Halliday's Smart Accounts are built on top of the Account Abstraction standard (ERC-4337). This is a novel innovation that standardized a set of smart contracts that enable users on EVM chains to use contracts as accounts as opposed to an EOA.
Now, what does this mean?
Let's first start with some terminology. On Ethereum (and all EVM compatible blockchains) there are two types of accounts: Externally Owned Accounts and Smart Contract Accounts.
Externally Owned Accounts (EOAs): These accounts are the traditional form of user accounts on Ethereum, controlled solely by a public/private key pair. Lacking any associated contract code, EOAs are straightforward in function, allowing for basic operations like sending and receiving Ether or interacting with smart contracts. These are the 'default wallets' that many people refer to when saying they have an Ethereum wallet.
Smart Contract Account: A smart contract account is an Ethereum account controlled by its deployed code rather than a private key. These accounts serve as the backbone for any smart contract protocol. The contract code dictates how the account's state is updated on-chain, following the logic defined in the deployed contract.
So, what is Account Abstraction?
Account Abstraction is a protocol standard that enables users to have smart contracts as their wallets. This added layer of programmability allows these smart contract-based wallets to execute more powerful logic, such as gas-sponsored transactions, batch contract calls, conditional logic based on transaction properties, offering a more flexible and customizable user experience. Due to this programmability, the world is our oyster when it comes to traditional wallet features. Account Abstraction accounts can perform arbitrary logic, facilitating a dramatic improvement in UX and functionality. No more seed phrases!
The Halliday Smart Account is built on-top of ERC-4337 and is a purpose built to cater to the unique needs of blockchain applications. It offers myriad UX improvements and direct integrations with economic tooling, such as session keys to enable seamless auto-signing (no more disrupting popups), social-login (no seed phrases), device log-in (use your iPhone to create a smart account), and much more.
In summary, the Halliday Smart Account provides abstracted, secure, and flexible account structure that is tailor-made for the modern blockchain ecosystem.
Social login is a technology that allows users to derive a wallet using familiar login methods, such as "Sign in with Google", "Sign in with Facebook", "Sign in with Twitter", and Email OTP (a one-time password sent to a player's email address). Using a social-login mechanism, users are able to create a Halliday Smart Account directly from their Google, Facebook, Twitter, or email. Users can jump into your application without the hassles of traditional Web3 onboarding.
Passkeys enable a user's device (mobile phone or computer) to generate a device-specific public-private key pair using the device's native authentication mechanism that is linked with the application. The private key is securely stored on the user's device, typically in the device's secure enclave or a trusted platform module, making it resistant to extraction or unauthorized access. The corresponding public key is sent to the server of the service being accessed. During authentication, the user's device proves possession of this private key without transmitting the private key by means of device-native security features such as Fingerprint ID, Face ID, and more. Passkeys can also be securely synced across devices, promoting interoperability between different devices and platforms.
To learn more about Passkeys, we recommend these helpful sources below:
Google's Passkeys Documentation: https://www.google.com/account/about/passkeys/
Apple's Passkeys Documentation: https://support.apple.com/guide/iphone/use-passkeys-to-sign-in-to-apps-and-websites-iphf538ea8d0/ios
WebAuthn Passkeys Standards: https://fidoalliance.org/passkeys/
Uniquely to Web3, this private/public key pair can be used to manage Halliday Smart Accounts. Passkeys enable your users to create Halliday Smart Accounts for your application, with the device being the owner. The security features of passkeys eliminates the need to navigate to a wallet application for approving transactions, and provides for a more immersive experience for your users. In addition, passkeys' unique interoperability allows users to access your application with the same account, no matter the device they use.
Halliday’s Session Key feature allows users to approve multiple transactions over an entire gameplay session using a single transaction signing request. With session keys, users can securely and swiftly authorize a series of transactions without having to approve each transaction individually. Instead, users approve the request to create a temporary session key at the beginning of their session (integrated as part of the login flow), which is then used to authorize their in-app actions on the blockchain automatically. This temporary session key is protected with the same security as the user’s existing wallet (passphrase, social login, hardware wallet, and more), while vastly reducing the friction of performing in-game actions by removing the need to repeatedly authenticate the game client for the transactions. Session keys are tightly integrated with the Halliday Smart Account.
Diving into more depth, a Session Key is a cryptographically signed key pair – a public and private key. The private key never leaves the client-side of the app (for example, the web browser or a game built on Unity), and is used to sign and send transactions to the blockchain. The public certificate is signed via the user’s actual wallet private key, and a copy of the signed certificate is sent with every transaction and verified on-chain to authorize transactions. Session keys are intentionally ephemeral, with a chain-enforced expiry (configurable by the game depending on average user play times). A signed validity window ensures that leaked keys quickly become useless, and rigorous nonce and chain ID confirmations ensure that replay attacks with session keys are protected against.
Gas sponsorship is a mechanism where a third-party (not the user) can pay for a user's transaction fees. This functionality is natively supported in the ERC-4337 standard by contracts known as paymasters. Halliday manages paymasters for you, allowing you to cover transaction fees for your users. This adds a layer of flexibility and user-friendliness, as it eliminates the need for users in your application hold native currencies in their accounts to pay for gas. When a paymaster covers these fees, it is more convenient for users to interact with your app's smart contracts, marketplaces, or protocols. This is especially helpful for new Web3 consumers who may not yet own any cryptocurrency, eliminating the need for lengthy exchange onboarding processes.
Implementing gas sponsorship via Halliday's managed paymasters streamlines the onboarding process for users discovering your app. By offloading the complexity and friction of acquiring and managing Ether for gas fees, you enable a 'plug-and-use' experience akin to traditional applications. This alleviates one of the most significant barriers to entry for blockchain-based apps, particularly for those who are new to Web3.
Updated 4 days ago