xGov-117: Plugin-Based Account Abstraction

id: 117

period: 3

title: Plugin-Based Account Abstraction

author: krby.algo (@kylebeee)

company_name: Akita

category: dApps

focus_area: Defi

open_source: Yes

amount_requested: 50000

status: Final

Abstract

This proposal aims to bring production ready stateful smart contracts & tooling that act as an abstraction layer for interacting with the Algorand blockchain. This will allow businesses to offer their users a seamless onboarding experience & focus on delivering value to their customers, while amending some of the current UX friction points for new users. Through the use of plugins, users will be able to safely delegate authorizations opening up a whole new world of possibilities for the Algorand ecosystem.

Team

Krby (https://twitter.com/kylebeeeee) has been a full time software engineer for over 7 years and has been spending his evenings building Akita for the better part of the last 2 years following the original dev teams departure. He’s built a number of massive features for the Akita community including a staking platform, discord payment & verification bot (integrated with NFD’s), Yoink Ball (an in person king of the hill game utilizing Freeze & Clawback) and a permissionless Community spec (ARC-53).

Experience with Algorand

For nearly the last 2 years Krby has been spending his evenings building on Algorand. From writing smart contracts to building the base components of a longer term vision; a social platform built ontop of Algorand, NFDs, subscriptions & the community page spec. To date he’s delivered an astounding amount of value to the Algorand / Akita community and has been the driving force behind the growth of the Akita platform:

• The most flexible staking platform on Algorand

• A discord bot that enables payments, verification, and more

• Yoink Ball, an in person game of king of the hill utilizing Freeze & Clawback

• A permissionless community spec that enables NFT and project exploration with some of the best UX on Algorand

• A shuffle system for Akita Omnigems where the NFTs have no data attached to them before sale

• Co-Author of ARC58, the Abstracted Account spec.

Present Proposal

This proposal aims to acquire funding to build out the first production ready plugin based contract wallet for users on algorand. This abstraction will allow businesses on Algorand to offer their users a seamless onboarding experience & focus on delivering value to their customers. A Contract based wallet creates a massive set of new utility & convenience for users on Algorand. Over time tooling around this new wallet paradigm will be built out to enable users to safely delegate authorizations to plugins, opening up a whole new world of possibilities for the Algorand ecosystem.

Future Blueprint

Milestone 2: SDKs

Time Taken: 3 months

Amount: 50000

Description:

Javascript & Go SDK’s for creating, managing & interacting with contract based wallets & plugins. Integration with our ecosystems standard use-wallet library for clean integration across dapps.

Milestone 3: Plugins, Plugins, Plugins

Time Taken: 3 months

Amount: 50000

Description:

A standard set of plugin contracts for a myriad of uses within the ecosystem. The possibilities are nearly endless. We can have subscription plugins that allow users to pay automatically, NFT plugins for listing NFTs without them leaving your wallet. Bounty plugins for creating bounties that can be claimed by anyone, etc. The list goes on and on. The goal is to create a standard set of plugins that can be used by any business on Algorand to offer their users a seamless onboarding experience & focus on delivering value to their customers.

Milestone 4: Flavored Contract templates & Documentation

Time Taken: 3 months

Amount: 50000

Description:

Variations of the abstracted account with differing native feature sets. ie: a contract based wallet with a 10 day delay on interacting with new addresses as a whitelisting safety net, etc.

Documentation for the SDKs, plugins & contract templates.

Benefits for the community

Removing friction from user onboarding can help our network flourish by making onboarding less of a stumbling block for new & uninformed users. The learning curve of interacting with a blockchain is too steep for a large percentage of the population. This proposal aims to remove those barriers and offer businesses on Algorand a way to ease their users into web3 and bring the user of experience up to par with the rest of the web.

Additional information

I’m confused on what a plugin wallet does and the difference from the wallets we have now?

So its a smart contract that can behave like a wallet but with the added benefit that it can contain logic that dictates how it behaves.

A plugin is just another contract that it can use but you as the owner of the contract wallet can set limits on who is allowed to call a plugin & for how long.

A great example of the benefits would be the akita social dapp im working on. It wouldn’t make a lot of sense to ask the user to sign a transaction for every post, comment or like so what a plugin based contract wallet could do is delegate authority to call the plugin for you to the akita app and then you interact similar to how you do on twitter.

Another example is a globally allowed plugin, the opt in plugin. It effectively makes it so anyone can opt you into an asset as long as they cover the mbr. Similar to vaults but this could be your main account, effectively making opt ins entirely optional. You could even set specific addresses that are allowed to call the opt in plugin so you guarantee only dapps you trust can opt you in automatically

interesting. What are the security risks and potential vulnerabilities in this kind of wallet? Can the contract be updated in the future?

It allows delegation so i suppose one of the greater risks is people get used to allowing plugins to do stuff for them and go to a malicious site that asks for access to their account via a malicious plugin.

One of the ways i think this can be combatted is that many common uses will quickly have staple plugins that get used so similar to asa’s we could create rankings for verified plugins vs unknown ones.