Why will EIP-3074 be included in the next Ethereum upgrade? What is the difference between it and ERC-4337?

24-04-13 17:00

Read this article in 9 Minutes

AI summary

View the summary

Original title: "Why is EIP-3074 included in the next Ethereum upgrade? Is the account abstraction scheme ERC-4337 not enough?"

Original author: 0xNatalie, ChainFeeds

After more than 3 years of precipitation and improvement, EIP-3074 received widespread support from the Ethereum community at the 183rd ACDE meeting of Ethereum and was officially included in the next Ethereum hard fork. EIP-3074 was proposed by Ethereum researcher Sam Wilson, Go Ethereum developer Matt Garnett and others. Its core is to allow any externally owned account (EOA) to operate like a smart contract wallet, without the need to deploy additional contracts or manual migration. As Paradigm CTO Georgios Konstantopoulos said, "The wallet user experience will be improved 10 times." So how does EIP-3074 do this? What is the difference with ERC-4337?

EIP-3074 is an upgrade to EVM

Externally owned accounts (EOA) are a type of account on Ethereum that is directly controlled and managed by the user, such as accounts created by mnemonic wallets that we often use, such as MetaMask. EIP-3074 introduces two new Ethereum virtual machine instructions: AUTH and AUTHCALL, which enable EOA to connect to a smart contract and give control of the transaction to the smart contract.

· AUTH instruction: used to verify an ECDSA signature and set a context variable "authorized" based on the signature result. If the signature is valid and the signer address matches the given authorization address, "authorized" is set to the authorization address. In this way, the AUTH instruction allows a smart contract to perform operations on behalf of an EOA, thereby implementing the delegation of authorization control.

· AUTHCALL instruction: Similar to the existing CALL instruction, it is used to perform an external call. The difference is that AUTHCALL will use the authorized address previously set by the AUTH instruction as the caller address. This means that AUTHCALL will use the authorized EOA as the sender, rather than the contract itself.

The overall process is: the user signs the authorization message, the Invoker contract receives and verifies it, and the Invoker contract uses the AUTH and AUTHCALL instructions to send transactions as EOA, execute transactions on behalf of the user without directly using the user's private key, and then returns the result to the user.

Difference from ERC-4337

ERC-4337 is at the protocol level and does not require changes to the consensus layer. The main goal is to achieve account abstraction, allowing smart contracts to directly own funds and have functions similar to Ethereum accounts. That is, to allow smart contract accounts to have the characteristics of EOA actively initiating transactions.

And EIP-3074 needs to be implemented through an Ethereum hard fork. The main goal is to give EOA functions similar to smart contracts, delegate the control of EOA to smart contracts, so that smart contracts can trade on behalf of users, and support batch transactions, sponsored transactions (that is, third parties pay gas fees to execute transactions) and other functions. Although it makes EOA have the function of a smart contract wallet, the account is still EOA. If the key is stolen, it means a complete loss. (Unless a special contract is set up specifically for account recovery)

Why is it important?

In the era of multiple chains, supporting ERC-4337 for each chain requires a lot of development work. And the migration transaction proposed by EIP-7377, which allows EOA users to migrate their accounts to smart contracts, requires users to manually send a migration transaction. In contrast, EIP-3074 gives EOA the function of smart contracts, which can be used directly on all chains, and does not require users to migrate manually.

Compared to other proposals, the advantage of EIP-3074 is that it is simple and efficient, and users can enjoy the functions of smart contracts without additional processes. Previously, the Ethereum community was concerned about the technical security issues of EIP-3074. After improvements and testing, the community widely supports the inclusion of EIP-3074 in the next Ethereum upgrade, which will have an impact on multiple areas in the Ethereum ecosystem.

For example, in the DeFi field, the batch transaction function of EIP-3074 will greatly improve the efficiency of liquidity providers and traders and reduce the cost of participation. In addition, by authorizing user accounts to execute transactions, DeFi applications can act as sponsors and pay gas fees for users, thereby lowering the threshold for users to use DeFi products and promoting the large-scale application of DeFi.

In the field of full-chain games, through EIP-3074, users can grant account operation permissions to third parties (Invoker) through authorization, thus avoiding the problem that users need to confirm on the chain and pay Gas fees for each transaction. Game developers or other third parties can execute transactions on behalf of users, and users only need to authorize once, which simplifies the transaction process and improves the fluency of the game.

Potential risks

In Ethereum transactions, node validators need to know exactly the details of the transaction in order to handle them correctly. This is the only way to ensure the security and stability of the network. In EIP-3074, smart contracts are allowed to execute transactions on behalf of EOA. When it comes to sponsored transactions, interacting with other contracts or accounts may change the account status before and after the transaction is executed, making it difficult for node validators to accurately predict the impact of the transaction, resulting in network inconsistency security risks.

In addition, although users can authorize third parties to operate accounts by signing, this also means that third parties (Invoker) can operate users' accounts to a certain extent, which may lead to potential security issues. If the third party's authority is abused or hacked, users' funds and personal information may be threatened.