Ethereum Protocol Fellowship (EPF) Cohort 7 — Applications open until May 13

Native Account Abstraction #001

2026-04-22 Agenda: #2018 canonical JSON

Transcript

00:07:27
marc | wolovim:All right, welcome everyone. I will post in the agenda in the chat, and then we'll kick this thing off.
00:07:36
marc | wolovim:So welcome to Native Account Abstraction Breakout Number 1. Today is April 22nd, 2026.
00:07:44
marc | wolovim:The agenda is a big one, so,
00:07:48
marc | wolovim:Let's… let's get through what we can, and
00:07:52
marc | wolovim:Find out how much is left over for the next chat.
00:07:59
marc | wolovim:The context for this new series is that EIP8141, that's Frame Transactions, was recently proposed as a headliner for HEGOTA, the Ethereum upgrade after Glamsterdam.
00:08:11
marc | wolovim:It garnered support from a variety of stakeholders in the ecosystem and was CFI'd, meaning considered for inclusion in that upgrade.
00:08:19
marc | wolovim:But ultimately was not selected as the headliner by client teams, and the reasons given varied
00:08:25
marc | wolovim:And they are hopefully well represented in today's agenda.
00:08:29
marc | wolovim:But in short, if I may summarize, client teams wanted more time to understand the implications on the mempool, stateless efforts, privacy preservation, and the post-quantum roadmap, among other design decisions.
00:08:45
marc | wolovim:More broadly, though, the proposal generated
00:08:49
marc | wolovim:Well, it feels like real momentum for shipping native account abstraction in the Hego Tough Fork.
00:08:55
marc | wolovim:So there's been a flurry of other proposals, both alternatives to 8141, and those complementary or compatible with it.
00:09:03
marc | wolovim:So now seems exactly the right time to start to converge on a version of this feature set that we can all live with.
00:09:11
marc | wolovim:The sooner we have rough consensus on an approach, the sooner client teams can begin pipelining the work, and the sooner the broader ecosystem can begin the long road to adoption.
00:09:23
marc | wolovim:Last logistics note, breakout calls like this one cannot change the inclusion stage or the headliner status of an EIP. That can only be done by rough consensus within an all-core devs call.
00:09:37
marc | wolovim:So I would suggest that a good use of time here is to improve our collective understanding of the trade-offs we need to make, to refine the existing proposals, steal good ideas, and identify whatever the next steps are to move forward with confidence.
00:09:55
marc | wolovim:So that's sort of the preamble.
00:09:59
marc | wolovim:Before we jump into hearing from proposal authors on recent updates,
00:10:08
marc | wolovim:the first feedback I've heard that I would like to at least briefly acknowledge is the sentiment that we…
00:10:14
marc | wolovim:should be sure we're clear on goals and what we're solving for here. It's true that account abstraction means different things to different people.
00:10:22
marc | wolovim:And much has been written on that topic. For example, Vitalik has outlined core and stretch goals in his full account abstraction doc that you can find in the agenda.
00:10:32
marc | wolovim:I've heard Matt and Felix and others describe their motivations on all CoreDev's calls, but I wanted to leave at least a little space here.
00:10:41
marc | wolovim:So the prompt is, would anybody like a minute or two to communicate what you think is most important for a native account abstraction proposal to accomplish?
00:10:51
marc | wolovim:Those I've mentioned already are welcome to come up and reiterate any points. Maybe this is a good opportunity for other ecosystem stakeholders to chime in, so just raise a hand if you'd like to
00:11:12
ivo Georgiev @ ambire:I can give you a few thoughts from the point of view of a wallet developer.
00:11:19
ivo Georgiev @ ambire:There's a couple of things, and they're all related to the practical efficiency of existing account abstraction solutions.
00:11:27
ivo Georgiev @ ambire:So, one of them is…
00:11:31
ivo Georgiev @ ambire:really, 7702 and all solutions before 7702, which were just proprietary solutions, what they managed to achieve, a lot of things, but without actual upgrade paths for existing EOAs and existing accounts, the adoption really stalled.
00:11:46
ivo Georgiev @ ambire:7702 kind of solved it, but the issue with this is that it still requires
00:11:52
ivo Georgiev @ ambire:an authorization, and most hardware wallets still don't support this feature, so they still, like, either rely on a very narrow, whitelist.
00:12:02
ivo Georgiev @ ambire:or they don't support it at all. So, in practice, the current account… the current state of account abstraction is that you cannot use account abstraction features in many EOA accounts. So, this is something that frame transactions solve.
00:12:16
ivo Georgiev @ ambire:So that's fantastic. And then the second thing is, 4337 really is kind of a bit clunky. Some would even say bloated, and that's also another point of, point of view that, frame transactions solve. So this is, like, the practical implications.
00:12:38
marc | wolovim:Thank you. Agus, if I'm pronouncing it anywhere close to right.
00:12:43
Agusx1211 (Polygon):Yeah, I think so.
00:12:46
Agusx1211 (Polygon):In our perspective, we are a polygon, we are X-sequence, we are also Smart Control Wallet. Our point of view of account abstraction, really, or in the context that we are discussing this, is that this is what, in the old times, was called
00:13:04
Agusx1211 (Polygon):every layer, like, this is an alternative to have a proper solution to be able to execute the smart contract transactions on-chain. And our point of view is not really about migration from old accounts or anything like that. We are working mostly with new accounts.
00:13:23
Agusx1211 (Polygon):But what we want to preserve is the flexibility to develop new functionalities on smart contract wallets. And what we want to gain is not having to maintain and develop around custom, like, vertical layer that is not a great, like.
00:13:43
Agusx1211 (Polygon):not a great participant in the whole stack. It's not decentralized, etc.
00:13:47
Agusx1211 (Polygon):M… So… From our perspective.
00:13:52
Agusx1211 (Polygon):any solution, we are big supporters of frame transactions as they are, mostly because they do allow for a full spectrum of development of new functionalities and things like that. If we go into something more constrained.
00:14:08
Agusx1211 (Polygon):what will likely happen for us is that we will just not use it, and we will keep, like, working on some of the previous standards.
00:14:19
Agusx1211 (Polygon):But… Frame transactions as they are is something that, like, will be very useful for our team.
00:14:37
lightclient:Hey guys. Just wanted to share a little bit of my perspective. I've shared it in…
00:14:43
lightclient:you know, many different contexts over the past few months, but if I could try to address one point that's been coming up a bit around the post-quantum side of AA and the frames transaction.
00:14:57
lightclient:You know, when we originally started with frames, we had a…
00:15:02
lightclient:A lot of conversations, like, what are we trying to achieve?
00:15:07
lightclient:there's a doc that I shared by Vitalik that, you know, kind of goes over many of the core goals that we had in mind with accounts abstraction.
00:15:16
lightclient:And at that time, you know.
00:15:19
lightclient:And even today, I feel like post-quantum is becoming something that everybody's realizing we need to start thinking about and focusing on.
00:15:30
lightclient:focusing AA and frame transactions a bit in this direction of post-quantum was good, because, you know, broadly, everybody feels this is a direction that we should be working towards and focusing on.
00:15:45
lightclient:And we know, as, you know, people who have been working on the protocol for a very long time, and people who have, you know, been working on account abstraction in different ways for, you know, 6, 7, 8 years, you know, we know all of the downstream effects that AA would provide, and it's very difficult to…
00:16:05
lightclient:You know, have these breakout rooms, have these, you know, long.
00:16:10
lightclient:running discussions about what the protocol should and shouldn't do, and, you know, how should they deliver accounts abstraction, how should they not? You know, we're all kind of seeing how difficult it is to define what accounts abstraction even is. You know, it's different for every single person, and it just depends on, like, where in the stack you're sitting.
00:16:27
lightclient:And so I felt like, you know, focusing a bit on post-quantum was a good rallying point for people, where we could say, look, it's not that we don't care about UX, it's not that we don't care about these other things, it's just that, like, we need to solve post-quantum, and we have this really good technology that does tons of other things at the same time that we've been working on for a long time.
00:16:46
lightclient:And, I don't know, maybe that was, like, kind of, like, the wrong initial approach.
00:16:49
lightclient:And some people have, like, you know, pushed back and said, do we really want to tie, you know, post-quantum to count abstraction? And it, you know, it's a question. I still think that, like.
00:17:00
lightclient:you know, broadly, this is the right direction for us. It's not the easy path to solving post-quantum, but it's a path that we understand pretty well at this point, and we just need to, you know, put in the work to achieve it, and to define the exact feature set that we're trying to, you know, achieve.
00:17:20
lightclient:And so, you know, through all these conversations, I've also kind of, like, realized that there's one, you know, other piece that's kind of in this original Vitalik doc, but, like, maybe wasn't, you know, communicated as clearly from the beginning with 8141.
00:17:35
lightclient:And that's something that I… you know, this is something that I think that most other proposals, you know, also don't really support. And the frames and the native AA proposals are basically the only ones that support it. And that's that, you know, we're trying to reduce
00:17:50
lightclient:the centralization around transaction flow in Ethereum. And we're trying to allow all users of Ethereum, you know, both ELA and smart accounts, to make use of new, you know, hardening functionality in the protocol, like FOCIL.
00:18:06
lightclient:And that's, like, you know, maybe something that we haven't highlighted quite as much in the past, but I think, like, going forward, it's something that we should be keeping in mind. Like, yes, we need to have batching, yes, we need to support key rotation, this is all, like, critical for accounts abstraction, but we need to make sure that we're doing this in a way that, you know, supports post-quantum.
00:18:25
lightclient:Supports post-quantum aggregation types of techniques.
00:18:28
lightclient:And reduces the reliance on centralized relayers.
00:18:32
lightclient:And so I think, like, this combination is kind of how we've come up to, you know, presenting the frame transaction. And, you know, some of the decisions of the frame transaction may not always be the most obvious of why these decisions are getting made.
00:18:44
lightclient:But all of this… all of these decisions are coming from, like, many years of experience across, like, you know, Felix Vitalik and I from the protocol, Derek from the wallet side, and then interacting with, like, you know, tons of people in the wallet community and the application developer community on understanding, like, what their needs are.
00:19:03
lightclient:So, that's kind of, yeah, how we've ended up, you know, from our perspective on the solution that we have.
00:19:16
Ben Adams:Yeah, so, I appreciate the flexibility of frame transactions, but, from
00:19:25
Ben Adams:my perspective on approaching it more pragmatically, and, what's practical in terms of… so, for instance, a frame transaction, you could, in theory, do a, like, a post-quantum signature, and then…
00:19:42
Ben Adams:In… in that, but at the moment, we don't have a way in the EVM of
00:19:49
Ben Adams:Efficiently running that.
00:19:51
Ben Adams:So, you know, like, Falcon would be, like, 2 million gas. Dilithium would be about 8 million gas transactions.
00:20:00
Ben Adams:So these, these are, like, heavy. I mean, even EDSA is…
00:20:05
Ben Adams:I don't know, it's like 100,000 gas or something?
00:20:12
Ben Adams:in protocol, as a precompile or native, then it becomes, you know, 3,000 gas. So it's orders of magnitude different.
00:20:22
Ben Adams:If it's running as… current EVM bike code. I know there were…
00:20:27
Ben Adams:proposals, which I'm not sure are currently active to do, like, EVM Max and FIMD to do efficient
00:20:36
Ben Adams:crypto… Cryptographic, processing.
00:20:41
Ben Adams:But I don't think they are active at the moment. I could be wrong.
00:20:45
Ben Adams:So I… my… my concern is that we would…
00:20:51
Ben Adams:Deliver something that, in theory, can
00:20:55
Ben Adams:Meet lots of needs, but in practice, would fall down.
00:21:00
Ben Adams:If you see what I mean. So if your… if your transaction, just to verify the signature is costing 2 million gas, you can only have 30 in the mempool.
00:21:10
Ben Adams:And you… that's the size of a block, just verifying those signatures.
00:21:16
Ben Adams:So for instance, scheme transactions would say, alright, well, we accept that we need currently, native.
00:21:26
Ben Adams:Processing for these, signatures.
00:21:31
Ben Adams:Rather than… you know, write it as raw EVM bike code when
00:21:37
Ben Adams:That would be extremely expensive to process.
00:21:43
Ben Adams:Yeah, it's more about practicality. Will it deliver?
00:21:48
Ben Adams:On the expectations in a practical way.
00:21:55
marc | wolovim:Thank you, Ben. Mustav?
00:21:58
Mislav:Yeah, hi everyone. On my end, I just wanted to basically reiterate, support, from my end for the frame transactions.
00:22:07
Mislav:Though the critiques are certainly valid, and by any means I'm not an expert in post-quantum cryptography. I think for what we've seen in the cases of existing AA teams and the use cases that we have been serving for the last
00:22:22
Mislav:2 or 3 years. Frame transactions luckily capture all of them in a very elegant manner. Even Derek made a proposal yesterday to access, like, some bits of,
00:22:35
Mislav:non-self state without hurting the mempool, etc. So I feel, as far as the coordination is going on the account abstraction teams, we can do a lot, and standardize a lot, through the frame transaction,
00:22:50
Mislav:through the frame transaction, proposal as it is right now, maybe with a few minor changes, and that's, yeah, that's definitely something I would…
00:22:58
Mislav:give it as a big plus, because, you know, like, it's always been notoriously difficult to coordinate in the AA community, and yeah, frames have actually managed to achieve that in quite a significant way, so I think that's a very big plus.
00:23:16
marc | wolovim:Thank you. Press switch.
00:23:26
prestwich:The things I think are most important for native AA to accomplish are transaction batching and permanent key invalidation.
00:23:34
prestwich:You need to be able to permanently invalidate the credentials of an account.
00:23:41
prestwich:Frame transactions accomplish these in…
00:23:45
prestwich:reasonable, but fairly complex ways. They require an awful lot of wallet rollover.
00:23:55
prestwich:you know, I think that simplifying implementation is the other main thing native AI should accomplish. I don't think that…
00:24:03
prestwich:Future compatibility for unspecified aggregation systems, or for…
00:24:09
prestwich:Other unspecified future cryptographic systems is important.
00:24:17
marc | wolovim:I appreciate that. We're gonna wrap up here, but Chris, are you able to…
00:24:23
marc | wolovim:Speak quickly on this topic?
00:24:25
Chris - Base:Yeah, I can go… try to go super quick, but, like, I think, you know, in summary, I think, you know.
00:24:34
Chris - Base:Teams have different kind of opinions on, like.
00:24:37
Chris - Base:What's important based on, you know, if their wallet, if they've run protocols, etc, like, and…
00:24:44
Chris - Base:frame transactions, like, you know, I think
00:24:48
Chris - Base:speak to the ethos of Ethereum, like, being uncensorable.
00:24:52
Chris - Base:And compatibility with FOCIL, like, that's all…
00:24:56
Chris - Base:You know, super powerful and whatnot, but…
00:24:59
Chris - Base:I do think, like, I hear a lot of feedback from, you know, wallet teams, it's like, well.
00:25:03
Chris - Base:again, I think the only feature they do want is, like.
00:25:06
Chris - Base:So the ERC20 gas payment, and then a few signature types.
00:25:11
Chris - Base:And that, you know, that seems to be, like, you know, roughly it. So, I think there's,
00:25:20
Chris - Base:a bit of overhead being paid and, like, the complexity of frame transactions for, like, maybe future features that we may not necessarily use. And that's the, you know, I'm just trying to, like, aggregate some of the feedback, that I've gotten as well, just on, you know, why teams aren't… don't want to do, A141.
00:25:39
Chris - Base:I think, like, everything else has kind of been said. And then, like, in general,
00:25:47
Chris - Base:8130 is, like, just trying to address some of the performance issues while still being general, but more…
00:25:55
Chris - Base:defined in certain sense, so it's not quite as flexible, like, the frame ordering is… Sorry, the ordering of, like, what you can do and what you can call is explicit to try to make, things easier for protocol and denial of service risks and whatnot.
00:26:09
Chris - Base:But all those, like, things have to be considered as…
00:26:12
Chris - Base:Like, obviously 8141, and, like, AA in general touches, you know, pretty much the entire stack, from protocol, right, to wallets, to, like, UX to everything, right? So…
00:26:22
Chris - Base:Yeah, just to add that.
00:26:26
marc | wolovim:Great, thank you, and that's, maybe a good transition as well.
00:26:30
marc | wolovim:maybe my parting thought on this topic is that I don't think it's reasonable to expect consensus on this topic.
00:26:37
marc | wolovim:Yet, it is very valuable to hear what's important and what's at stake for different users of Ethereum.
00:26:43
marc | wolovim:Let's transition here to the, proposal updates section. So, for each, proposal, I welcome the authors to
00:26:55
marc | wolovim:catch up… catch us up on developments from, let's say, the past month or so, because it was, maybe three-ish weeks ago, where the last debate of account abstraction or
00:27:09
marc | wolovim:These… this set of proposals occurred.
00:27:13
marc | wolovim:And I know there's been a lot of activity since then.
00:27:17
marc | wolovim:I'll leave the floor open, does anyone,
00:27:20
marc | wolovim:Does anyone want to step up to…
00:27:22
marc | wolovim:Provide some updates for the proposal they are an author for.
00:27:29
Derek Chiang | ZeroDev:Oh, I think I can probably, like…
00:27:31
Derek Chiang | ZeroDev:give some updates on the firm's side. So…
00:27:36
Derek Chiang | ZeroDev:I think based on what everyone has said, it's clear that there are two competing…
00:27:42
Derek Chiang | ZeroDev:I guess, goals of AA that, I guess are pushing some of the Yazis, you know, EIPs in different directions, right?
00:27:51
Derek Chiang | ZeroDev:So, one thing that people want, is flexibility, right? You know, people want to, for example, be able to.
00:27:58
Derek Chiang | ZeroDev:originates transactions from privacy protocols, right? So that will save users of privacy protocols from having to rely on centralized relayers. So that's, like, one example of the larger goal of
00:28:11
Derek Chiang | ZeroDev:Flexible validation logic. But then on the other hand, you also hear people who want to have.
00:28:17
Derek Chiang | ZeroDev:essentially predictable performance when it comes to the mempool, right? So people want to be able to validate transactions very cheaply, without necessarily having to chase through a very large transaction, right? And that's also true for L2s, right? You know, so that's why Chris from Base
00:28:33
Derek Chiang | ZeroDev:mentioned that, some L2s, they, you know, they also want that, right?
00:28:38
Derek Chiang | ZeroDev:So one update, you know, so, and by the way, like, that's actually been the top priority, within, kind of like, the firm's author group, which is to adjust this dichotomy, right? You know, like, the, kind of like the tension between flexibility and performance. So, one solution that we, worked on, I actually posted a PI in…
00:28:57
Derek Chiang | ZeroDev:the AA Mafia, you know, yesterday. Basically.
00:29:02
Derek Chiang | ZeroDev:It's this idea of allowing, friends to be structured such that the payment, the payment frame.
00:29:10
Derek Chiang | ZeroDev:can come before the sender validation frame. So, normally for every transaction, obviously, like, no one pays gas unless the sender signature is valid, right? Because if the sender signature is invalid, then obviously this transaction should not be authorized, and therefore no one pays gas, right?
00:29:29
Derek Chiang | ZeroDev:But since frames kind of, like, decouples the authorization from the ordering, right, you know, because you can order firms in any way, we're actually able to allow, I guess, people to approve the payment of a transaction
00:29:43
Derek Chiang | ZeroDev:before the validation of the sender signature. So what this does is that, if a member pool sees a friend's transaction where the payment is authorized first, then they actually do not have to check
00:29:57
Derek Chiang | ZeroDev:they do not have to validate the sender logic. So what this means is that, for example, today, if you want to send a, a privacy, you know, a transaction originated by a privacy protocol.
00:30:10
Derek Chiang | ZeroDev:that may be hard to propagate through the public manpool, because the privacy protocol validation might take a lot of guess, right? But with this change, as long as you can find another sponsor for your transaction, which can also, by the way, be one of your other wallets.
00:30:24
Derek Chiang | ZeroDev:Then the mempool just has to validate the payer signature. The mempool doesn't have to validate the sender signature. So that's essentially one way for us to achieve very predictable performance in the mempool.
00:30:36
Derek Chiang | ZeroDev:wire still allowing arbitrary, sender validation logic. So, I think that's, like, a really, sort of, like, noteworthy update that is currently being worked on for friends.
00:30:51
Derek Chiang | ZeroDev:Yeah, not sure if there are any questions, or if maybe Matt or Vitalik want to add anything.
00:31:20
marc | wolovim:Okay, thank you. Ben?
00:31:24
Ben Adams:Yeah, so I added, I tightened up the spec for frame transactions a little bit, and that's been merged.
00:31:32
Ben Adams:But also… So they, added two more EIPs, which are, Contact contract payer transaction.
00:31:48
Ben Adams:And the idea… so… You'd have something… Else that would handle,
00:31:56
Ben Adams:Changing the cryptographic keys in terms of what you're signing with, which
00:32:02
Ben Adams:would be schemed, but I think there's a number of other EIPs for that.
00:32:08
Ben Adams:And so if we divorce that, from…
00:32:15
Ben Adams:From the system, then the idea with
00:32:18
Ben Adams:The contact payer transaction is… it would be, like, one-to-one, so a contract would say, I accept.
00:32:29
Ben Adams:I am the… I am the… I am owned by this signer, so your, your… the EOA effectively becomes a signer.
00:32:40
Ben Adams:the Memple could go, okay, does this contract have enough ETH to pay for the transaction? And it becomes a very light way to verify it.
00:32:49
Ben Adams:Rather than having to invoke the, EVM.
00:32:54
Ben Adams:And then… Also, there was the counterfactual transaction.
00:32:59
Ben Adams:Which is a similar thing.
00:33:03
Ben Adams:But you can validate that a privacy pool could pay for the transaction. What's being withdrawn… you prove that what's being withdrawn from the privacy pool can cover the transaction gas, so those are the two others. But it's,
00:33:18
Ben Adams:So the combination of the EIPs is more unbundling than Frame, which is a different kind of layering.
00:33:32
Ben Adams:I… I'd highlight a difference in the sponsorship,
00:33:37
Ben Adams:So the contact payer transaction is essentially one signer to one vault. The signer can have, like, many assets, many contracts that approve them.
00:33:52
Ben Adams:you could sign, you know, you could say, I'm using this smart contract. You'd essentially do two, and the… the smart contract, because it's a smart contract, can do batching and all that sort of stuff, so that's… that's fine. But it wouldn't do what Frame Transactions does, where you could
00:34:12
Ben Adams:have a difference between… I could be sponsored by somebody completely different, you know, that could be disconnected. It would be like.
00:34:22
Ben Adams:You… you can be sponsored by your assets, which are in a different account, not…
00:34:28
Ben Adams:Some third party can do it.
00:34:36
Ben Adams:Buddy, you can… Through that, you can achieve key rotation and all that.
00:34:41
Ben Adams:Stuff as well, because you change who the signer key is for…
00:34:46
Ben Adams:For that vault. And then the assets are now at a different address.
00:34:51
Ben Adams:And the identity would be associated with the smart contract, because that's the thing that contains everything.
00:34:57
Ben Adams:So that would have your… You know, you're…
00:35:00
Ben Adams:ENS names, your positions on Aave, or… or whatever.
00:35:07
Ben Adams:So it just sort of inverts everything.
00:35:11
marc | wolovim:Cool, thank you, Ben.
00:35:13
marc | wolovim:If we've got time for it,
00:35:15
marc | wolovim:there are sub-bullet points for privacy and adoption strategy. Some of this is, good debate to occur there as well.
00:35:27
marc | wolovim:last EIP on my radar. I know Frederick was interested in saying a couple words about, 7906, which is…
00:35:35
marc | wolovim:Compatible with, frame transactions?
00:35:39
marc | wolovim:Frederick, do you want to jump in?
00:35:43
Fredrik:Yeah, to give you a bit of a background, so during the outreach of the trillion dollar security project, we asked
00:35:51
Fredrik:basically hundreds of people and entities for feedback on areas, that they felt we should focus on to help onboard the next billion users. And…
00:36:02
Fredrik:There was one thing that was always brought up as one of the most problematic factors for mass adaptation, and that was the amount of hacks that people fell victim to, primarily to things like drainers and phishing attacks and other things.
00:36:18
Fredrik:It's obviously a problem here when someone do lose their funds, on, like, in its own.
00:36:29
Fredrik:But then, this is amplified by quite a lot, when, you know, they will naturally tell their friends, their family, colleagues, etc, about what happened. And that kind of creates this negative spiral.
00:36:43
Fredrik:We have been looking into ways to fix this, and there's no, like, silver bullet to fix this, but, you know, there are projects such as
00:36:53
Fredrik:Clear signing being worked on that would help people more easily understand what they're signing. There are verifiable frontends that help provide the ability to wallets to
00:37:06
Fredrik:display warnings if a front end that people are interacting with has been compromised in any way. And then there's transaction assertions, which is, yeah, I guess the topic here.
00:37:19
Fredrik:So, you know, today, if you use a wallet, normally what it will do is simulate what you're about to sign, and you can see that it looks like this is gonna happen. But a simulation is…
00:37:35
Fredrik:Just a simulation, so it's not, you know, binding.
00:37:39
Fredrik:And the real issue is not…
00:37:42
Fredrik:Like, if the intended action happens, but…
00:37:48
Fredrik:I mean, that's not the only issue, it's also if any extra side effects happen that the user never approved.
00:37:54
Fredrik:And that can be, for example, you know, you think that you're gonna get a NFT by doing this transaction, which you might get, but you also approve a spender… a malicious spender address on your USDC, for example.
00:38:11
Fredrik:And then, so transaction assertions, they basically solved this by letting the user approve.
00:38:19
Fredrik:what could be called an envelope of effects. Basically, execute this specific thing, but then revert your transaction if the actual outcome goes outside of this policy.
00:38:33
Fredrik:We've been discussing many ways of doing this,
00:38:39
Fredrik:But I think this fits very naturally into frame transactions, because frames already separate the execution into stages, so, you know, frames can give us the structure, and then assertion can give us the safety policy at the end.
00:38:58
Fredrik:we've been thinking about different ways of doing this. It's been, I guess, discussed in various forms for, like, a year or so, maybe even more. We had a big… a fairly big breakout at DevConnect about this as well, discussing the pros and cons of
00:39:16
Fredrik:For example, one idea was to have a new transaction type,
00:39:22
Fredrik:Which was then, kind of, shelved after discussions.
00:39:27
Fredrik:And then, basically the…
00:39:30
Fredrik:the best approach seems to be to have an opcode. So, there's an EIP for this, 7906, which basically helps fix this.
00:39:45
Fredrik:The next step here is basically to create a proof of concept that this works, some kind of a demo playground that shows, you know.
00:39:58
Fredrik:This is what would happen during a malicious transaction with 7906. This is, you know, how it would be stopped, basically.
00:40:08
Fredrik:And then, create some tests and such, so we can hopefully be included in a future hard fork.
00:40:19
Fredrik:Something I did want to bring up is that I saw that eTrex made this,
00:40:25
Fredrik:cool them implementation of transactions, and yeah, perhaps…
00:40:30
Fredrik:We can chat later about doing something similar to this to show, basically, how 7906 ties together with the frame transactions and provide the ability to prevent these kind of attacks from happening.
00:40:43
Fredrik:Alex is the author of 7906. I think he's in the call. I think I saw him, at least, at one point. I don't know if he wants to say something.
00:40:57
Alex Forshtat:Yeah, hi, everyone. Thank you very much for, the interest, and yeah, I would, love to cooperate with Ethrex on the demo, like, thought, about it for…
00:41:09
Alex Forshtat:quite some time, and, yeah, it's, it's a very strong primitive to be able to provide, the, like, negative, assertions, like, and negative conditions for…
00:41:21
Alex Forshtat:per transaction, it plays very well with frame transaction, doesn't necessarily require frame transaction as an opcode. You can…
00:41:30
Alex Forshtat:done in… In parallel, yeah, I guess that's it, I,
00:41:38
Alex Forshtat:If anyone has any questions, I'd also be happy to answer.
00:41:43
marc | wolovim:Thank you both. Tomas has a hand up.
00:41:47
Tomás Arjovsky | Lambda | Ethrex:Hey, no, just a quick clarification from the Ethrex team. Aside from the demo, we have also implemented a small DevNet. It's running on one server, so it's nothing to prove on low tests or high scale, but if you want to try, give some RPC requests to some running nodes, we already have them. We can send you the links if you want.
00:42:07
Tomás Arjovsky | Lambda | Ethrex:And there's also a faucet, and there's a couple of contracts for a Paymaster example, and a gas sponsor example that can be used to test, how frame transactions work. So yeah, let us know if that's something that you'd be interested in testing.
00:42:26
marc | wolovim:Excellent, thank you.
00:42:28
marc | wolovim:So I see we've got plenty of follow-up questions in chat. I think that's a good thing. I will acknowledge we will not be able to go down each of those rabbit holes here. We've got about 20 minutes remaining in the call, so I'll suggest we move to the
00:42:44
marc | wolovim:the next section, which is… there are many more rabbit holes here as well. We're definitely not going to be able to get very deep into any of them, but hopefully we can make enough progress to identify
00:42:57
marc | wolovim:For example, next steps, or whatever open questions exist that need to get answering… are answered before we can move forward.
00:43:07
marc | wolovim:So, next section is compatibility discussions, or these are just a series of considerations. I've heard the most noise about people wanting the most clarity, or asking for the most clarity about
00:43:21
marc | wolovim:For any of these given, proposals.
00:43:27
marc | wolovim:there's… at the risk of, choosing the wrong thing to focus on first, I'm…
00:43:34
marc | wolovim:gonna take the order that exists there. The first one is adoption strategy, so…
00:43:39
marc | wolovim:quick context is, this is one of the categories of concern for any Native AAA proposal I've heard, is essentially how do we ensure adoption reaches critical mass in a timely manner?
00:43:52
marc | wolovim:There's a lot to dig in here, like how opinionated are patterns within the proposal, how much work and risk is there for wallets or app developers.
00:44:04
marc | wolovim:Would anybody like to… to…
00:44:08
marc | wolovim:Try to describe the state of… of… of how you're thinking about your proposal and
00:44:15
marc | wolovim:Rolling it out effectively to the world, or what questions you have that maybe some others on this call can help answer.
00:44:28
marc | wolovim:David's got a hand up.
00:44:31
david:Yeah, it's David from Trust Wallet. Actually, some of the arguments that I have been, seeing regarding, like, A141 was
00:44:44
david:And I think, like, from a wallet developer perspective, it actually does take a lot of effort, too.
00:44:52
david:have, like, some of these fundamental level shifts as a wallet. Like, we need to audit our SPAR contract, like, and then, like, our front-end layer, how we have, like, the bundler, paymaster, or, like, the relayer systems. So, from a wallet perspective, having these types of updates actually do take a bit of time.
00:45:11
david:However, if we have a look into the data today, there is, like, nearly, like, 100 million weekly 7702 transactions, actually not there, but close to. And trustwall also have been seeing, like, meaningful traffic, leveraging these.
00:45:28
david:And also a lot of wallets, use these techniques to somehow make it more automated.
00:45:35
david:So, I believe that it will be somehow in line with a one-for-one. Like, in my personal opinion, it wouldn't be, like, extremely drastic as soon as things get merged.
00:45:48
david:But wallets actually look into the opportunities of how we can, like, really automate or make wallets smarter, and then they work on these, and then by the time they're, like, confident enough through multiple rounds of security audits and development, it actually gradually gets rolled out to the users.
00:46:08
david:So, from that perspective, having these foundations, I actually, believe will be a big plus.
00:46:15
david:And ultimately, like, a way that, like, the consumer wallets potentially would be willing to go.
00:46:22
david:But there will need to be a bit of time buffer, because there needs to be a lot of preparation for those.
00:46:30
david:And also, one of the reasons why I think this A141, this needs to be merged, or potentially something that could do these merged in a timely manner, is because, like, wallets also are transitioning from more of a passive helper.
00:46:47
david:into a more automated solution at an ecosystem level. And then if we actually do not have some things to support these.
00:46:57
david:at the protocol level, each wallet or each solutions will come up with their own ways, like, basically their own private, really, networks to just automate their wallet experience. And actually having something like a 141 will…
00:47:13
david:create a more, on-chain, verifiable way of how wallets actually end up building your automation solutions. So, yeah, those are just my two cents as a wallet developer.
00:47:32
marc | wolovim:Carlos, is this, maybe I'm confused by your question in chat. Is this related to adoption concerns?
00:47:43
marc | wolovim:Okay, if it were stateless or mempool, or…
00:47:47
marc | wolovim:Something else, those… those we can tackle next?
00:47:56
Derek Chiang | ZeroDev:Oh, yeah, sorry, I just wanted to speak, kind of like… I just wanted to comment on what David said. You know, I think, really, really, really truly agree with what David said. I mean, honestly, TrustWallet's obviously one of the top adopters of AA, right? You know, they adopted
00:48:10
Derek Chiang | ZeroDev:7702-4327, you know, so I trust their experience a lot. You know, so I think, like, our experience at Zero Dev has been very similar in that, the three core adoption…
00:48:22
Derek Chiang | ZeroDev:sort of, like, roadblocks to AA, in my opinion, are, one, you have to audit smart contracts, right?
00:48:33
Derek Chiang | ZeroDev:you have to rely on relayers, right? You know, like, if you want to take advantage of the gas abstraction features. And the third one is that smart accounts do not work as reliably across chains
00:48:47
Derek Chiang | ZeroDev:as EOAs do, right? So I think, like, David mentioned point 1 and 2, and I just want to emphasize 3 as well, right? And so that's why, like, for firm transactions, we're actually trying really hard to adjust all three core adoption barriers. So for, the need to audit smart accounts.
00:49:06
Derek Chiang | ZeroDev:We are solving this in two ways. So one is that firm transaction just natively supports EOAs. Like, EOAs just work. You don't have to, like, order new smart contracts for it to work, right? Like, EOAs will be treated as if they have… are running a default smart accounts.
00:49:22
Derek Chiang | ZeroDev:Which is obviously, you know, guaranteed by the protocol in terms of security. And, you know, so even EOAs can start doing things like batching, you know, getting guests sponsored, paying guests in yes-20 tokens and whatnot, right?
00:49:34
Derek Chiang | ZeroDev:So that, so this one. The second way we are addressing this, which, you know, we are still working on, is basically defining a set of, what we call, canonical verifiers. So these are basically smart contracts, like, very minimal smart contracts, that wrap
00:49:51
Derek Chiang | ZeroDev:existing precompiliers, such as, you know, EC Recover and P256 Verify.
00:50:00
Derek Chiang | ZeroDev:So these are essentially smart contracts you can use.
00:50:04
Derek Chiang | ZeroDev:you can compose with your smart accounts to, to leverage new signature algorithms, right? You know, so, so again, you know, we hope that we can take away the burden of auditing the most obvious, sort of, like, authentication path.
00:50:20
Derek Chiang | ZeroDev:from the wallet developers, right? And then on the second point of, relayers, you know, NativeA, of course, solves that problem, because with NativeA, you don't need relayers, you know, that's kind of, like, the whole point.
00:50:31
Derek Chiang | ZeroDev:And then on the third point of.
00:50:33
Derek Chiang | ZeroDev:compatibility across chains. That's actually, like, the trickiest part that's, we are trying to solve right now, because, again, you know.
00:50:42
Derek Chiang | ZeroDev:from talking to L2s today, including base, Arbitrum, and whatnot, there are definitely, like, some concerns over, kind of like, with native AA,
00:50:50
Derek Chiang | ZeroDev:how they can achieve predictable performance and cost when it comes to validating transactions. So, yeah, you know, so I think that's, to me, like, the largest outstanding unknown here, you know, which is basically, like, whether we can convince, all the L2s, at least all the leading L2s, to
00:51:08
Derek Chiang | ZeroDev:support some kind of native AA, right? You know, so I think that's the… yeah, that's my view on, you know, on this topic.
00:51:17
marc | wolovim:Thanks. Follow-up question, is there…
00:51:21
marc | wolovim:What is progress on those discussions already?
00:51:27
Derek Chiang | ZeroDev:You mean the discussions with, L2s?
00:51:31
Derek Chiang | ZeroDev:Yes, yes, we are actually…
00:51:34
Derek Chiang | ZeroDev:you know, group chat with, base and Arbitrum. Obviously, if there's OP folks in here, please join as well. And yeah, you know, so I would say the discussion's ongoing, you know, but I wouldn't say that any consensus has been reached, but I don't know if Chris wants to speak from his perspective.
00:51:56
Chris - Base:Yeah, I wouldn't say consensus has been reached,
00:52:00
Chris - Base:I think, yeah, things are still in flux in development and whatnot.
00:52:08
marc | wolovim:Okay, are there any clear next steps that can be spelled out here?
00:52:22
Derek Chiang | ZeroDev:I think, from my perspective, yeah, just, like, keep working towards the consensus, with the L tools, seeing if there's, like,
00:52:30
Derek Chiang | ZeroDev:we can get firms to a specs where they feel very comfortable supporting. That's what I'm hoping we can get to, you know.
00:52:47
marc | wolovim:Keeping an eye on the clock. There's only 12 minutes here left, so we are definitely not making it all the way through.
00:52:55
marc | wolovim:Are there any of these other, bullet points that can be tackled quickly, whether it be the current state of thinking on mempool implications, statelessness, compatibility, or privacy? Ben, go for it.
00:53:10
Ben Adams:Yeah, so I have a concern of any transaction type that needs to
00:53:16
Ben Adams:In fact, the EVM, in terms of… First…
00:53:23
Ben Adams:If it's pushing the cost… the base cost of a transaction up to, you know, 10 times what it normally is.
00:53:31
Ben Adams:Then… that might not be practical. And also, if,
00:53:39
Ben Adams:If they all have to be run in the mempool, that again is a problem, so…
00:53:44
Ben Adams:Essentially, the mempool is going to be processing you know, like… A hundred times the number…
00:53:52
Ben Adams:the amount of gas that would go in a block. It seems like now we're… we're in a situation where we wanna… we wanna put more transactions through the block, but we're…
00:54:02
Ben Adams:Forcing the validators into,
00:54:07
Ben Adams:spending all their, all their CPU on, processing transactions that aren't paying for anything.
00:54:16
Ben Adams:And so that's some of my concerns.
00:54:21
marc | wolovim:Before we go to Carlos, would anybody like to quickly respond to Ben's point?
00:54:38
Ben Adams:I mean, it… To… to be very specific, if… if…
00:54:43
Ben Adams:all the transactions now cost 10X on their… on their base, then we've, like, drop the…
00:54:51
Ben Adams:What can be included in that quite significantly, also.
00:55:04
lightclient:I guess I don't really understand fully the issue here.
00:55:09
Ben Adams:If you're validating signatures in the, in the… In the block and mempool.
00:55:18
Ben Adams:Using EVM instructions.
00:55:25
lightclient:Right, but why is this such an issue? Like, we already expend compute.
00:55:32
lightclient:It's just a different type of compute to validate the transaction.
00:55:37
lightclient:Apparently inefficient about these things?
00:55:41
Ben Adams:Well, because the… at the moment, we use the EC Recover precompile.
00:55:46
Ben Adams:Which is… If you write EC Recover in EVM bike code, it is significantly more expensive.
00:55:55
lightclient:Oh, well, we're not proposing people do that, though. Like, people will use the precompiles for…
00:56:01
lightclient:Most of their cryptographic needs, and it's just a matter of some…
00:56:06
lightclient:You know, interpreter functions to push and pop data to get in the correct form to submit to the cryptographic precompile.
00:56:14
Ben Adams:Okay, so then you'd have to introduce… The signing schemes as, that's pre-compiled.
00:56:26
lightclient:I mean, did we ever say that we would not be?
00:56:29
lightclient:Introducing… Designing schemes discrete precompiles?
00:56:34
Ben Adams:I think so from that document, Jared, it's like the walk-away test, it could be automatically upgraded without
00:56:42
Ben Adams:Or devastating anything. So that would… imply that… Oh, we've got a new…
00:56:49
Ben Adams:quantum signature we want to do, so we'll… someday can write a contract that verifies that… for that.
00:56:55
Ben Adams:Will be a massive expense.
00:57:00
vitalik:Yeah, so, like, one example is that any, hash-based signature algorithm, like, that definitely can be done without any precompiles, because the, like, the acceleration that matters is, already done in the existing hash precompile, right? And, you know, there is overhead in the sense of needing to, like, take
00:57:24
vitalik:a hash output and put it back into a hash input, but if you, like, kind of do the EVM math, it's, like, less than, like, 1.3x or something, right? I guess, like, two other big categories of examples of this that count. One of them is that, you know, with this,
00:57:42
vitalik:possible vectorization precompile, you will, be able to
00:57:48
vitalik:do, handle a large volume of, different lattice-based schemes that have different, different nuances and, different parameters, and there again, basically, yeah, what's going on is that the expensive object is being wrapped in a precompile, but, not the, sort of…
00:58:11
vitalik:customizable glue around it. And then probably a third example is, like, even if you do have a precomp… like, even if we do have to have a precompile for each
00:58:21
vitalik:individual algorithm, like, that's…
00:58:24
vitalik:still better than, having it be a, an account type, and, one of the big reasons why is because it's composable, right? Because, like, if it's in the form of a precompile, you can combine it together in a multisig, you can combine different schemes, you can have hierarchical multisigs, you can, mix and match things in
00:58:47
vitalik:whatever… in whatever format, that you want. So I would say, like, those are the…
00:58:53
vitalik:Big… big situa… Situations in which it's, an in… like, there's an actual improvement available over having, like, types for each individual thing you want to do.
00:59:14
marc | wolovim:In the interest of time, we've got 5 minutes left here, I'll suggest we have…
00:59:20
marc | wolovim:Carlos, Tomas, and Presswich.
00:59:22
marc | wolovim:Carlos, you've been waiting patiently, so the floor's yours.
00:59:29
CPerezz:Thank you. I'll try to be quick. So, we have discussed a lot, like.
00:59:36
CPerezz:AA, and the flavors of AA, and the different ideas, and all that stuff, but I think that's another big discussion, which, I mean, I'm not sure to which extent wallets and LTOS want to actually give input, or really have any interest, I don't know, whatever, but certainly, we are putting a lot of effort in on other areas of the protocol, like,
00:59:59
CPerezz:having CK validation and statelessness and stuff like that. And we have already seen that this is quite conflicting, depending on the flavor and the strategy that we go for in frames.
01:00:13
CPerezz:So, at the beginning, Frames was set to go for Strategy 2, which, that basically translates into you only can have sponsorships of ETH,
01:00:22
CPerezz:but not ERC20s. But seeing what wallets and Ltos say they want, it's clear that this is not gonna be enough.
01:00:33
CPerezz:So that basically only gives two options. One is we force every single node to hold all ERC20s.
01:00:42
CPerezz:Or the other one is we have a whitelist of VRC20s, which to me sounds crazy, but whatever. I mean, it can be done, of course. And…
01:00:52
CPerezz:I'm not sure if there's any kind of preference or idea, or wallets care about that or not, but that's certainly, from a protocol perspective, having this whitelist, although I don't like it, would be for sure the best trade-off.
01:01:07
CPerezz:Because otherwise, what we're saying is, every single node is gonna be forced to hold mostly two-thirds of the state already.
01:01:15
CPerezz:So once EKBM or any sort of statelessness lands, and people drop the state, that's gonna be a huge requirement, and therefore, we will lose a lot of member pool health, if not all of it.
01:01:27
CPerezz:So, my question to the authors, is basically, what kind of strategy are we going for? Because it clearly seems that we are not going strat 2.
01:01:37
CPerezz:And if… what's the approach gonna look like? Meaning, are we going for everything that wallets ask for, and then cutting down, based on how
01:01:49
CPerezz:crazy or hard, or the consequences on other parts of the protocol we observe, or are we going minimal to start, and then adding features as long as we agree on the trade-offs? Like, what is the approach, and how do we discuss that with wallets and stakeholders? Because it's not clear to me at all.
01:02:15
Tomás Arjovsky | Lambda | Ethrex:Hey, so a couple of things. I mostly wanted to answer a couple of comments by both Ben and Carlos. So, Ben mentioned a couple of minutes ago the problem with precompiles. I don't think that the frame transactions idea is inherently against precompiles.
01:02:32
Tomás Arjovsky | Lambda | Ethrex:I think that it just opens the way to either use them or not, and in the future, you can just add a new precompile if you really require it, and that wouldn't be an issue, because you just don't need to have a new transaction type for that.
01:02:46
Tomás Arjovsky | Lambda | Ethrex:That on the one hand, and if you don't, then it's even more seamless. Regarding Carlos, I won't be able to answer the part regarding statelessness. I think that's an interesting topic of discussion, but regarding the strategies, I'm not familiar with the numbers of the strategies.
01:03:05
Tomás Arjovsky | Lambda | Ethrex:But I think that you can have a ERC20 sponsorship without necessarily having that either centralized or pre-whitelisted. I think that
01:03:15
Tomás Arjovsky | Lambda | Ethrex:we can have different paymasters, and paymasters can have their own list of supported ERC20s. And if you have something like that, you don't have to have anything protocol level, but you still can have some level of control by each of the paymasters, on what are the ERC20s that they trust. So I think that that is something that
01:03:39
Tomás Arjovsky | Lambda | Ethrex:In itself could be in the direction to solve this issue.
01:03:46
marc | wolovim:Great. Press switch, and then I'll close this out.
01:03:51
prestwich:So, through the call, we've talked about a bundle of features that Frame should provide.
01:03:58
prestwich:transaction batching, ERC20 paymasters, gas abstraction, etc, post-quantum.
01:04:07
prestwich:But it seems like a lot of those are…
01:04:10
prestwich:unfinished. Like, we've been talking about, just now, ideation on how to handle ERC20s safely.
01:04:18
prestwich:So, that feedback frame provides, we're not confident it provides it yet.
01:04:25
prestwich:And in chat, we've been talking about post-quantum.
01:04:29
prestwich:Frames don't provide that. We need follow-on EIPs for precompiles for specific signature schemes, we need follow-on EIPs for what ECE Recover does.
01:04:40
prestwich:afterwards… You know, frames don't provide some of the things that they are supposed to provide… yet.
01:04:52
prestwich:Do we want to do this if we're still in ideation on a lot of the benefits?
01:05:21
marc | wolovim:And then we're… we're done here.
01:05:25
Nico C:Yeah, on the… Post quantum stuff, I think the question…
01:05:33
Nico C:are, like, the two options are basically hash-based or lattice. Hash-based, we don't need to pre-compile, and Lattice, we will probably
01:05:42
Nico C:find a way to have the generic precompile that Vitalik described.
01:05:47
Nico C:So, like, this part is done.
01:05:50
Nico C:EC DSA deactivation and EC recover is kind of independent from Frame. Like, if you take this in any scenario, we would have to do it.
01:06:03
Nico C:So yeah, the only remaining question, I feel, is the stateless part, and I think it's,
01:06:11
Nico C:Like, probably something that… Can be where, like…
01:06:16
Nico C:Defined in the next few weeks?
01:06:21
Nico C:3 quarters until we actually ship this. So, yeah, I think it's kind of fine.
01:06:27
Nico C:But yeah, the post-quantum stuff, and the ACDSA deactivation, and…
01:06:32
Nico C:AC recovery modification, I feel like, yeah, it's… it's… Either independent or, done anyway.
01:06:44
marc | wolovim:Okay, thank you, everybody, for, for coming, participating.
01:06:49
marc | wolovim:And, going deep in the chat. Hopefully this is…
01:06:53
marc | wolovim:helpful for at least illuminating what important next questions need answering. And, I'll work to get this up on forecasts, but I encourage others to, don't wait for
01:07:06
marc | wolovim:for that to happen before, figuring out next steps for yourselves.
01:07:12
marc | wolovim:We don't have a date for the next one yet, but we'll announce, if and when we do. So,
01:07:21
marc | wolovim:Catch you in the usual channels.
01:07:23
marc | wolovim:Thanks for coming, everyone.

Chat Logs

00:07:35
marc | wolovim:https://github.com/ethereum/pm/issues/2018
00:11:36
Chris - Base:I'll need to add 8130 to next AA schedule - found out about this meeting too late unfortunately
00:11:53
marc | wolovim:Replying to "I'll need to add 813..." You can still give a quick update if youre up for it
00:11:58
lightclient:this is a nice post by V about many of the core goals we have been focusing on https://docs.fileverse.io/0xd961b83d3421bddec9d8966efabf13800617cfea/10#key=Z-XeQk6mE7uZX9Q2ZbqWkiniYi9IZ1oSbd_2vPFyt26S7Kf8gO_UHpLJ936--lp8
00:13:37
lightclient:this is a good post too, sharing many of the ux/wallet features that AA wants to support https://hackmd.io/@FJJgNqPTR2WeGoYk6_URNA/S1dAiErT-l
00:14:35
lightclient:this is AA btw [Full message cannot be displayed on this version]
00:18:56
prestwich:PQ aggregation should be a non-goal, as the crypto is certainly nowhere close to ready
00:19:55
lightclient:we should be able to support it in theory in the future
00:20:11
prestwich:that should be a non-goal, as we don’t know what “being able to support it” means
00:20:19
Nico C:SPHINCS- with keccak is 200K gas
00:20:27
Danno Ferrin - Tectonic:We will need precompiles for crypto primitives, I don't think we will get away from that.
00:20:32
prestwich:Replying to "that should be a non..." we don’t know what “it” is. how can we support it?
00:20:32
Doris Hernandez | Functor:Just to clarify - the only way to upgrade existing EOAs to use Frame tx will always be with the 7702.
00:20:41
marc | wolovim:In the interest of time, will wrap up this prompt after Ben -> Mislav -> prestwich Proposal authors can speak to latest updates next
00:20:52
lightclient:it means people can’t introspect the signature data because obviously that will not allow ppl to remove the signature in the future for aggregation
00:20:57
Derek Chiang | ZeroDev:Replying to "Just to clarify - th..." Frames natively support EOAs. Check the “default code” section of the spec
00:21:01
Nico C:So 2$ right now during the Defi drama ! (not free) but certainly not out of range
00:21:17
marc | wolovim:Replying to "In the interest of t..." Thoughts still welcome via text/links in chat here though
00:21:20
Jeevan:Replying to "We will need preco..." yes along with , crypto agility built in the ystem natively
00:21:24
Doris Hernandez | Functor:Replying to "Just to clarify - th..." Ahh this is what you added right.
00:21:30
lightclient:you can send infinite invalid 10 MB txs in the mempool today
00:21:33
CPerezz:Replying to "We will need precomp..." That will hurt the ZKEVM folks significantly
00:21:42
CPerezz:Replying to "We will need precomp..." As they are trying to get rid of as many as possible
00:22:08
Agusx1211 (Polygon):full AA allows us to have expensive signatures for securing most funds in a wallet and using cheaper keys (not quantum safe) for day to day spending with something like session keys
00:22:31
Agusx1211 (Polygon):that's the kind of design space we need
00:22:33
marc | wolovim:reminder: current prompt is “what do you think is most important for a native AA proposal to accomplish?”
00:22:46
Danno Ferrin - Tectonic:Replying to "We will need preco..." Adding more layers to heavy math computations is not going to work out well in the end. Native crypto ops need to be directly optimizable.
00:23:26
Danno Ferrin - Tectonic:Replying to "We will need preco..." FAEST is one example, it has greate zk mapping, but forcing us to do it through RISC-V zk prooving will be 1000x more expensive
00:24:02
lightclient:wdym wallet rollover?
00:24:04
CPerezz:No one has mentioned ERC20 sponsoring. Is this not the “most desired feature” ?
00:24:19
CPerezz:Replying to "No one has mentioned..." I’d love to hear that it is not btw. Just asking stakeholders
00:24:23
Derek Chiang | ZeroDev:The #1 desired feature in commercial settings is gas abstraction, including gas sponsorship and paying gas in ERC20s
00:24:31
ivo Georgiev @ ambire:Replying to "No one has mentioned ERC20 sponsoring. Is this not the “most desired feature” ?" I meant it indirectly. Should’ve been more clear
00:24:35
Agusx1211 (Polygon):trying to define a list of "features we need" is the wrong approach, it is like trying to code the initial version of the EVM with the list of all "contract ideas" we will ever need
00:24:46
Parthasarathy Ramanujam:Replying to "No one has mentioned..." Yes, erc20 is used to pay for gas. Not necessarily for sponsorship.
00:24:52
ivo Georgiev @ ambire:Replying to "No one has mentioned ERC20 sponsoring. Is this not the “most desired feature” ?" I think batching and sponsorships have always existed - so I focused on the practical adoption part of those features
00:25:03
Mislav:Lots of these things aren't really unspecified though. Gas abstraction, sponsorships, 2D nonces, paying gas with erc20s, batch execution, ... There is a body of lived experience within AA teams from which these conclusions are derived.
00:25:26
lightclient:we have a lot of wallet teams here who seem to support 8141?
00:25:55
prestwich:Replying to "Lots of these things..." signature aggregation, especially PQ, is the main completely unspecified thing
00:25:56
ivo Georgiev @ ambire:Replying to "No one has mentioned ERC20 sponsoring. Is this not the “most desired feature” ?" Even before 4337 we had wallets doing those. In a nutshell all of the AA proposals serve to improve the practicality of said features - from not requiring proprietary relayers to using them in existing accs or using them without overhead or mempool complexity
00:26:01
Doris Hernandez | Functor:Two questions for me: 1) Are there any estimation on when will this be included in mainnet 2) The only possible way is to test in ethrex? Testnet?
00:26:29
Mislav:Replying to "Lots of these thin..." fair point
00:26:31
Jeevan:From this I currently See PQ with native AA is very noce to have , but not a must
00:27:59
Milos:Replying to "Two questions for me..." if we can get agreement on the design, then likely H* fork
00:28:22
marc | wolovim:Prompt: For each proposal, what's changed in the last ~month? e.g., spec changes, implementations, prototypes, testing, data collection, etc.
00:29:47
Iván | ethrex:We are hosting a devnet for frame transactions, we’ll announce it in AA Mafia soon
00:29:55
lightclient:https://github.com/ethereum/EIPs/pull/11555 derek is talking about this idea
00:29:58
Chris - Base:Interesting can you share - what if sender validation is invalid? (will read nvm)
00:30:15
lightclient:Replying to "Interesting can you ..." basically the guarantor still pays for the invalid tx
00:30:28
Agusx1211 (Polygon):isn't this somewhat similar to 5189?
00:30:35
Chris - Base:Replying to "Interesting can yo..." And they would inspect the sender frame for validation?
00:30:53
Chris - Base:Replying to "Interesting can yo..." Or is offchain
00:31:08
lightclient:i think you covered it
00:31:14
ivo Georgiev @ ambire:This is fantastic and very well explained
00:31:19
Doris Hernandez | Functor:Replying to "Two questions for me..." Great!
00:31:37
Karandeep Singh:Had a question with Frame tx, how would gas sponsorship work for privacy pool (shielded) transfers? Today, relayers/broadcasters can determine the fee they’ll receive from the transaction (e.g., via data revealed to them), and decide whether to submit. How would that model translate here?
00:32:07
Adam Egyed:The guarantor change would be similar to the behavior of existing Safe multisig wallets needing 1 signer / other EOA to relay the transaction, which assumes the risk of invalid signatures leading to reverts. +1 for utility in mempool performance.
00:32:20
Jihoon:Replying to "Interesting can you ..." If sender validation fails but guarantor can afford the tx. Is it a valid or invalid tx?
00:32:32
Derek Chiang | ZeroDev:Replying to "Interesting can you ..." If sender validation is invalid, the payer pays anyways. That’s why in this case we call the payer a "guarantor"
00:32:48
Bobby | Ambire:How is the actual sender protected in the case of a guarntee? I can guarantee for account B but account B is not mine so I forge a signature for him. If that signature is not validated, how does it work?
00:32:48
marc | wolovim:Ben’s contract payer tx, eip-8223: https://github.com/ethereum/EIPs/pull/11509
00:33:01
Parthasarathy Ramanujam:https://hackmd.io/@FJJgNqPTR2WeGoYk6_URNA/S1dAiErT-l#8223-from-the-wallet-desk-why-the-narrow-case-is-a-trap
00:33:03
Agusx1211 (Polygon):the idea of a guarantoor which is it by itself an EOA that has funds, that sounds like a relayer with extra steps... now if the guarntoor lives onchain, it becoms a public service not a meta-relayer
00:33:10
Chris - Base:Replying to "Interesting can yo..." Payment is the best form of DoS protection 🙏
00:33:12
Jihoon:Replying to "Interesting can you ..." I'm asking whether that tx is valid even though sender validation fails, i.e., can be included in a block
00:33:23
Derek Chiang | ZeroDev:Replying to "Interesting can you ..." So in practice, we expect the guarantor to be either other wallets the user owns, or third-parties with commercial / trust relationships with the user, or somehow have out-of-protocol knowledge that assures them that the transactions won’t revert
00:33:31
vitalik:BTW side note, but on the "PQ aggregation is unspecified" claim, actually lean ethereum is very far along in specifying and implementing STARK aggregation
00:33:52
Derek Chiang | ZeroDev:Replying to "Interesting can you ..." @Jihoon yes, the transaction is valid as long as the payer validation is valid
00:34:05
prestwich:Replying to "BTW side note, but o..." post the spec
00:34:43
Derek Chiang | ZeroDev:Replying to "How is the actual se..." If the sender validation is invalid, sender logic won’t be executed. The guarantor would simply be wasting gas
00:34:52
Parthasarathy Ramanujam:How do you propose existing wallets migrate assets from their existing wallets to the 8223 wallet?
00:35:06
lightclient:Replying to "BTW side note, but o..." https://github.com/leanEthereum/leanMultisig
00:36:00
vitalik:Replying to "BTW side note, but..." This is a good explainer too https://blog.lambdaclass.com/ethereum-signature-schemes-explained-ecdsa-bls-xmss-and-post-quantum-leansig-with-rust-code-examples/
00:36:02
Derek Chiang | ZeroDev:Replying to "the idea of a guaran..." The guarantor doesn’t relay though. You don’t need any relayer since it’s native AA. And yes it can be an on-chain construct. After all, payment is validated through a frame, so it can execute arbitrary logic, including deciding to guarantee based on some on-chain condition
00:36:21
marc | wolovim:fredrik speaking to https://eips.ethereum.org/EIPS/eip-7906
00:36:32
Ben Adams:Replying to "How do you propose e..." 7702 and then some of the disabling of EC EIPs that perminately convert to smart contract
00:36:34
prestwich:Replying to "BTW side note, but o..." i was expecting this to be a specification for an integration with frame txns
00:37:19
vitalik:Replying to "BTW side note, but..." there's also the 4337 aggregators feature, which can be adapted to frames easily if needed
00:37:37
Ben Adams:Replying to "How do you propose e..." Though it is a point in time thing
00:38:00
prestwich:Replying to "BTW side note, but o..." familiar with the work, and it’s good. we need to judge EIPs based on things we are sure can be specified and integrated
00:38:31
prestwich:Replying to "BTW side note, but o..." it’s clear that PQ signatures can be aggregated, the thing that needs specification is how that occurs in the network
00:38:42
Parthasarathy Ramanujam:Replying to "How do you propose e..." I believe all proposals should consider a migration path and make it as easy as possible. Otherwise it will discourage wallets from adopting the EIP. User retention is the biggest problem facing wallets. And it doesn’t help that we have a new EIP/ERC for AA every year!
00:38:45
Derek Chiang | ZeroDev:@Fredrik is there a draft for this?
00:38:56
vitalik:Replying to "BTW side note, but..." But zooming out a bit, it's good programming practice to support hiding data where possible, in order to make sure it's possible to backwards compatibly upgrade things
00:39:15
Alex Forshtat:Replying to "@Fredrik is there a ..." https://eips.ethereum.org/EIPS/eip-7906
00:39:38
vitalik:Replying to "BTW side note, but..." how that occurs in the network <--- you mean p2p layer?
00:39:43
Agusx1211 (Polygon):strongly in favor of 7906, it would be awesome for wallets
00:40:31
vitalik:Replying to "BTW side note, but..." I agree that's a big challenge, I basically think we should address this iteratively, the exact work needed is pretty independent of the exact scheme used to manage accounts onchain
00:40:39
Mislav:7906 is amazing! If we can make it compatible for offline validation via hardware wallets - that's a huge boost
00:40:48
prestwich:Replying to "BTW side note, but o..." that’s part of it. e.g. all the mess with SSA and DSA in stateless ethereum research
00:41:24
Chris - Base:7906 sounds like a very difficult thing for builders to deal with (especially L2)
00:41:29
prestwich:Replying to "BTW side note, but o..." basically the contention is “designing EIPs to support future use cases that we don’t understand fully” has typically been a mistake. i was involved in eip-152, e.g.
00:42:21
Alex Forshtat:Replying to "7906 sounds like a v..." Why?
00:42:36
Milos:Replying to "7906 sounds like a v..." I think the idea is that tx would still be included and gas paid, it just that execution would be reverted (all effects of execution)
00:42:45
Chris - Base:Replying to "7906 sounds like a..." ohh great :) no problem then
00:42:52
Chris - Base:Replying to "7906 sounds like a..." Sorry I thought it was tx validity
00:43:10
Chris - Base:Replying to "7906 sounds like a..." How does frames help then?
00:43:34
Agusx1211 (Polygon):Replying to "7906 sounds like a..." 7906 seems very useful even without frames
00:43:49
Chris - Base:Replying to "7906 sounds like a..." Yes seems like frames dont matter for it - seems good either way?
00:44:23
CPerezz:Risks for protocol / unknowns are part of this section @marc | wolovim ?
00:44:23
Milos:Replying to "7906 sounds like a v..." You can have clear separation between execution and verification, which makes it easier to implement (both for wallets and app developers)
00:44:34
Danno Ferrin - Tectonic:Adoption has built in headwinds: we need to start talking about how we will be sunsetting ECDSA.
00:44:42
Jeevan:Replying to "7906 sounds like a..." It compliments frames , but regardless its a good one standalone
00:44:44
Alex Forshtat:Replying to "7906 sounds like a v..." It is useful even without Frames, but it is a very clean approach to have a Frame Tx that contains "pre-validation" - "execution" - "post-validation" flow.
00:44:46
Mislav:Replying to "7906 sounds like a..." Yeah it's just like another piece of callData in a batch which is a specific assertion on state diffs
00:45:16
prestwich:Replying to "Adoption has built i..." this is the only urgent feature in the AA bundle
00:45:28
Chris - Base:Replying to "7906 sounds like a..." Isnt alternative AA proposals that have call batching also good for this? Its pretty much just a revert check no?
00:46:01
marc | wolovim:Replying to "Risks for protocol /..." Highlighting those sounds appropriate to me - in general, identifying open questions and ideally linking them to action items
00:46:43
Jeevan:Replying to "Adoption has built..." I dont think we have a clear approach for that yet , I think the native AA eip should add how they are handling this
00:46:54
lightclient:Replying to "Adoption has built i..." default account + frame tx. we can sunset ecdsa in the default account and turn off other tx types
00:47:50
prestwich:Replying to "Adoption has built i..." 8141 requires a deploy frame from all existing accounts, right?
00:47:58
Chris - Base:Replying to "Adoption has built..." 8130 has full key rotation including ecdsa deprecation ready - no follow up EIPs or ERCs needed
00:48:07
prestwich:Replying to "Adoption has built i..." also, @lightclient that’s not sufficient to sunset ECDSA, we also need to modify ecrecover
00:48:16
Chris - Base:(other than 1559/legacy deprecation if using an EOA based account)
00:48:18
Nico C:https://github.com/ethereum/EIPs/pull/11506
00:48:25
lightclient:Replying to "Adoption has built i..." yes ofc, but that is separate from AA
00:48:27
prestwich:Replying to "Adoption has built i..." making ecrecover frame-aware is inherently very bad
00:48:35
prestwich:Replying to "Adoption has built i..." “inherently very bad” lol
00:48:38
lightclient:Replying to "Adoption has built i..." you can use the default account without deploying anything
00:49:01
Agusx1211 (Polygon):I think the important part to understand is that from wallet teams POV "native AA" is in reality "native relayer", and if it is not powerful enough (ie has too tight limitations, doesn't allow code, etc) then there is a tradeoff (features vs native relayer) and users care little about a relayer being native or not so if a solution is not good enough, then eventually it is set aside and wallets just keep using whatever works for them
00:49:13
prestwich:Replying to "Adoption has built i..." making ecrecover frame-aware appears very messy and like it would have some hard-to-analyze knock on effects
00:49:35
lightclient:Replying to "Adoption has built i..." did i say we would make it frame aware?
00:49:57
prestwich:Replying to "Adoption has built i..." it’s the only practical choice. you can’t deprecate it
00:50:06
prestwich:Replying to "Adoption has built i..." you have to modify it to work with the AA solution
00:50:34
prestwich:Replying to "Adoption has built i..." ecrecover is deeply embedded in too many economically critical contracts. just identifying them will be a huge task
00:50:41
Nico C:Here we propose: https://eips.ethereum.org/EIPS/eip-7851 Deactivate a Delegated EOA's Key https://eips.ethereum.org/EIPS/eip-8151 Private Key Deactivation Aware ecRecover
00:50:48
lightclient:Replying to "Adoption has built i..." yes it will
00:51:03
Nico C:but not linked to 8141 these are independent problems
00:52:55
prestwich:Replying to "Adoption has built i..." any written down ideas for modifying it to work with 8141?
00:53:06
Jeevan:Replying to "Here we propose: ..." looks interesting , thanks will go thru it
00:53:17
lightclient:Replying to "Adoption has built i..." i dont get why 8141 has anything to do with ecrecover
00:53:59
prestwich:Replying to "Adoption has built i..." because we need a way to revoke ECDSA keys for EOAs when those EOAs are being used to auth via ecrecover
00:54:23
lightclient:Replying to "Adoption has built i..." yeah there are several eips with different proposals for this
00:54:33
Milos:you can't have native AA without any EVM usage
00:54:43
Jeevan:Replying to "Adoption has built..." few are the ones nico shared below Here we propose: https://eips.ethereum.org/EIPS/eip-7851 Deactivate a Delegated EOA's Key https://eips.ethereum.org/EIPS/eip-8151 Private Key Deactivation
00:54:47
prestwich:Replying to "Adoption has built i..." consider “permit”. we need to make it not work after your deploy frame deploys something and then we ideally need to make it work with whatever your deploy frame deployed
00:54:51
lightclient:Replying to "Adoption has built i..." https://eips.sh/eip/7819 https://eips.sh/eip/7851
00:55:43
Chris - Base:Replying to "you can't have nat..." Without any is true, but both 8141 and 8130 both have native paths for "hot" algos. 8130 decouples that from the account code itself while keeping it native
00:55:52
Adam Egyed:Another benefit of 8141 is that the execution frame format is standardized. An issue with developing 4337 wallets was inconsistency in execution data encoding across account implementations, which meant that session key permission enforcement code had to be ported to many variants of accounts.
00:56:29
Chris - Base:Wrapping precompiles should expect ~10-20% more expensive for smaller public key types
00:57:43
Jeevan:Replying to "Adoption has built..." We can put it this way , The existing EIP's doesnt want to fully support these migration , but atleast it should compliment one of migrating EIP's
00:57:50
Jeevan:Replying to "Adoption has built..." which I think frame does actually
00:57:58
Nico C:I think there is no need for a precompile on hash based (future ZK hash incoming anyway). For lattice it could be the NVMpy
00:58:12
marc | wolovim:After V, we’ll prob have time for cperezz, Tomas, prestwich and need to wrap up there.
00:58:34
Orca 0x:Replying to "Another benefit of 8..." there is a risk that session keys remain unstandardised, given that this isn’t part of 8141, but there is an effort to put such things into complementary ERCs
01:02:00
vitalik:the third option is that we figure out how to build a special-purpose AMM that puts all of the risks associated with a hypothetical "bad" token onto LPs
01:02:18
Adam Egyed:Replying to "Another benefit of 8..." From my read, it seems like 8141 already allows for composability across various permission enforcement contracts by adding each one in a new VERIFY frame, right? Which would mean the account just needs to track the signer -> required enforcer contracts in storage.
01:02:32
CPerezz:What’s the middle ground authors have in mind going for? Are we going Strat 2.5? If so, which way? Are we going from less to more? Or for more to less? @lightclient if you want to asnswer would be nice
01:02:33
vitalik:(I don't think this can be cooked up and proven safe within a month, but it's very plausibly the best long-term approach)
01:02:38
Derek Chiang | ZeroDev:@CPerezz Another option to supporting ERC20s in the public mempool is the guarantor idea: https://github.com/ethereum/EIPs/pull/11555 The ERC20 paymaster can serve as the guarantor of transactions, and take on the risks of the sender validation failing
01:02:39
Chris - Base:Replying to "the third option i..." Agree, and think that is the best approach
01:03:53
CPerezz:Replying to "@CPerezz Another opt..." This will allow for mass invalidation in FOCIL @Derek Chiang | ZeroDev
01:03:58
Derek Chiang | ZeroDev:Replying to "the third option is ..." The ERC20 paymaster can also just serve as the guarantor. The difference is that the ERC20 paymaster/guarantor would need to be a live service that signs off on transactions, while the AMM could be a pure onchain/passive construct
01:04:09
CPerezz:Replying to "@CPerezz Another opt..." FOCIL <> AA <> Statelessness can’t be solved with 1 EIP IMO
01:04:10
Orca 0x:Replying to "Another benefit of 8..." for sure, but that’s still an account-level implementation choice
01:04:43
Derek Chiang | ZeroDev:Replying to "@CPerezz Another opt..." Can you elaborate? As far as the mempool is concerned, the transaction is valid (pays gas) as long as the guarantor signs off on it
01:04:47
lightclient:it’s just a question of how much to support it
01:04:59
vitalik:without any precompiles, frames does a useful thing for post quantum (the 200k gas hash-based sig)
01:05:09
Derek Chiang | ZeroDev:Replying to "@CPerezz Another opt..." They don’t have to check any sender validation logic, or access any ERC20 shared state
01:05:20
vitalik:Regarding timing, one big point that I would make, is that post 2027, core dev space is going to have a lot more competition
01:05:34
Agusx1211 (Polygon):Replying to "without any precom..." and can be combined with a cheap ECDSA with session limits!
01:05:44
Danno Ferrin - Tectonic:Multivariate has entered the chat
01:05:58
Jihoon:Replying to "@CPerezz Another opt..." What happens when guarantor becomes unaffordable?
01:05:59
vitalik:The way I see this is: 2026: figure out AA 2027-28: figure out state (incl tree change, also incl expiry, temp state, utxos or any other idea) 2029-30: figure out VM
01:06:01
Danno Ferrin - Tectonic:MAYO-2 is my new dream signature
01:06:02
Jeevan:Can I know what frames does not provide which it tells ? , Also the post quantum yes will need a follow on EIP's , but I do think with frames the ground work is done
01:06:10
prestwich:i love me some Lamport, but why would we consider any non-FIPS PQ signature scheme?
01:06:13
Ben Adams:"Is done" is doing a lot of heavy lifting there
01:06:16
CPerezz:Replying to "@CPerezz Another opt..." Exactly. I mean, who is gonna run this if they can be totally rugged?
01:06:37
Derek Chiang | ZeroDev:Replying to "@CPerezz Another opt..." The guarantor in the public mempool would use the canonical paymaster contract which implements the timelock
01:06:51
Danno Ferrin - Tectonic:We should allow non-FIPS, but we also need a FIPS scheme. Crytpo Agility in practice
01:06:53
Pedro:Replying to "Can I know what fram..." https://eip8141.io/pq-roadmap
01:06:57
CPerezz:Replying to "The way I see this i..." How don’t we do AA & stateless at the same time? They clearly have lots of conflicting points & tradeoffs
01:07:05
CPerezz:Replying to "The way I see this i..." The ideation I mean
01:07:06
CPerezz:Replying to "The way I see this i..." ofc
01:07:35
prestwich:Replying to "i love me some Lampo..." anything that can be done in EVM efficiently is allowed (hashes) but why would we officially recommend it?

Summary

15 highlights · 3 action itemsExperimental

context and goals

  • EIP-8141 (Frame Transactions) was CFI'd for Hegotá but not selected as headliner00:08:11
  • Client teams want clarity on mempool, stateless, privacy, post-quantum implications00:08:11
  • Core goals: reduce centralized relayers, support FOCIL, enable post-quantum readiness00:17:36

proposal updates

  • Frame transactions: payment frame can precede sender validation for mempool efficiency00:28:30
  • EIP-8223: Contract payer transaction enables one-to-one EOA-to-vault relationships00:32:10
  • EIP-7906: Transaction assertions provide safety envelope preventing malicious side effects00:36:32
  • Ethrex devnet for frame transactions running with faucet and example contracts00:42:37

adoption concerns

  • Trust Wallet: ~100M weekly 7702 transactions; meaningful wallet adoption takes time00:45:11
  • Three adoption barriers: audit requirements, relayer dependency, cross-chain reliability00:48:47
  • L2 consensus needed on predictable performance/costs for native AA00:51:31

technical challenges

  • Ben: EVM-based signature validation could cost 2M gas vs 3K for precompiles00:53:16
  • Vitalik: Hash-based signatures work without precompiles; lattice needs vectorization precompile00:59:34
  • Carlos: ERC-20 gas payment conflicts with statelessness—whitelist or full state required01:00:13
  • Prestwich: Many claimed benefits (ERC-20s, post-quantum) remain unspecified/unproven01:04:09

roadmap context

  • Vitalik timeline: 2026 AA, 2027-28 state, 2029-30 VM work01:05:20

Action Items

  • Frame authors, Base, Arbitrum, OP teams: Continue L2 discussions to reach consensus on native AA performance requirements00:51:31
  • Frame authors: Define strategy for ERC-20 sponsorship vs statelessness tradeoffs01:02:32
  • Fredrik, Alex, Ethrex team: Collaborate on EIP-7906 demo using Ethrex frame transactions devnet00:42:37