Why is Web3 Wallet Onboarding still broken? A deep dive

If you are a developer developing next-generation dapps in Web 3.0, you know that wallet infrastructure is crucial in unlocking the experience.

Even today, creating, onboarding, and using wallets is quite tricky. It involves loading up a wallet with different crypto-assets, always having native tokens ready to cover gas expenses, dealing with unfamiliar confirmation pop-ups, and the risk of compromising the wallet's private keys. These challenges can deter users from using dApps.

Enter Programmable Wallets!

The evolution of wallet infrastructure has taken a significant leap forward with the development of Smart Contract Wallets, aka Smart Accounts. These accounts represent a paradigm shift in simplifying user onboarding.

Cited by Vitalik Buterin as a “long-time dream” for the Ethereum developer community, account abstraction is a critical upgrade in wallet structure that provides users with greater security, more flexibility, and, most importantly, a significantly better user experience.

The essence of Account Abstraction lies in transforming the account into a smart contract, thus creating what is known as Smart Contract Wallets. Account abstraction is a movement to decouple signers from accounts by making contract-based accounts (instead of EOAs) as first-class entities on the blockchain, giving users flexibility in key management and account permission. These smart wallets are based on a smart contract underneath, and users can set rules within the contract to manage their assets, perform actions, and add extra security checks when necessary.

Unlike regular wallets, smart wallets don't start transactions on their own. Instead, they react to incoming transactions by following their pre-defined code. They don't need private keys because their code controls their behavior. This nature opens up a world of possibilities, such as

1. Social Recovery
2. Flexible gas policies
3. Batched Transactions
4. Custom Signature Schemes
5. Spending Limits
6. Multi-sig wallet support

FanTV & Biconomy Integration: A Case Study in Simplifying Web3 User Experience

Background: FanTV, a social streaming platform, integrated Biconomy's Account Abstraction (AA) stack to enhance user experience. This move targeted the complexities of Web3 onboarding and transactions.

Challenge: FanTV identified the onboarding process with externally owned Accounts (EOA) as a barrier, especially for non-technical users. The hard-wired nature of EOAs makes them limited in terms of developer customizability but also inherently complex for everyday users who may lack the necessary experience to use them safely.

Solution:

1. Simplified Onboarding with Smart Contract Wallets: Leveraging Account Abstraction, FanTV introduced Biconomy smart contract wallets, facilitating a user-friendly email or social login sign-up. This approach bypassed the need for EOAs, providing an intuitive experience for Web3 newcomers similar to web2.
2. Enhanced Transaction Process:
   • Gasless Transactions & IOU Token Conversion: FanTV enabled users to claim rewards and convert them to IOU tokens, adding to their wallet without gas fees.
   • To simplify FanCard purchases, FanTV covered transaction gas fees, removing a significant user burden.

Impact: This approach led to over 700,000 processed transactions on-chain for over 330,000 new users onboarding to Web3. FanTV's strategic use of the Account Abstraction stack simplified the user experience, reducing costs and technical barriers in Web3 interactions.

Yet, Why Do SCWs Still Trail Behind EOAs?

Despite these impressive advancements and unlocking benefits, SCWs have not overtaken EOAs regarding user adoption.

This begs the question: Why do these superior wallets still play second fiddle to their more traditional counterparts? The primary reason for this lag is the onboarding challenges associated with SCW. Let's delve into the specific hurdles impeding the wider adoption of SCWs.

Navigating the Onboarding Hurdles

Transitioning to SCWs presents several onboarding challenges that can be daunting for new and native users. Adopting this stack is not as straightforward as one might hope, and it's important to recognize these obstacles to ensure a smooth transition for users.

Let's dive into the existing problems with the current onboarding procedures.

❌ 1.) Migration of Assets from EOA to SCW

Smart Contract Wallets have been seen as a fix for Ethereum's user experience issues since 2015, with the idea they'd attract users for easy asset management. Proposals emerged to allow smart contracts to handle transactions, anticipating that new users would flock to smart contract wallets for storing their assets.

Account abstraction remains a key ambition in Ethereum, with numerous initiatives striving to achieve it. Progress is being made, but past challenges have led many users to continue depending on EOA.

Transferring each asset to a new address becomes impractical once a user has collected significant assets in an EOA. The reasons are twofold: the costs involved and the necessity to manually sign and verify what could be hundreds of transactions.

The possibility of running out of gas during this transfer makes matters even more challenging. In such cases, users are compelled to go through the additional step of onramping gas tokens again into their EOA just to ensure they have the necessary gas to complete the transactions. This adds a layer of complexity and inconvenience to an already cumbersome onboarding process.

This is an overlooked piece of the problem. Converting existing users to smart contract wallets efficiently will expedite adoption and push forward better support and integrations for smart contract wallets.

✅ Solution to Tackle this :

Aarc is streamlining asset migration for dApps and users. Their Smart Transaction Toolkit is designed to provide developers with a seamless solution for transferring assets from EOA to any destination address. This TypeScript library simplifies the asset transfer process, supporting various token standards and offering unique features to enhance the efficiency and security of transactions, such as :

1.) Batched Transactions ➖ The SDK supports batch approvals through the permit2() contract by Uniswap. This means that users can transfer multiple assets from one address to another in just one click.

2.) Gasless Deposits ➖ End-users can deposit to smart accounts without incurring gas fees or can pay gas fees using any token.

You can watch this video to discover the asset migration capabilities of the Aarc SDK 👇.

Looking to streamline the deposit process for your users and seamlessly onboard web2 users? Register in our waitlist to gain early access of SDK.

❌ 2.) Smart Account Fragmentation across dApps

Regarding smart accounts, different vendors create their versions of SCW, which can make things tricky for dApps. Dapps have to pick and choose which ones to support, which can be challenging for developers and dApp platforms.

For users, this means that they might end up needing/creating a new wallet for each dapp they use. This can get confusing because their assets and identities are spread across different accounts. It's like having many different keys for different doors, and it can make the experience less straightforward.

✅ Solution to Tackle this :

In some scenarios, such as gaming, dedicated app-specific wallets offer distinct advantages. However, users often engage with their initial dapp, set up an embedded wallet using their existing web2 credentials or Passkey, and subsequently wish to utilize the assets accumulated in that wallet across different dapps by logging in with the same authentication method.

The ERC 7555 proposal introduces a standardized framework allowing applications to identify user accounts beyond the common EOAs. It focuses on recognizing standard and smart accounts that might be established or configured with signing keys divergent from the typical Ethereum secp256k1 curve. The objective is to ensure uniformity of address retrieval across applications and domains.

The ERC 7555 proposal leverages principles akin to those in OAuth, utilizing third-party websites (like http://sso.chainsafe.io) to generate identical keypairs and recover smart contract wallet addresses deterministically.

This approach eliminates the need for developers to speculate about the location of user accounts. Just as WalletConnect facilitated wallet discovery, ERC-7555 aims to simplify and standardize the discovery of smart contract wallets.

❌ 3.) Vendor Lock-In

EOAs are a widely accepted standard, allowing portable accounts across wallets and applications.

How smart accounts are set up can sometimes cause a problem called "vendor lock-in.” This happens when wallets develop their unique account configuration, making it harder to switch between them.

For users, this can translate into limitations when they want to move their assets or use different services. It's like having a favorite phone brand that uses a unique charger cable – you're stuck with it, and it's not very convenient when you want to switch to a different phone or use someone else's charger.

✅ Solution to Tackle this :

ERC-6900: Standard smart contract interface allowing composable logic within smart contract accounts.

This proposes a standard for coordinating the implementation work between plugin and wallet developers. This standard defines a modular smart contract account capable of supporting all standard-conformant plugins. This allows users to have greater data portability and plugin developers to not have to choose specific account implementations to support.

This modular approach splits account functionality into three categories — Validation, Execution, and Hooks, and implements these functions in external contracts.

• Validation functions validate the caller’s authenticity and authority to the account.
• Execution functions execute any custom logic allowed by the account.
• Hooks execute custom logic and checks before and/or after an execution function

The ERC 6900 approach, with its standardized and modular plugin design, allows users to add or remove modules/extensions effortlessly. This ensures cross-compatibility without needing permissions. It simplifies transitioning to better contract standards, reducing significant disruptions and effectively minimizing Vendor Lock-In.

❌ 4.) Security Issues

The onboarding process for smart wallets is a critical juncture that, if not managed with stringent security measures, can expose users to significant risks. While smart wallets offer advanced features and capabilities beyond traditional wallets, their security is contingent upon the robustness of the onboarding process. Here are some key security concerns:

1. Smart Contract Vulnerabilities: The reliability of smart wallets is deeply tied to the integrity of the smart contracts they're built upon. Any deficiencies in the contract's code or errors made during deployment can be maliciously exploited, resulting in the potential loss of funds or compromised wallet security.
2. Private Key Exposure: During onboarding, when users set up a Smart Contract Wallet on an EOA, private keys come into play. If these keys get intercepted or improperly managed, unauthorized entities might gain access to the wallet, posing a severe security threat.

✅ Solution to Tackle this :

Wallet-as-a-service companies are now making it easier for users to start and manage their wallets using options like email and social media for login. Essentially, these services keep private keys safe either in secure storage like AWS KMS, which users can access with their passwords (examples include Magic and Turnkey), or they use complex security methods MPC/SSS scheme (used by Privy, Web3Auth, and others) to protect this information.

Recently, there's been a swift increase in innovative approaches utilizing Hardware Signers and Passkeys to allow users to manage their accounts directly through their contemporary mobile or desktop devices. These tools are designed to integrate seamlessly with biometric authentication methods such as FaceID and TouchID, offering enhanced security while maintaining a user experience that feels natural and familiar.

A notable challenge with using Passkeys and Hardware Signers is that Bitcoin and Ethereum networks don't inherently support the signatures they generate. These tools use the secp256r1 (R1) elliptic curve, while these blockchain networks are based on the secp256k1 (K1) curve. Although efforts are underway to enable trustless and efficient verification of R1 signatures, some products that enable Passkeys are currently relying on intermediaries like Lit and Turnkey to convert an authenticated R1 signature into a K1 format compatible with these chains.

Conclusion and Closing Thoughts

1.) The emergence of Smart Contract Wallets (SCWs) marks a significant milestone in the quest to streamline and secure the web3 experience. With their ability to offer features like social recovery, flexible gas policies, and custom signature schemes, these programmable wallets represent a technological leap and paradigm shift toward user-centric design.

2.) However, the journey is not without its challenges. SCWs, while superior in many aspects, still lag behind the more traditional EOAs due to onboarding hurdles like asset migration complexities, fragmentation across dApps, vendor lock-in, and security concerns. Each of these challenges is a puzzle piece in the larger picture of mass adoption, awaiting solutions as innovative as the technology itself.

3.) Amidst these challenges, there's a silver lining. Solutions like Aarc's Smart Transaction Toolkit, ERC 7555 for standardized account discovery, and ERC-6900 for modular smart contract accounts are beacons of progress. They address the immediate hurdles and pave the way for a future where transitioning to and from SCWs is as seamless as the user experiences they promise.

In conclusion, while the path to widespread adoption of SCWs and the broader realization of a user-friendly web3 world is fraught with challenges, the industry's response with innovative solutions and continuous experimentation is a testament to the resilience and creativity of the Ethereum community.

For developers and users alike, this is an exciting time to be part of a movement that's not just building new tech but also shaping a new era of web3 onboarding. As we progress, the lessons learned and the solutions developed will undoubtedly turn today's UX challenges into tomorrow's opportunities for mass adoption.

If you’re as excited about this future as we are, we want to hear from you. Reach out to us via Twitter. If you have any inquiries about integrating with us, feel free to book a meeting with one of our agents!