Accounts in Ethereum: what is EOA, contract account and account abstraction

What is an account and how is it different from a wallet?

An account in Ethereum is an entity that has a certain balance expressed in ETH. The account is capable of initiating transactions on the Ethereum network. Not to be confused with a wallet: Ethereum technical documentation rightly insists that these are different things. Wallet – an interface or application through which the user interacts with his account. Wallets can be designed in different ways, have a different interface from each other, exist on different platforms, while the account is always implemented in the same logic. It is most easily described by revealing four fields inherent to any account on the Ethereum network:

1. Nonce – counter of the number of transactions or number of smart contracts transferred from the account. With each new transaction the counter increases by one. This provides protection against “replay attacks”, when an attacker tries to execute an already signed transaction again.. In such a case, the transaction nonce and the account nonce will not match. It will not be possible to validate such a transaction..
2. Balance – the number of wei belonging to a specific address. Wei is the fractional part of ETH: 1 ETH = 1e+18 Wei.
3. CodeHash – hash refers to the account code on the Ethereum virtual machine (EVM). This field always remains unchanged, unlike other fields.
4. StorageRoot – also known as storage hash. A 256-bit hash of the root node of the Merkle tree that encodes the contents of the account's store. This tree encodes the storage hash of a specific account and is empty by default.

Externally-owned account (EOA)

At a fundamental level, there are two types of Ethereum accounts: External Account (EOA) and Contract Account.
Let's start with the first one as the most basic and understandable. Externally-owned account (EOA, literally in Russian: “account with external ownership”) – an external account that is controlled using a private (closed) key. Such an account is built on a cryptographic pair: private (closed) and public (open) key. They allow transactions to be signed using the ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm, thereby confirming that the account owner actually initiated the transaction. In principle, the logic behind the pair of public (open) and private (closed) keys is now clear to anyone who is familiar with cryptocurrencies.

Contract account

Things get interesting next, when looking at the second type of account – Contract account.. For people accustomed to chains of private (closed) and public (open) keys, a lot of new things awaits. Essentially, such an account is a smart contract hosted on the Ethereum Virtual Machine (EVM) and controlled by code. Its logic is different from the usual user account (EOA). The contract account is managed using a predefined program code, which allows you to flexibly define the terms of use. For example, under what conditions and with whose approval are transactions initiated?.

In a sense, the contract account is a logical step in the development of blockchain technology in the form in which the creators of ETH see it. The philosophy of Ethereum initially assumed going beyond the limitations inherent in the first cryptocurrencies, primarily Bitcoin.. Therefore, the logic of accounts familiar to everyone is something that had to be overcome and go beyond.

Actually, the last two account fields – CodeHash and StorageRoot – are needed specifically for contract accounts, since they allow you to implement code and algorithms instead of the usual encryption keys. Actually, in the case of EOA, these fields remain empty, since the external account simply has nothing to fill them with. For a contract account, CodeHash becomes the place where the contract code is entered. It is contained in hashed form in this field and is executed as requests occur.

Differences between EOA and contract account EOA, due to its simplicity, has a number of advantages:

1. It costs nothing to create.
2. It can initiate transactions.
3. Managed using a familiar pair of cryptographic keys.

At the same time, it is not nearly as flexible in setup as a contract account and therefore, for example, transactions are only possible in ETH and tokens. Moreover, the loss (or theft) of the EOA key means for the user a complete loss of control over the account.
The contract account, on the contrary, is much more flexible. It can be configured to perform a variety of actions, such as automatically transferring tokens or creating new smart contracts.

But it also has its disadvantages:

1. Relatively expensive: executing a smart contract on the Ethereum network costs money, so the more complex the transaction, the higher the fee.
2. The contract account can only send transactions in response to an incoming transaction.
3. Such an account depends on the quality of the code: if something is not provided for, the funds may freeze forever, since the smart contract turned out to be “not smart enough” in conditions incomprehensible to it.

It may seem that the disadvantages of a contract account outweigh the advantages, but this is not the case. Of course, as long as the blockchain user has enough familiar EOA for all pressing tasks (they usually don’t go further than “receive/send ETH”), you can afford to treat the contract account with distrust. However, as more and more interesting innovations are implemented using contract accounts, their relevance will increase. In fact, the recent hype that has arisen around account abstraction is a wonderful confirmation of this idea.

Account abstraction

The next step towards more flexible account programmability in Ethereum is account abstraction. The fundamental problem is that a simpler and more functional alternative to EOA is difficult to achieve within current protocols. Contract accounts cannot initiate transactions on their own, which deprives them of an important competitive advantage over EOA. EOA itself is not flexible enough compared to a contract account, and the current protocol does not allow it to be managed by a smart contract.

This has been recognized as a problem for quite some time. The history of initiatives can be traced through proposals to improve Ethereum: EIP 2771, 2938, 3074, and 4337. The latest was a proposal to create an alternative mempool, which allows us not to change the current protocols and consensus algorithm. In March 2023, the ERC-4337 standard was introduced and the EntryPoint smart contract appeared, which provided account abstraction.

Actually, the account abstraction is a combination of the functionality of a smart contract and EOA. This gives you access to the following features (the list is not exhaustive):

• Authorization via multiple signatures. The contract can be configured so that all transactions, or transactions exceeding a specified amount, require authorization of a certain part (for example, 3/5) of trusted persons, or authorization through several devices. For example, large-value transactions may require approval from both a mobile device and a hardware wallet, or account signatures from trusted family members.
• Account freeze: If the device is lost or hacked, the account can be frozen from another authorized device.
• Account recovery: everyone knows, loss of a key means loss of crypt. Using account abstraction, you can set up multiple pre-approved accounts that can restore access.
• Transaction limits: You can specify daily thresholds for the amount that can be transferred from your account per day/week/month. This means that if an attacker gains access to an account, they won't be able to empty everything at once, and the user has the ability to freeze and reset access.
• Whitelists: transactions can only be allowed to certain addresses whose security is not in doubt. This means that even if the account was hijacked, the attacker will not be able to send funds to addresses that are not whitelisted. To change whitelists, for example, you can require multiple signatures, so there is no way an attacker will be able to transfer funds to himself.

How account abstraction is implemented

Essentially, the account abstraction is a complex add-on to Ethereum. Without going into details, the first thing you should pay attention to is UserOperation. These are objects that are sent to a separate mempool; they describe the transaction performed on behalf of the user. Like any transaction, UserOperation contains sender, to, calldata, maxFeePerGas, maxPriorityFee, signature, nonce. But besides this, there is bundler (a wrapper that, for a fee, checks transactions and combines them into one to then send to EntryPoint), EntryPoint (a smart contract for verifying and processing UserOperation) and Aggregator (an auxiliary contract that is trusted to verify the signature).

Among other things, it is important to note: for account abstractions, you can set gas fees in stablecoins or even in fiat.

Conclusion

There is a possibility that the creators are striving to turn ether into something radically different from the familiar cryptocurrencies as quickly as possible.. The introduction of smart contracts, the abandonment of PoW in favor of PoS, NFTs, and now the abstraction of an account, which can in the future displace and replace EOA – all this seems to plunge us into a new world that is difficult for the average user to imagine.

Account abstraction really opens up many new possibilities and expands the degree of control on the part of the user – all this cannot but be welcomed. On the other hand, combining the logic of a smart contract and a regular account may seem too bold a step for those who value cryptocurrencies in the form that has proven itself remarkably well.