Composable Accounts: Unlocking the Future of Smart Wallets
The Evolution of Self-Custody
Crypto's cornerstone feature is self-custody — the unparalleled ability to have complete ownership and control of one's digital assets, all secured by a seed phrase. Then came smart contracts, adding layers of logic and state to digital transactions. This synergistic blend of self-custody, permissionless networks, and on-chain composability spawned a rich ecosystem.
However, the seed phrase remains both the lynchpin and the weak link. Various solutions, such as multi-signatures (multi-sig), multi-party computation (MPC), and account abstraction standards like ERC-4337, try to offset the risks. But they still conflate account authentication with transaction authorization, requiring off-chain coordination that limits composability.
The Imperative of Decoupling
To unleash the next level of account composability, we need to separate these two responsibilities—authentication and authorization. Existing solutions like Safe Core Protocol and Zero Dev Kernel offer 'plugins' that extend transaction capabilities but are often focused to specific use-cases. These plugins sometimes also leak authentication implementation details and transaction features, limiting options for users and organizations.
Reimagining Accounts with Composability
By applying principles of modularity, we can rethink how accounts are constructed. Think of off-chain mechanisms (multi-sigs, MPC, ERC-4337) as authentication tools. What those tools enable on-chain constitutes your account's authorization.
A fully encapsulated authentication model should be signature-agnostic, with the on-chain logic indifferent to how the transaction originated. Likewise, a fully abstract account must allow for authority delegation in a modular and composable way.
Introducing the First True Wallet Token
Imagine a signer interacting with a smart contract. The transaction call-data is in essence an authorization request. To determine whether this signatory is authorized, the contract could query a permission registry:
// Permission ID / Signatory / Authorization state
mapping(uint256 => mapping(address => bool)) public permissionHolders;
Such a system lets us grant permissions to any type of account—be it a regular Externally Owned Account (EOA), a multi-signature account, or a contract. This mapping can act as a decentralized "permission registry."
Upon closer inspection, this "permission registry" resembles an NFT contract. While EIP-6551 links ERC-721 tokens to deterministic account addresses, this model goes further by using composable NFTs for a nuanced permission landscape. Here, the account owner becomes not just a gatekeeper, but a decentralized architect of interlocking permissions through NFTs.
The Power of Account Legos
This NFT-based permissioning system can seamlessly integrate with a plethora of use-cases:
- Token-Gated Vaults: Secure your assets in a vault that only selected NFT holders can access.
- Token-Gated Accounts: Leveraging vaults, can act as smart accounts with specific logic and state.
- Token Recovery: Enables a smoother recovery process by storing or re-minting lost NFTs.
- Session Keys & Flash Permissions: Create expiring or per-transaction permissions.
By using NFTs as modular, composable elements, we unlock unparalleled flexibility and customization in on-chain accounts. This NFT-based approach, in essence, makes every permission an interchangeable, delegatable part, breaking the mold of how we've understood account security and functionality so far.
Conclusion: The Inevitable Future of Smart Wallets
As we move further into the crypto age, the need for more modular, secure, and flexible account systems becomes evident. Through the lens of NFT-based permissions, we not only address the current shortcomings but also unlock an expansive new universe of possibilities. Hence, it isn't a stretch to foresee NFT-based accounts as the evolutionary next step, fulfilling the promise of genuinely smart wallets.