring) like ordinary wallets, and confirm transactions with their signing keys. In this way, each transaction can be completed quickly with one confirmation, just like in traditional wallets (such as Metamask)

Creating private keys

The account abstraction wallet is no different from Metamask in creating private keys

Keeping private keys

Since the EOA wallet that controls the contract is only used as a "signature private key" and control can be transferred by meeting the guardian, users do not need to keep mnemonics specifically

Using private keys

Contract wallets are also transfers/transactions. Because they need to call contracts, they will be more expensive than MPC wallets and traditional wallets

But because they call contracts, they support the use of non-Native tokens such as USDC/USDT (such as ETH is the native token used to pay gasfee on Ethereum) Token) payment, which will undoubtedly greatly reduce the interaction difficulty for new web3 players: In principle, the project party will swap the user's USDC into ETH in the same transaction and then pay the gas fee on behalf of the user

Backup private key

The private key backup step of the account abstract wallet is replaced by a "guardian", which is counterintuitive and costly:

When a user uses web3 for the first time and wants to register a wallet, he needs to find three trusted friends who already have EOA wallets in web3 and let them pay the gas fee to become his guardian

If the user wants to compensate the friend's gas fee and use the newly created wallet to make three transfers, then to create a wallet, a total of 6 gas fees need to be given, and MPC Creating an account in the wallet is free

Recovering private keys

If a user loses their signing key, they can apply for social recovery. The user needs to contact their guardian and have them sign a special transaction (the user or guardian pays the gas fee) to change the signing public key registered in the wallet contract to a new signature. This is much simpler: the guardian can visit a web page, such as security.loopring, view the recovery request and sign it.

However, in terms of the security of private keys, it does not reach the level of MPC Wallet height:

Cost of attack: Hackers can still obtain the complete private key by invading the user's device. In other words, users use smart contract wallets only to have an additional means of retrieving private keys in the scenario of private key loss

Low censorship resistance: Since social recovery schemes require the appointment of "guardians", there is a possibility that "guardians" collude with each other to do evil

The main risks of social recovery are:

Collusion: If some users know that they are part of a recovery, they may be interested in the execution of a recovery attack;

Targeted attack: An external agent may know the owner of the recovery and aim for the weakest point required to execute the recovery attack

General exposure: If an attacker manages to infect a large user base environment dependency and gain access to multiple identities, it may also cause side effects to unaffected users through recovery

MPC scheme v.s. Social recovery solutions: security, threshold, and anti-censorship

The future of Mass Adoption: Web3 wallets

With a solution for account recovery without mnemonics, we can look forward to a new generation of Web3 wallets, that is, wallets that can be registered and logged in using email addresses. We selected representative projects of MPC wallets and account abstraction wallets for analysis: they both have reached the low threshold of no mnemonics for user access, and we evaluated them from the perspective of security and anti-censorship.

Bitizen

Among MPC wallets, Bitizen wallet, which is more thoroughly anti-censorship and convenient, adopts a 2/3 TSS solution. Let us analyze it from the perspective of wallet security and anti-censorship:

1. Security:

a. Creation

In order to achieve strong censorship, after completing the wallet registration, the user can use a second device to back up the private key fragments via Bluetooth, using a 2/3 TSS solution: Bitizen server, user local device, and user second device

b. Custody

Since no complete private key is generated during the wallet creation process, there is no mnemonic phrase: the user's Bitizen account will be associated with the user's cloud disk and email. The user only needs to log in with the email to use the Bitizen wallet normally

c. Use

The user obtains the private key fragments stored in the Bitizen cloud and the private key fragments stored on the local device through facial recognition authentication for signing (2/3)

After the second device backs up the private key fragments via Bluetooth, it can be completely saved offline and is not needed on weekdays (the signature only requires Bitizen's server and the user's main device to complete)

d. Backup

Back up the local private key fragments to the user's cloud disk

When the user needs to change the device to log in, he only needs to use the email and facial authentication. Bitizen will request the user to restore the backup of the private key fragments from the cloud disk

e.

Similarly, when the user's device loses/accidentally deletes Bitizen's local files, the private key fragments can be restored through the cloud disk

When the user cannot even log in to the cloud disk, Bitizen will recalculate the private key fragments through the private key fragments on the server and the user's second backup device, allowing the user to resume normal use

Source: Bitizen

2. Anti-censorship:

The 2/3 TSS solution gives users absolute control over their own wallets (2/3 of the private key fragments are in the hands of the user), even if Bitizen Even if the wallet goes bankrupt or runs away, users can still exercise normal control of the wallet

Unipass

Account abstract wallet Taking Unipass as an example, Unipass adopts the method of smart contract + MPC wallet, combining the advantages of the two solutions:

In transactions, any token supported by the wallet (mainstream, liquid tokens) can be used to pay gas fees

In the custody of private keys, MPC (2/2) and TSS technology are used to distribute the generation of private keys, so that the private keys will not be obtained by hackers at a single point:

The private key is divided into two parts, one is stored on the Unipass server, and the other is stored in the user's local device

In recovering the private key, Unipass uses the **DomainKeys Identified Mail**(DKIM) solution, and users can use email addresses as "guardians" instead of other EOA addresses

This greatly reduces the threshold for users to find guardians: guardians do not need to use blockchain, only guardians' email addresses are needed

Source: Unipass

Low threshold—> High applicability

Low-threshold wallets are not the end point of wallet applications. The current Web3 infrastructure is still some distance away from the traditional finance of Web2. The automatic deduction and regular automatic payment functions provided by Visa have brought great convenience to users, but it is still difficult to implement on Ethereum. Account abstraction accounts may be the next highly applicable blockchain wallet narrative: Visa published an article "Auto Payments for Self-Custodial Wallets", exploring the use of account abstraction wallet Argent to achieve automatic programmable payments on the StarkNet network, allowing users to use self-custodial wallets to automatically pay without signing each transaction. And how is the account abstraction wallet implemented specifically? This concept actually originated a long time ago.

Account Abstraction - From EIP-2938 to EIP-4337

With the proposal of EIP-4337, the topic of account abstraction has returned to everyone's attention. Social recovery scheme and account abstraction (using smart contracts as EOA wallets, i.e. account abstraction) were proposed earlier than EIP-1271, and have been implemented by wallets such as Argent in Layer 2 such as StarkNet. What is the difference between the EIP-4337 scheme (account abstraction) that has been hotly discussed in the community recently?

From EIP-86 in 2015 to the recent hot topic EIP-4337, the core ideas of developers revolve around "contracts as wallets". Account abstraction enables users to interact with the main network in an intuitive way. This allows users to precisely control the key permissions of their accounts. Since the code of the EOA account has been specified, it is impossible to perform modular and functional design on the EOA wallet, such as adding functions such as batch transfers/social recovery, so everyone has placed the breakthrough on the smart contract. The proposal closest to EIP-4337 is EIP-2938, which also defines a new smart contract operation protocol, but requires modifications at the consensus layer, making it difficult for developers to maintain it. The main innovation of EIP-4337 is that the main network does not require consensus-level protocol changes.

In EIP-1237, the signature initiation of the contract address needs to rely on the centralized Relayer for signature, and the Relayer is centralized, and the standards between the various Relayers are different, which is not compatible with multiple chains/multiple dAPPs

In EIP-4337, it is proposed to replace the Relayer with Bunbler. Bundler is a decentralized multi-party, which improves the anti-censorship of the smart contract wallet and unifies the signature standard, which can greatly reduce the integration difficulty of developers

EIP-4337 will have an impact in the future, but for now, it has not improved the user experience. Therefore, the discussion enthusiasm of this plan is limited to VCs and developers, more like Move to Aptos, which makes VCs and other investors and developer communities crazy. For web3 users, whether this Layer 1 is written in solidity or Move does not change the user experience much.

After all, from the account abstract wallet Argent, it has completed US$56.2 million in financing since 2018. After 4 years of development, it has only 7.4w addresses: Just as after the rise of DeFi, currency circle users turned from exchanges to Metamask to mine high APY mines, which led to the rise of Metamask. At present, the craze of smart contract wallets still needs a new catalyst

Source: Dune

The current user deposits on Argent are not as much as the financing amount

Source: Dune

However, with the implementation of the account abstraction proposal on the Ethereum mainnet, it means that Argent users can seamlessly connect from StarkNet to the Ethereum mainnet, and the sparks ignited in this process are also worth looking forward to

Use Cases

Refine permission control: refine the single signature permission of EOA:

Grant A user the transfer limit of X TokenB in the contract

Grant B user contract the transaction permission of authorized tokenC but not the transfer permission

When the contract is not used for a long time, the right to use the contract is automatically transferred

Diversified payment methods for Gas: payment by others or payment with any token

Automatic deduction/automatic refund

Embrace the future of Web3

As a common saying goes, there are 4.8 billion web2 users and the number of web3 users has just exceeded 100 million in 22 years. We are still in the early and wild stages of blockchain development.

Back to the question at the beginning of the article: "How much risk and responsibility am I willing to take for my assets?", is it possible to not have to remember my private key and also ensure that my wallet is not lost?

I have always heard traditional VCs questioning: Is there any scenario that only web3 can do but web2 can't? We believe that Web3 wallet is one of the examples that slaps the face of traditional web2: only in the decentralized network of web3 can we expect a good wallet that meets anti-censorship, security and user experience, and users do not have to bear risks or responsibilities. The emergence of such wallets is also an important foundation for 4.7 billion web2 users to embrace the future of web3: wallets are not only the first entrance to web3, but also the foundation for the development of on-chain domain names (such as ENS), soul-bound tokens (Soul-Bounded Token), and on-chain reputation systems (Decentralized Identifiers). Without a secure wallet environment, the construction of web3 lego will not have a solid foundation.

We need to think more seriously. There are not many opportunities to fire in the bear market. MPC has shown us that the EOA wallet is easier to use and safer in the future, and it can adapt to all current EVM chains. There is still a long way to go for smart contracts to access dAPP. The social recovery plan currently looks useless, but the future possibilities of smart contracts are exciting. Who should we bet on? We will hand in this answer sheet with real money.

2022 is a dark year for cryptocurrencies, but we still believe that the future is bright. We are awakened warlocks in World of Warcraft, and we hope to create a world where no one can take away our life siphon (unless the proposal is voted through)

Statement: Part of this article is based on an interview with Winson, CEO of Web3 wallet Bitizen. Bitizen is one of the portfolios of Redline DAO. We would like to thank Bitizen and Winson for their support for this article.

Reference

Threshold signature description:

Bringing Web2 users into Web3 - the future belongs to wallets without mnemonics

V God: Why do we need to widely adopt social recovery wallets?

Non-custodial Solana wallet Phantom was hacked, and funds of multiple users were stolen

Fenbushi Capital founding partner Shen Bo: Personal assets worth 42 million were stolen, and the police have been reported

Wintermute lost 160 million US dollars in DeFi hacker attack

ParaSwap contract deployment address private key may have been leaked, on-chain funds were stolen

Reason for the theft of Ronin cross-chain bridge

Original link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia