Account Abstraction (ERC-4337)
Was ist Account Abstraction (ERC-4337)?
Account Abstraction (ERC-4337)An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
ERC-4337 (Account Abstraction Using Alt Mempool), authored by Vitalik Buterin and others and deployed to Ethereum mainnet in March 2023, lets users hold funds and submit transactions through smart-contract wallets rather than externally-owned accounts (EOAs) — without requiring any consensus-layer change. Instead of an EOA signing a transaction with a single private key, an ERC-4337 'UserOperation' is constructed by the user's smart-contract wallet, bundled by a 'bundler' off-chain, and submitted to a global EntryPoint contract that executes the wallet's `validateUserOp` and then the user's intent. Because validation is fully programmable, wallets can implement social recovery (M-of-N guardians), session keys (a time- and contract-scoped key for game sessions), passkey-backed signatures via WebAuthn, sponsored gas payments by paymasters, and intent-based DSLs. Major wallet vendors (Safe, Argent, Biconomy, ZeroDev, Coinbase Smart Wallet) ship 4337 stacks; ERC-7702 (2024) adds a complementary EOA→smart-contract delegation mechanism. From a security perspective, AA dramatically changes the threat model: phishing now also targets `executeBatch` calldata, session-key abuse, and paymaster-griefing rather than just `permit` signatures.
● Beispiele
- 01
A new wallet uses ERC-4337 to give users WebAuthn passkey signing plus a 7-of-12 social-recovery guardian set, eliminating the seed-phrase paradigm.
- 02
A Web3 game grants the user a 24-hour session key scoped to its game contract; the user signs in-game moves without confirming each transaction in their main wallet.
● Häufige Fragen
Was ist Account Abstraction (ERC-4337)?
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes. Es gehört zur Kategorie Web3 und Blockchain der Cybersicherheit.
Was bedeutet Account Abstraction (ERC-4337)?
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
Wie funktioniert Account Abstraction (ERC-4337)?
ERC-4337 (Account Abstraction Using Alt Mempool), authored by Vitalik Buterin and others and deployed to Ethereum mainnet in March 2023, lets users hold funds and submit transactions through smart-contract wallets rather than externally-owned accounts (EOAs) — without requiring any consensus-layer change. Instead of an EOA signing a transaction with a single private key, an ERC-4337 'UserOperation' is constructed by the user's smart-contract wallet, bundled by a 'bundler' off-chain, and submitted to a global EntryPoint contract that executes the wallet's `validateUserOp` and then the user's intent. Because validation is fully programmable, wallets can implement social recovery (M-of-N guardians), session keys (a time- and contract-scoped key for game sessions), passkey-backed signatures via WebAuthn, sponsored gas payments by paymasters, and intent-based DSLs. Major wallet vendors (Safe, Argent, Biconomy, ZeroDev, Coinbase Smart Wallet) ship 4337 stacks; ERC-7702 (2024) adds a complementary EOA→smart-contract delegation mechanism. From a security perspective, AA dramatically changes the threat model: phishing now also targets `executeBatch` calldata, session-key abuse, and paymaster-griefing rather than just `permit` signatures.
Wie schützt man sich gegen Account Abstraction (ERC-4337)?
Schutzmaßnahmen gegen Account Abstraction (ERC-4337) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für Account Abstraction (ERC-4337)?
Übliche alternative Bezeichnungen: ERC-4337, Account abstraction, Smart-contract wallet.
● Verwandte Begriffe
- web3№ 1171
Smart-Contract-Sicherheit
Praxis, On-Chain-Programme so zu entwerfen, zu prufen und zu betreiben, dass sie nicht ausgenutzt werden konnen, um Mittel zu stehlen oder Geschaftsregeln zu verletzen.
- web3№ 1170
Smart-Contract-Audit
Unabhangige Sicherheitsuberprufung von Smart-Contract-Quellcode, Deployment-Konfiguration und okonomischem Design vor Launch oder Upgrade.
- identity-access№ 888
Passkey
Phishing-resistenter FIDO2/WebAuthn-Credential — ein gerätegebundenes oder synchronisierbares asymmetrisches Schlüsselpaar, das Passwörter durch eine kryptografische Challenge-Response ersetzt.
- web3№ 517
Hardware-Wallet
Dediziertes physisches Geraet, das private Schluessel von Kryptowaehrungen in einem manipulationsgeschuetzten Secure Element speichert und Transaktionen offline signiert.
- web3№ 794
Multisig-Wallet
Krypto-Wallet, das m-aus-n Signaturen unabhaengiger Schluessel verlangt, um eine Transaktion zu autorisieren, sodass der Verlust eines einzelnen Schluessels nicht fatal ist.
- web3№ 1155
Signature Phishing (Web3)
A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
● Siehe auch
- № 413EIP-712 Signing