Content pfp
Content
@
0 reply
26 recasts
26 reactions
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
Curious how Coinbase’s new smart wallet works? I was too. Here’s an overview of how it’s possible to create and use a crypto wallet through Touch ID without ever needing a chrome extension. 1/6 The secret sauce Base. There are a couple things happening here. Check comments for further explanation.
11 replies
0 recast
1 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
First a wallet is created through Touch ID, then a transaction is signed via Touch ID, and finally the transaction is fully paid for by Base. All of this is made possible by Account Abstraction (AA)
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
2. Passkeys Before we talk about AA, it’s important to understand what passkeys are. Passkeys are a form of authentication that rely on public/private key cryptography rather than traditional passwords.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
With passkeys, private keys are stored privately on user devices while public keys can be shared with apps. Touch ID / Face ID can be used to prevent unauthorized use of a passkey.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
3. Wallet Creation The first step in the flow above is to create a wallet. This wallet is a “smart wallet” - it’s a smart contract deployed on Base rather than your typical EOA. Smart wallets are perhaps the greatest unlock of AA.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
This particular smart wallet contains code that allows for multiple owners, including ones that are passkey-based. Within the AA flow, a smart wallet is created if it doesn’t already exist.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
4. Touch ID Signing Once the wallet exists, the mint transaction can be signed and executed. To accomplish this, the website will prompt the user to sign a user op (think of it as an AA tx).
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
The user first needs to verify they control the passkey (through Touch ID, Face ID, etc) before they can sign the user op. After that, the user op and signature are verified by the smart wallet code and then executed.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
5. Free Transactions You’ll notice that the price paid by the user in the demo is 0. This is because AA adds a paymaster service that can be used to sponsor transactions. In this particular case, Base has a paymaster setup to pay for smart wallet mints.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
Other applications can use paymaster sponsorships as a way to easily onboard users with needing them to have ETH in their wallets.
0 reply
0 recast
0 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
6. Conclusion All the magic here is made possible by Account Abstraction. While AA has been out for a while, Coinbase’s smart wallet is one of the first to leverage account ownership via passkeys.
0 reply
0 recast
1 reaction
Almustapha.base.eth pfp
Almustapha.base.eth
@almustapha
In the future, it’ll also be possible to control wallets through traditional Web2 signin flows like Google SSO.
0 reply
0 recast
0 reaction