Vitalik Buterin talks about encrypted payments: After summarizing 5 lessons learned, what should Ethereum do?

23-02-28 14:15
Read this article in 15 Minutes
总结 AI summary
View the summary 收起
Original title: 《 V God: My personal experience and small suggestions on crypto payment 》
Original author: Vitalik Buterin
Original translation: Katie Gu, Odaily Planet Daily

In 2013, I went to a sushi restaurant next to the Internet Archive in San Francisco because I heard that it accepted Bitcoin payments and wanted to try it. When it came time to pay the bill, I asked to pay with Bitcoin. I scanned the QR code and clicked "Send". To my surprise, the transaction did not go through. It seemed to have been sent, but the restaurant did not receive it. I tried again and still got nothing. I soon discovered that the problem was that my mobile Internet was not working well at the time. I had to walk more than 50 meters to the nearby Internet Archive and get on the Wifi there, and finally I could send the transaction.

Lessons learned: The internet is not 100% reliable. We need better ways of broadcasting, such as on-site payment systems with some features (NFC and customer-showing QR codes, etc.) that allow customers to directly transmit their transaction data to merchants.

In 2021, I bought tea for myself and a friend at a coffee shop in Argentina. They explained that they did not intend to ask me to pay with cryptocurrencies. It was just that the coffee shop owner recognized me and showed me one of his accounts at a crypto exchange, so I suggested paying with ETH (using a crypto exchange account as a wallet is a standard way of on-site payments in Latin America). Unfortunately, my first transaction of 0.003 ETH was not accepted, probably because it was below the exchange's minimum deposit of 0.01 ETH. I sent another 0.007 ETH. Soon, both transactions were confirmed (I didn't mind paying 3 times more, just consider it a tip).

In 2022, I tried to buy tea at another place. The first transaction failed because the default transaction of my mobile wallet only sent 21000 Gas, and the receiving account was a contract that required additional Gas to process the transfer. Trying to send a second transaction failed because my mobile wallet UI glitch prevented me from scrolling down and editing the field containing the Gas limit.

Lessons Learned: A simple and stable UI is better than a fancy and trendy UI. But at the same time, most users don't even know what the gas limit is, so we really need better defaults.

Many times, there are surprisingly long delays between when my transaction is accepted on-chain and when the service acknowledges the transaction, even as "unconfirmed". Some times, I do worry that there is a problem with the payment system on their end.

Many times, there are long and unpredictable delays between sending a transaction and when that transaction is accepted in a block. Sometimes, a transaction can be accepted in a few seconds, but other times, it can take minutes or even hours. Recently, EIP-1559 has significantly improved this, ensuring that most transactions are accepted by the next block, and even the recent Merge has improved this further by stabilizing block times.

V 神:关于加密支付,我的个人体验和小建议

Charts for this report were created by Yinhong (William) Zhao and Kartik Nayak.

However, outliers still exist. If you send a transaction at the same time as many people are sending transactions and the base fee is spiking, you run the risk of having your transaction not accepted because the base fee is too high. To make matters worse, the wallet’s UI is not good at showing this. There are no obvious red alerts and few clear indications of what you should do to fix the problem. Even for experts, who know that in this case you should “speed up” the transaction by issuing a new transaction with the same data but with a higher “max-basefee”, the “button” that allows you to do so is often not clear to users.

Lessons Learned: The user experience (UX) around designing transactions needs to improve, although there are simple fixes for now. I'd like to thank the Brave Wallet team for taking my suggestions on this matter seriously, first by increasing the maximum base fee limit from 12.5% to 33%, and more recently by exploring ways to make "blocked transactions" more obvious in the UI.

In 2019, I was testing one of the earliest attempts to provide social recovery wallets. Unlike the smart contract-based approach I favored, their approach used Shamir's secret sharing to split the account's private key into five parts, in such a way that any three parts could be used to recover the private key. The user needs to select 5 friends (the modern term is "guardians"), convince them to download a separate mobile app, and provide a confirmation code that is used to create an encrypted connection to the friends' app from the user's wallet via Firebase and send them their shared private key.

This approach quickly caused problems for my wallet. A few months later, my wallet broke down and I needed to use a recovery procedure to restore it. I asked my friends to walk me through the recovery process through their app, but things didn’t go as planned. Two of them lost their key shards because they changed phones and forgot to move the recovery app. A third was because the Firebase Connect mechanism didn’t work for a long time. Eventually, we found a way to fix the problem and recovered the private keys. However, a few months later, the wallet had problems again. This time, a regular software update accidentally reset the app’s storage and deleted its private keys. But I didn’t add enough friends to participate in the recovery procedure because the Firebase Connect mechanism was so poor that I couldn’t do this successfully. I ended up losing a small amount of Bitcoin and ETH.

Lessons learned: Off-chain social recovery involving private information sharing is really fragile and is a bad idea unless there is no other choice. Friends (guardians) who participate in your recovery process should not download a separate app, because if your app is only used for special cases like recovery, it is easy to forget and lose it. In addition, the need for a separate centralized communication channel also brings various problems. Instead, the way to add guardians participating in the recovery process should be to provide their ETH address, and recovery should be done through smart contracts, using ERC-4337 account abstraction wallets. In this way, the guardian only needs to not lose their Ethereum wallet.

In 2021, I tried to save fees on using Tornado Cash by using the "self-relay" option. Tornado Cash uses a "reply" mechanism where a third party pushes transactions onto the chain, and because when you withdraw money, your withdrawal address usually doesn't have tokens yet, you don't want to pay for the transaction with your deposit address because that would create a public link between the two addresses, which is the problem Tornado Cash is trying to prevent. The problem is that the relay mechanism is usually expensive, and the relay charges a certain percentage of the fee, which may be much higher than the actual gas fee of the transaction.

To save costs, one time I used the relay mechanism for my first small withdrawal, which charged a lower fee, and then I sent the second larger withdrawal myself using the "self-relay" function in Tornado Cash without using a relay. The problem is, I messed up and accidentally made a mistake when logging in to my deposit address, so the deposit address paid the fee instead of the withdrawal address. Resulting in me creating a public link between the two.

Lessons learned: Wallet developers should start thinking about privacy more explicitly. Additionally, we need better forms of account abstraction that remove the need for centralized or even "federated relays" and commoditize the relay role.

Other issues

Many applications still don't work on the Brave wallet or Status browser. This is probably because they didn't do their homework correctly and rely on metamask-specific APIs. Even Gnosis Safe didn't work with these wallets for a long time, which led me to have to write my own mini-Javascript Dapp to confirm. Fortunately, the latest UI has fixed this issue.

ERC 20 transaction transfer pages on Etherscan, such as, are prone to scams. Anyone can create a new ERC20 Token that can emit a log claiming that I or any other specific person sent a Token to someone else. This is sometimes used to trick people into thinking that I am supporting some kind of fraudulent Token that I have never actually heard of.

Uniswap used to offer a very convenient feature to swap Tokens and send the output to different addresses. This feature comes in really handy when I have to pay someone with USDC but I don't have any USDC on me. Right now, the interface doesn't offer this feature, so I have to convert and then send a separate transaction, which is inconvenient and wastes more gas. I later learned that Cowswap and Paraswap offer this feature, although Paraswap doesn't seem to work with Brave wallet at the moment.

Logging in with Ethereum is a good option, but it's still difficult to use if you're trying to log in on multiple devices and your Ethereum wallet only works on one device.


A good user experience is crucial. A UI that looks clean and tidy on the surface, but does something weird and unexplained 0.723% of the time, will lead to serious problems, which is worse than a UI that exposes more details to the user. Exposing the problem directly at least makes it easier for users to understand what happened, know what the problem is and fix it.

Besides the most important issue of high transaction fees due to scale not being fully solved, user experience is a key reason why many Ethereum users (especially those in the southern hemisphere) often choose centralized solutions over on-chain decentralized alternatives that put power in the hands of users, their friends and family, or local communities. User experience has improved tremendously over the years. In particular, the average transaction before EIP-1559 took several minutes to complete, and after EIP-1559 and the merger, the average transaction takes a few seconds, which makes using Ethereum very pleasant. But we still have a long way to go on this road of development.

Original link

欢迎加入律动 BlockBeats 官方社群:

Telegram 订阅群:

Telegram 交流群:

Twitter 官方账号:

举报 Correction/Report
Choose Library
Add Library
Add Library
Visible to myself only