Crypto users face a challenge in selecting what type of wallet to use. There are a wide variety of options, but each has advantages and security concerns. Self-custody is a big responsibility, but hosted solutions also carry risks, as we saw recently with the collapse of FTX.
We know how challenging many users find working with wallets. The web3 community is working to come up with safer, more reliable approaches to storing crypto. Smart contract wallets are one such option. There’s a lot to know about this type of wallet.
What is a smart contract wallet?
A smart contract is simply a program that runs on a blockchain, in this case Ethereum, executing designated commands when certain conditions occur. A smart contract wallet is a program that controls access to crypto tokens, such as coins and NFTs. It also allows you to access decentralized apps (dapps).
Most smart contract wallets still require an externally owned account (EOA) for their initial setup. However, where an EOA is controlled by a private key, the smart contract wallet is controlled by code. The wallet’s program dictates who can access your wallet, and under what circumstances. This has made it a wallet of choice when several people or a DAO needs to share control of a single wallet. Because smart contracts are programmable, they can offer more advanced features than other wallet types.
How do smart contract wallets work?
You can set policies and create controls that govern the use of a smart contract wallet. This wallet type can help safeguard your tokens with features such as:
Account freeze: If you suspect your account is compromised, your wallet’s program can freeze transactions until the situation is resolved.
Approve addresses: Your wallet can be set to require approval before sending assets to an address, preventing thieves from sending your crypto to their wallet.
Multi-factor authentication: Your wallet can be set to require more than one system for a transaction to occur.
Multisig: Smart contract wallets can require multiple signatures in order to execute transactions. This measure adds a degree of complexity to transactions, but is a layer of extra security that’s growing in popularity for users who trade or hold large amounts of crypto.
Social recovery: This is basically a twist on multisig aimed at wallet recovery. Instead of using a single seed phrase for recovery, owners assign (ideally many) guardians, requiring a certain number of those guardians to reset your signing key. These should be people who don’t know each other, so they can’t conspire to steal your funds. Guardians can also be other organizations or devices.
Upon request, the guardians sign a special transaction to reset the signing key and recover the wallet. Guardians can only be changed after a preset delay, helping prevent theft. Ethereum founder Vitalik Buterin has said that social recovery is the best way to end the crypto theft epidemic. The catch: You need trusted friends who have Ethereum accounts.
Transfer limits: By programming your wallet to include a maximum daily transfer limit, you can prevent a thief from quickly draining your wallet.
Vault: Smart contract wallets can be designed with a vault, adding another security layer. The wallet might be programmed to release assets stored in the vault only after a week, for instance, preventing any rapid theft.
Whitelisting: A list of approved recipients can be incorporated into the wallet’s code, preventing transactions with any other users.
In sum, smart contract wallets can be configured to provide a set of security features similar to the ones you experience with a traditional bank account. The flexibility of smart contract wallets means they can be set up to operate the way you want.
Flexibility, security, and ease of use
Ease of use, added security, and increased flexibility are the primary advantages of smart contract wallets.
Another plus: You can structure your wallet to avoid paying gas fees by signing transactions off-chain and using a third party or relayer, which executes the trade on-chain. This allows the user to forgo maintaining a balance of ETH on-chain.
Security threats to smart contract wallets
Though they offer added security features and ease of use, smart contract wallets also have security challenges. Smart contracts are made of code–and code can contain errors or get hacked. Primary areas of concern include:
- Design risk: Some smart contract wallet features can be used to change the wallet’s intended behavior. Functions that aren’t defined in the code may begin operating due to design problems.
- Implementation risk: Flaws in the code’s logic can allow owner privileges to be changed, approvals to be bypassed, or configurations to be arbitrarily changed. Unauthorized transactions might be approved, transfer limits bypassed, dapps connected without permission, or incorrect signatures accepted.
- Social risk: Poorly selected guardians could collaborate to drain your wallet. And while the need for multiple signatures reduces the risk of phishing, an attacker who manages to obtain the multisig information will be able to redirect funds.
Clearly, despite the promise they hold for greater security, smart contract wallets aren’t an automatic cure-all for the security problems wallets can have. They need to be designed and operated with caution. For example, transaction relayers can turn out to be untrustworthy. If a third party is used to deploy the wallet, that may expose a vulnerability for hackers.
How to secure your smart contract wallet
It’s important to thoroughly audit and test a smart contract’s code before you trust the wallet to store and transfer your assets. Beginning users may not have the requisite skills to make sure their smart contract wallet is properly programmed.
Additional security tips:
- Closely monitor activity so that any malicious transaction attempts are spotted immediately.
- Regularly disconnect from dapps not in use and revoke smart contract allowances/token approvals.
- Understand the modules in the contract and their functions.
- Always access apps through official websites.
- Be on guard against attempts to obtain signature information.
- Choose guardians or multi-signatories whom you trust and who do not know each other.
If you store or transact with large quantities of crypto, it’s worth considering using a smart contract wallet. Due to their design flexibility and additional security features, these may be the wallets of the future.