Currently, if the private key of an EOA is stolen, all the assets in that wallet will be stolen.
So users create multiple EOA addresses to spread the risk. But in that case, things like SBT will also be distributed, and the information of that person's transactions will not be accumulated in one account.
We have implemented a brand new contract wallet that follows the ERC4337 standard.
Users can create multiple roles (for private, for trading, for DAO pj, etc) by purpose.
Users can place the following restrictions on roles
By creating roles in this way, and using roles instead of owner keys for everyday use, even if a role's password is stolen, the damage is limited to the scope of that role.
In addition, the information associated with the person, such as SBT, ENS, etc., will be linked to single address
First of all, in a short period of time, we had a very hard time understanding ERC4337, account abstraction.
We implemented a contract wallet with its own role, so we had to implement our own front, bundler (backend API) and entry point for the functionality to work.
Understanding AA in a short period of time was the most difficult part. The implementation of hitting assemly to achieve the objective.
We had to use assembly language to parse, as calldata, what the user did.
We had a short time to implement a coutract wallet that met our requirements.
It was difficult to implement the bundler as per AA specifications.
We were able to identify and implement the minimum functionality required.
As the team members understood the specifications of AA, changes were made many times, and it was difficult to deal with those changes.
Discussion