EIP-3074 - Pass the AUTH, please!
Published on
This article is part of a "30 Days with Ethereum Standards" series. To see the first article in the series and to understand why the standards matter, check the initial article: 30 Days with Ethereum Standards.
EIP-3074: AUTH and AUTHCALL opcodes
Allow externally owned accounts to delegate control to a contract.
Abstract: This EIP introduces two EVM instructions AUTH and AUTHCALL. The first sets a context variable authorized based on an ECDSA signature. The second sends a call as the authorized account. This essentially delegates control of the externally owned account (EOA) to a smart contract.
What EIP-3074 is about
In summary, EIP-3074 is a huge step towards account abstraction that delegates complex functionality to invoker contracts while allowing users to keep their existing EOAs. While it introduces powerful new capabilities, the proposal also presents some risks, including technical issues and security challenges.
EIP-3074 was already approved for inclusion in the next Ethereum upgrade (Pectra, scheduled for Q4 2024), and as Ethereum continues to evolve, new, alternative standards are being proposed to address the limitations and risks of EIP-3074. One such proposal is EIP-7702.
Why it is important
EIP-3074 is a significant step in enhancing Ethereum's account model and improving user experience. It allows EOAs to access advanced features that were previously only possible with smart contract wallets, such as:
- Transaction batching - combining multiple transactions into one, saving gas fees
- Sponsored transactions - having transaction fees covered by a third party
- Social recovery - appointed contacts can help restore access to an account
- Custom cryptography - enabling new signature schemes beyond ECDSA
This makes Ethereum more accessible to a wider range of users by simplifying interactions and reducing costs. Users can maintain their existing EOAs while accessing new functionalities.
Use cases
Some promising use cases enabled by EIP-3074 include:
- Decentralized applications covering transaction fees for their users
- Bundling complex multi-step transactions into a single signature
- Implementing recovery mechanisms directly in EOAs
- Offering subscription services that include gas fees
- Allowing batched transfers and approvals in a single transaction
Drawbacks
While EIP-3074 offers many benefits, some potential drawbacks must be considered:
- Invoker contracts, if not properly implemented, could threaten user funds
- Phishing attacks could trick users into authorizing malicious invokers
- The original EOA key retains ultimate control, complicating key rotation
- It requires a hard fork to implement the new opcodes
- It does not provide a way to initiate transactions from smart contracts
To mitigate risks, invokers must undergo thorough audits and use safeguards like timelocks and multisigs. Wallets should implement verification of invoker authenticity. New standards are already in the works to address these concerns, such as EIP-7702. More on 7702 in a future article.
EIP-3074 in pizza terms
Imagine you’re at a party and instead of ordering your own pizza, you give your friend the power to order pizza for you using your phone app. In this analogy:
- Your phone app is like your externally owned account (EOA).
- You giving permission to your friend is like using the
AUTHopcode, which lets you set up who can act on your behalf. - Your friend ordering pizza on your behalf corresponds to the
AUTHCALLopcode, allowing specific actions (like transactions) to be made using your wallet, but as directed by a smart contract your friend controls.
Wit this setup, you don’t have to do everything yourself. You can delegate tasks like ordering pizza to a friend you trust. Similarly, EIP-3074 allows you to delegate transaction powers to smart contracts, making complex operations simpler and potentially saving on transaction fees, among other benefits. Also, just as you would be cautious about which friend you give your phone to, the same goes for EIP-3074. Delegate, but only when you trust them.
