Why are Smart Contract Wallets Considered as the Most Secure Wallet?

Learn about smart contract wallets and their features with Braavos. Discover account abstraction, hardware signer, and more.

• January 9, 2023

• 4 min read

Share

Share

why-are-smart-contract-wallets-considered-the-most-secure-wallet

Meet Motty Lavie, Braavos’ Founder & CEO, for a series of Q&A that clarify what is a Smart Contract Wallet, StarkNet tech opportunities, market evolution, and more! The recap was edited for length and clarity.

Questions overview

  • Why are smart contract wallets different from existing ones?
  • How do gas fees work on StarkNet?
  • What are the key elements of Braavos?
  • How do you see the split between the mobile and browser experience?
  • Will the Hardware Signer only be available on mobile?
  • Do you see the Hardware Signer replacing hardware wallets?
  • Do I still need my seed phrase after enabling the Hardware Signer?
  • Are there any plans to deploy Braavos on other ZK ecosystems?

Q: Can you tell us what the smart contract wallets are and how it’s different from existing wallets?

If you look at classical self-custodial wallets like Metamask from a technology perspective, it’s only an application that resides on the user’s computer or mobile device.
It has no logic on-chain, it only signs transactions on the application side and sends them to the blockchain for processing.

In contrast, smart contract wallets (a.k.a account abstraction) have two parts. There is the application part like regular self-custodial wallets, and there is the smart contract part that resides on the blockchain. The smart contract part represents the user account where all transactions go through before they reach any other contract or any other protocol on the blockchain.

This is called account abstraction and it allows the wallet to run arbitrary signature verification logic as well as arbitrary execution logic, opening a whole new design space that can improve functionality and UX. One of the main manifestations of account abstraction in Braavos is our Hardware Signer.

Let’s take two simple examples to give a better understanding of smart contract wallets’ possibilities:

The first one is what we call Multicall, it’s the ability to perform multiple calls to contracts on the blockchain within the same transaction. But why is it so powerful?

Let’s take the Uniswap experience for example. When I want to swap tokens, first I need to approve the amount of tokens that I want to use. Usually, this approval is for an unlimited or a very high amount that the protocol can withdraw from my wallet. Only then I can sign the actual swap transaction.

That’s both a security risk and a bad experience, because I need to sign two transactions. With multicall we can bundle these together in a single transaction which gives us:

  1. The ability to sign only one transaction instead of multiple.
  2. Restricting the protocol to withdraw only the exact amount that is needed for this specific transaction, instead of an unlimited access that is never reset.

That way, even if we use the protocol only once and a year later the protocol is under attack, the attacker can’t drain our wallet.

The second example is account segmentation. If we think about TradFi, we have different types of accounts. We have our checking accounts, which we use almost daily, but usually involve transactions of low amounts. And we have our savings accounts, which we don’t use daily, but where the amounts transferred are higher.

In regular wallets, we can’t have this separation protected by the blockchain, but this is possible on smart contract wallets. We can embed the account segmentation within the account contract on-chain and say for example:

  • The checking account has a daily withdrawal limit so I can spend only a certain amount from that account per day.
  • As for the savings account, I don’t want a limit but a time delay or 2FA on transactions above a certain amount.

This is the kind of features that we take for granted in TradFi and Web2 and that does not exist in crypto, certainly not in a frictionless user experience.

Q: I have a follow-up question on Multicall. How does it affect gas fees on StarkNet?

In L2, similar to L1, we pay gas fees for storage and for steps. For me, the major advantage of L2s is that the payment for steps on StarkNet is exponentially lower than on Ethereum.

Just to give an intuition (not accurate as we ignore various constants), if we do, let’s say, a million steps on StarkNet, it is in the same order of magnitude as doing only a few dozens of steps on Ethereum. Even if we increase the step count by one million, we still did not increase the gas cost by a significant amount because the overall equivalent steps for L1 will be minimal.

The issue here is that we are billed logarithmically on the number of steps that we are doing. If people remember their high school lessons on logarithm functions they will recall that they rise very, very slowly.

Q: Could you share with us some of Braavos’ key elements?

At Braavos, everything is about improving the user experience in the broadest sense possible.

In the first few months of building Braavos, we focused on the basics, such as having support for multiple browsers and mobile devices. As well as an NFT gallery right in your wallet, a transaction explainer, a built-in exchange, and so on.

Once we covered the basics, we started using the power of account abstraction and the last feature that we released is what we call the Hardware Signer.

The idea of the Hardware Signer is to utilize the mobile device’s built-in security chip in order to generate keys, sign transactions and verify them on the blockchain. As far as we know, this is the first time that it’s been done on any major blockchain.

We really feel that this is a revolution in terms of security of crypto funds. Because now even if someone gets a hold of your seed, they cannot steal your funds, which is extremely powerful. To get that today you would need to use a hardware wallet that you need to buy separately and learn how to set it up, use it, store it, etc. With Braavos, you get it built-in with a seamless experience such as using Apple/Google Pay.

Q: Many dApps are built for the web and StarkNet is shaping up to be the gaming network. How do you see the split between the mobile wallet versus the browser extension?

If you want to target the mass market and the next wave of users that will come to crypto, I think that mobile support is essential, because for many users it’s their first choice to access the Internet, for some it’s their only choice. We have to cater to mobile users or else we simply lose a huge cohort of people.

Now on top of that, the built-in features that we have in the mobile such as face ID, robust fingerprint, security chip, touch interface, and so on, allows us to make a much better user experience not only for transferring funds, but also for gaming.

So for us it’s pretty natural to have dApp support in mobile, whether they are a classic DeFi like ZKLend or cool NFT innovations like Briq or Web3 games that are developed on StarkNet.

Q: In the case of the Hardware Signer on Braavos, is it only limited to mobile transactions? How do you envision this evolving in the future?

We deployed it first on mobile, but the second phase will also enable the Hardware Signer on PC, especially on laptops that have a security chip and a strong authentication mechanism like those we use on mobile, a biometric authentication — face or fingerprint ID.

And later down the road it will also take the form of two factor authentication. Meaning as I mentioned earlier, transactions above a certain amount will require two devices to sign them. For example, your mobile with your face ID and your laptop with your fingerprint ID which creates an even stronger security.

Q: Do you see the Hardware Signer replacing hardware wallets in the future or do you see a spectrum of use cases?

I see the Hardware Signer completely replacing hardware wallets for most users in the future, because the security modules that hardware wallets use today were derived from the security modules that exist on mobile devices.

Take the iPhone for example, all iPhones come with its security subsystem called “Secure Enclave”. It’s an isolated silicon module dedicated for security. It’s deployed in hundreds of millions of units around the world, and it’s constantly being attacked. Not by two kids in a laptop in some garage, but by powerful corporations and governments around the world in order to get money and personal information about people.

So the amount of resources that people invested to try and hack the iPhone’s Secure Enclave is enormous. It’s in orders of magnitude more than hardware wallets, which makes the Hardware Signer all the more robust.

I guess in the future there will be some people that will want to use a hardware wallet as an additional signer and maybe keep it in some safe in some very secure location. But I think that the vast majority of people would already have the same or better security within their mobile devices.

Similar to my belief that in the future, all wallets will become smart contracts, either new wallets like Braavos or existing wallets that will try to transform into smart wallets. And the successful ones will have hardware signers built-in that will make hardware wallets redundant.

Q: Someone asked, “why do I still need my seed phrase after setting up the Hardware Signer?”

Let me start by saying that the seed phrase is temporary. To get the best user experience we want to get rid of the seed phrase completely and this is what we’ll do in the coming weeks and months.

We are working on a “forgot password” feature which is similar to what people are used to in web2 when you lose access to some site and you forget your password. There is always an easy way to recover your password in two clicks. Our feature is going to be very similar but will be completely decentralized and preserve the self-custodial nature of Braavos.

Currently, we still need the seed phrase to cater to the fact that your phone might get stolen, lost or bricked, so even if no one will be able to steal your funds, you won’t be able to access them as well. And that’s not good, of course.

So once the Hardware Signer is enabled, the derived from the seed phrase can be used for the only function, which is, the “request to remove the Hardware Signer”.
This is a special transaction that comes with time delay, utilizing account abstraction / the fact that Braavos is a smart contract wallet. And only when this time delay will pass, the transaction will actually get executed.

That time delay is crucial because let’s say your seed phrase got stolen by a phishing attack and an attacker tries to remove the Hardware Signer. You will immediately and repeatedly get notifications, and you will have four days (the delay is configurable) to simply cancel that request and either replace your key or move your funds to a new wallet.

That’s the reason why there’s still the need for the seed phrase only for that specific scenario of a device getting bricked, lost or stolen.

Q: Do you plan on deploying the Braavos wallet on other ZK ecosystems like zkSync in the future?

I will circle back to what I said at the beginning. We are very bullish on StarkNet and the STARK technology. And we believe that eventually, all the rollup solutions that exist today will converge to STARKs, even the ones that are currently working on fraud proofs and legacy SNARKs will converge to STARK. Simply because of the intrinsic STARK characteristics — there’s no trusted setup, it’s quantum-resistant, tremendously scalable, and is overall the superior technology.

That’s why our focus is entirely on building on StarkNet.

To join the Braavos Nation and share your feedback, we encourage you to connect to our Discord, and Twitter to get in touch and catch the latest news.

You can also join the Braavos users who benefit from the Hardware Signer by downloading the Braavos wallet on mobile for Android and iOS, and on multiple browsers: Chrome, Firefox, and more.

More Articles

how-braavos-wallet-signers-are-elevating-the-crypto-experience

How Braavos’ Wallet Signers Are Elevating The Crypto Experience

Diving into the second level of the Account Abstraction Security Pyramid: the Protected Signer. Discover what it is and how it works.

Smart Contract Wallet

27 Mar 2023

smart-wallets-transforming-user-experience-and-security

Smart Wallets – Transforming User Experience and Security

Unveiling the next generation of crypto wallets: how smart wallets are elevating security and user experience in decentralized finance.

Smart Contract Wallet

25 Mar 2023

starknet-dapps-within-braavos-wallet-comprehensive-guide

Discover the Best of Starknet dApps with Braavos Wallet: A Comprehensive Guide

Explore Starknet dApps with ease using Braavos Wallet. Keep track of your engagement with the new gallery integration.

Braavos Wallet

25 Mar 2023

best-starknet-wallet-why-braavos-is-the-choice-for-new-starknet enthousiasts

The Best Starknet Wallet: Why New Users Choose Braavos in 2023!

With unique innovation and impressive growth figures, Braavos quickly became the best choice for Starknet, leaving old wallets in the dust! Here is why!

Starknet

25 Mar 2023

Web3 Identity and Web3 Security What you need to know

Web3 Identity and Web3 Security: What you need to know!

Learn about Web3 identity and wallet security. Understand crypto identity elements, domain names, 2FA, and hackers' operations!

Starknet

23 Mar 2023

smart-contract-wallet-innovations-how-is-braavos-leading-the-way

Smart Contract Wallet Innovations: How is Braavos Leading The Way?

Discover how Braavos, the smart contract wallet, secures crypto enthusiasts' journey post-centralized incidents. Strategy, features & more!

Smart Contract Wallet

4 Mar 2023

account-abstraction-case-study-by-braavos-and-starknet

Revolutionizing Crypto Signing: Braavos and StarkNet’s Account Abstraction Case Study

Revolutionize crypto signing with Braavos' use of Account Abstraction and familiar authentication methods like Face ID. Discover more now.

Starknet

18 Jan 2023

why-are-smart-contract-wallets-considered-the-most-secure-wallet

Why are Smart Contract Wallets Considered as the Most Secure Wallet?

Learn about smart contract wallets and their features with Braavos. Discover account abstraction, hardware signer, and more.

Smart Contract Wallet

9 Jan 2023

Inside Braavos’ Development of a Wallet on StarkNet: A Behind-the-Scenes Look

The power of smart contract wallets on StarkNet: enhance security, 2FA, account segmentation & streamline transactions. Discover more now!

Braavos Wallet

16 Oct 2022

Braavos: Simplifying Crypto for Everyday Users with Secure Access

Simplifying Crypto for Everyday Users: Braavos’ Mission to Provide Secure Access to Digital Assets

Discover Braavos' mission to simplify crypto access and increase security. Learn how they're bringing digital assets to the masses!

Braavos Wallet

24 Sep 2022

meet-braavos-the-first-mobile-wallet-available-on-starknet

Meet Braavos, the First Mobile Wallet Available on Starknet

Braavos' mobile wallet apps make it easy for users to access StarkNet and crypto while ensuring the highest level of security. Try it now!

Braavos Wallet

21 Aug 2022

Hello Braavos, a wallet on Starknet

Braavos, day 1

Braavos is a self-custodial smart contract-based wallet running on top of StarkNet. We provide users with all the basic functionality.

Braavos Wallet

27 Jul 2022

Be The First To Know

Subscribe now and receive monthly updates and interesting news about Braavos and Starknet ecosystem