为何以太坊下次升级中纳入 EIP-3074?账户抽象方案 ERC-4337 还不够吗?
作者:0xNatalie 来源:ChainFeeds
经过 3 年多的沉淀和改进,在以太坊第 183 次 ACDE 会议中,EIP-3074 得到了以太坊社区的广泛支持,正式被纳入下一次以太坊硬分叉。EIP-3074 由以太坊研究员 Sam Wilson、Go Ethereum 开发者 Matt Garnett 等人提出,其核心在于让任何一个外部拥有账户(EOA)都能像智能合约钱包一样运作,无需部署额外的合约,无需手动迁移。如 Paradigm CTO Georgios Konstantopoulos 所说「钱包用户体验将提升 10 倍」。那么 EIP-3074 是怎么做到这一点的?与 ERC-4337 的区别是什么?
EIP-3074 是对于 EVM 的升级
外部拥有账户(EOA)由用户直接控制和管理等以太坊上的一种账户类型,就是我们常用的助记词钱包创建的账户,比如 MetaMask。EIP-3074 引入了两个新的以太坊虚拟机指令:AUTH 和 AUTHCALL,使 EOA 连接起一个智能合约,并将交易的控制权交给智能合约。
AUTH 指令:用于验证一个 ECDSA 签名,并基于签名结果设置一个上下文变量「
authorized」
。如果签名有效,并且签名者地址匹配给定的授权地址,则将「authorized
」设置为授权地址。这样,AUTH 指令允许一个智能合约代表一个 EOA 执行操作,从而实现了授权控制的委托。AUTHCALL 指令:类似于现有的 CALL 指令,用于执行一个外部调用。不同之处在于,AUTHCALL 会使用之前通过 AUTH 指令设置的授权地址作为调用者地址。也就意味着 AUTHCALL 会使用授权的 EOA 作为发送方,而不是合约本身。
整体流程是:用户签署授权消息,Invoker 合约接收并验证,Invoker 合约使用 AUTH 和 AUTHCALL 指令以 EOA 的身份发送交易,代表用户执行交易,而无需直接使用用户的私钥,然后返回结果给用户。
与 ERC-4337 的区别
ERC-4337 是协议层面的,不需要更改共识层,主要目标是实现账户抽象(Account Abstraction),允许智能合约直接拥有资金,并具有类似于以太坊账户的功能。也就是让智能合约账户具有 EOA 主动发起交易的特性。
而 EIP-3074 需要通过以太坊硬分叉来实施,主要目标是赋予 EOA 类似智能合约的功能,将 EOA 的控制委托给智能合约,使得智能合约可以代表用户进行交易,并支持批量交易、赞助交易(即由第三方支付燃气费用以执行交易)等功能。虽然它使得 EOA 具备了智能合约钱包的功能,但账户仍然是 EOA。如果密钥被盗,意味着完全丢失。(除非设置一个特殊的合约专门用于账户恢复)
为什么重要?
在多链的时代,为每条链都支持 ERC-4337 需要大量的开发工作。而像 EIP-7377 提出的迁移交易,让 EOA 用户将其账户迁移到智能合约,是需要用户手动发送一笔迁移交易。相比之下,EIP-3074 让 EOA 具备智能合约的功能,可以在直接在所有链上使用,并且不需要用户手动去迁移。
相较于其他提案,EIP-3074 的优势在于简洁高效,不需要额外的流程,即可让用户享受到智能合约的功能。之前以太坊社区会担心 EIP-3074 的技术安全问题,经过改进和测试之后,社区广泛支持将 EIP-3074 加入到下一次以太坊升级中,这将对以太坊生态系统中的多个领域产生影响。
比如,在 DeFi 领域,EIP-3074 的批量交易功能将大大提升流动性提供者和交易者的效率,降低参与成本。此外,通过授权用户账户执行交易,DeFi 应用可以作为赞助者的角色,为用户支付 Gas 费用,从而降低用户使用 DeFi 产品的门槛,促进 DeFi 的大规模应用。
在全链游戏领域,通过 EIP-3074,用户可以通过授权方式将账户操作的权限授予第三方(Invoker),从而避免了每次交易都需要用户自己进行链上确认和支付 Gas 费用的问题。游戏开发者或其他第三方可以代替用户执行交易,用户只需要一次性授权即可,简化了交易流程,提升了游戏的流畅性。
潜在风险
在以太坊交易中,节点验证人需要确切地知道交易的细节,以便正确地处理它们。这样才能保证网络的安全和稳定性。在 EIP-3074 中,允许智能合约代表 EOA 执行交易,当涉及到赞助交易时,与其他合约或账户进行交互可能会改变交易执行前和执行后的账户状态,使节点验证人难以准确预测交易的影响,从而产生网络不一致的安全风险。
此外,虽然用户可以通过签名来授权第三方操作账户,但这也意味着第三方(Invoker)可以在一定程度上操作用户的账户,这可能导致潜在的安全问题。如果第三方的权限被滥用或遭受黑客攻击,用户的资金和个人信息可能会受到威胁。
After more than years of precipitation and improvement, the author's source was widely supported by the Ethereum community in the first meeting of Ethereum, and it was formally included in the next Ethereum hard fork, which was put forward by Ethereum researchers and developers. Its core is to make any externally owned account work like a smart contract wallet, and there is no need to deploy additional contracts and manually migrate. For example, it is said that the wallet user experience will be doubled, so how to do this? What is the difference between what is right and what is the difference between upgrading externally owned accounts? One type of account in Ethereum, such as direct control and management by users, is our commonly used mnemonic word wallet. For example, two new Ethereum virtual machine instructions are introduced, and an intelligent contract instruction is used to verify a signature and set a context variable based on the signature result. If the signature is valid and the signer's address matches the given authorized address, the instruction allows an intelligent contract generation. Table 1. A delegated instruction that performs an operation to realize authorization control is similar to the existing instruction for executing an external call. The difference is that the authorized address previously set by the instruction will be used as the caller's address, which means that the authorized sender will be used instead of the contract itself. The whole process is that the user signs the authorization message contract to receive and verify the contract use and the instruction to send the transaction on behalf of the user without directly using the user's private key and then returning to the node. The difference between the result and the user is that there is no need to change the agreement level. The main goal of the consensus layer is to realize the account abstraction, allow the smart contract to directly own funds and have functions similar to those of the Ethereum account, that is, let the smart contract account have the characteristics of actively initiating transactions and need to be implemented through the Ethereum hard fork. The main goal is to entrust the control similar to the smart contract to the smart contract, so that the smart contract can conduct transactions on behalf of the user and support bulk transactions. The three parties pay the gas bill to execute the transaction and other functions. Although it makes the account have the function of smart contract wallet, the account is still completely lost if the key is stolen, unless a special contract is set up for account recovery. Why is it important to support each chain in the multi-chain era? It requires a lot of development work, while the proposed migration transaction requires the user to manually send a migration transaction to the smart contract. Compared with other proposals, it is simple and efficient to use it directly on all chains and does not require users to manually migrate, so that users can enjoy the function of smart contracts without additional processes. After improvement and testing, the technical security issues that the Ethereum community will be worried about will be widely supported by the community, which will have an impact on many fields in the Ethereum ecosystem, such as the bulk transaction function in the field, which will greatly improve liquidity providers and The efficiency of traders reduces the cost of participation. In addition, by authorizing the user's account to execute the transaction, the application can pay for the user as a sponsor, thus lowering the threshold for the user to use the product. In the field of full-chain games, the user can authorize the third party to operate the account, thus avoiding the problem that each transaction requires the user to confirm and pay the fee on the chain. Game developers or other third parties can execute the transaction instead of the user. Only one-time authorization is needed to simplify the transaction process and improve the fluency of the game. Potential risks In the Ethereum transaction, the node verifier needs to know the details of the transaction accurately in order to handle them correctly, so as to ensure the security and stability of the network. In the process, allowing the intelligent contract representative to execute the transaction, interacting with other contracts or accounts may change the account status before and after the transaction execution, and it is difficult for the witness to accurately predict the impact of the transaction. In addition, although the user can authorize the third party to operate the account by signing, it also means that the third party can operate the user's account to a certain extent, which may lead to potential security problems. If the authority of the third party is abused or hacked, the user's funds and personal information may be threatened. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。