Skip To Content
Menu

Expert Commentary

Mutualism, MPC, and EIP-7702

7 min. read

Ethereum’s Pectra upgrade just landed—bringing ERC-7702 and practical account abstraction with it. That means smart accounts, better UX, and way more flexibility on-chain are finally becoming a reality for EOAs and Smart Contracts alike. And top of mind is the intersection of it all with MPC. 

In biology, mutualism describes a close, long-term relationship where both parties benefit – think bees collecting nectar while pollinating flowers, or clownfish enhancing water circulation for anemones in exchange for protection. Some species thrive when paired, and this reality is obviously not limited to biology. EIP-7702, a significant advancement for Ethereum and the EVM ecosystem, is powerful on its own, as highlighted in discussions here, but when combined with MPC (Multi-party computation) wallets and the robust infrastructure developed by MPC providers over the years, its power grows. Like true symbiotic partners, EIP-7702 and MPC wallets together enable a more functional, more secure overall wallet. 

Let’s set the table. 

Many evangelizers of smart contract wallets and account abstraction pit these technologies against simple EOAs to argue their benefits. This is expedient, but ultimately counterproductive as it doesn’t address reality, especially in the institutional wallet space. As of today, most (though still not all) institutions are transacting on-chain with some sort of advanced security setup for their EOAs. Whether placing the private key in an hardware security module (HSM) or implementing Multi-party computation (MPC), businesses are generally no longer writing seed-phrases on notepads. 

Why am I telling you this? Because, as we examine the motivations behind 7702 and the general discussion of smart contract wallets, it’s important that we evaluate them in light of the actual, relevant key setups (not the worst EOA setups we can imagine). Ethereum cofounder Vitalik Buterin gets credit here. In his October blog post he addresses account abstraction goals and capabilities in light of multi-party computation EOAs. He doesn’t even waste time positioning them against/beside simple EOAs. So, following his lead, we will do our best to discuss gaps and advantages strawman-free. 

As it stands, serious crypto participants are often forced to pick between:

  • Institutional-grade EOAs (MPC leading the charge) – highly secure but they lack on-chain capabilities like batching and gasless transactions.
  • Smart-contract wallets (multi-sigs or 4337-based) – unique UX capabilities but they introduce security risks, operational overhead, and cross-chain challenges. 

EIP-7702 + MPC wallets offer teams a way to access the best key security and the UX capabilities of smart contracts. In other words, MPC solves 7702’s security and operational headaches, and 7702 solves MPC’s (and to be fair, all EOAs) on-chain UX limitations. 

Gaps in 7702 Enabled Accounts (Without MPC) 

7702 accounts suffer from an EOA’s single point of failure risk

Many account abstraction advocates (and smart contract fans in general) are concerned about 7702 for this reason: the EOA’s private key retains its ability to sign transactions regardless of the delegated code. This is a valid and reasonable concern. Other types of smart contract accounts cannot be circumvented and also allow for full-key rotation (swap out the controlling public/private key pair as owner of the smart contract account). But, with 7702 the security of the account is still entirely dependent on the security of the EOA. So where does that leave us?

MPC’s complement to 7702 here is straightforward. MPC wallets are uniquely equipped to mitigate single point of failure risk by distributing the private key across multiple parties (just like a multisig). More simply, an EOA secured via MPC is meaningfully more secure than a simple EOA and does not have a single point of failure on the key, meaning 7702 accounts meaningfully benefit when coupled with MPC wallets. 

7702 accounts lack security depth 

Security policies of all smart contract wallets (and 7702 enabled wallets) are on-chain. While some entities (DAOs), specifically appreciate the transparency, many protocols and businesses see this lack of privacy as an untenable security risk and operations problem. Certainly, a main value of blockchain is its transparency, but should businesses be broadcasting to the world the exact internal policies and security logic of their transaction signing? If everyone knows you are 1 of 3 signers for a multi-sig with a billion dollars in it, are you safe to travel? 7702 accounts with spending limits or recovery logic do not sidestep these transparency issues. It is worth noting that on-chain privacy-preserving guards are theoretically possible using zk proofs, but the technology is still immature and makes transactions prohibitively expensive.

An external attacker that has the entire policy of the target organization available is much more likely to be able to devise an attack that will target the weakest link and be successful. There are no organizations in the real world which operate with such transparency and for a good reason. Financial organizations have adopted policies that are robust and private enough that attacks on specific individuals in specific roles have stopped due to their effectiveness. At Fireblocks we see this manifest in the real world as policies on-chain are currently very simplistic with very few rules per wallet (mostly a single spending limit) while offchain policies often have dozens and even hundreds of rules in them.

MPC wallets offer both signing quorum privacy and transaction policy privacy. Any combination of on-chain and off-chain policies is available to an organization utilizing 7702 enabled MPC wallets offering the best of both worlds. 

7702 accounts can cause operational headaches in a multi-chain world 

The best way to illustrate this gap is to imagine a setup where smart contract wallets, or simple EOAs + 7702 were your only avenue to operate on-chain. In this setup the team must have different contracts deployed on each chain and/or a private key with chain-specific 7702 accounts on top (within the EVM) and then a separate setup for non-EVM public/private key pairs (do they have security logic on-chain? Some do, some don’t). Updating transaction policies requires full contract upgrades on each chain or at least unique transactions sent on each chain (for 7702) which costs money. Doesn’t sound fun, does it? 

With an MPC wallet as the foundation of the setup and off-chain policies governing access, you sidestep all of that chaos. The same wallet with the same policies governs activity and policy updates can apply to all chains at once; not to mention you get to use the same setup for non-EVM chains. And of course, any policies you want to have onchain you can. 

Gaps in MPC wallets 

So far, we’ve only explored one half of the symbiotic relationship. We’ve seen how MPC simplifies operations and mitigates risk for 7702-accounts. Now for part two. MPC wallets aren’t perfect. They have some gaps. (Which happen to be addressed by 7702).

MPC wallets lack on-chain UX functionality like batching, gas-sponsorship, session keys

MPC wallets (like all EOAs), lack these programmable on-chain benefits. Despite advanced security capabilities, MPC wallets still suffer from one signature per transfer, users paying gas from the same address, and users needing a fresh MPC round for every action. 7702 allows MPC wallets to slip on some smart account shoes and access the smart contract wallet advantages. 

  • Consumer facing applications can now pay gas for their users while preserving the users’ self-custody 
  • Payments companies can batch payouts instead of signing each individually 
  • A game can issue a 15 minute session key that allows for dozens of in-game signatures while the MPC quorum sleeps

Basically, you can have your cake (institutional-grade security with MPC+policies) and eat it too (major UX benefits of smart accounts). 

The Verdict: True Mutualism

MPC solves 7702 gaps and vice versa. MPC wallets have established themselves as the gold standard of institutional wallet management. EIP-7702 layers on beautifully, adding the UX capabilities that businesses have been waiting for. The wallet stack will continue to evolve as on-chain and off-chain advancements complement one another, and we plan to be there, allowing our client base to reap the rewards.

About Us

Fireblocks is the world's most trusted and proven digital asset infrastructure company, empowering organizations of all sizes to build, run and grow their business on the blockchain. With the industry's most secure, scalable and comprehensive platform, we streamline custody, tokenization, payment, settlement, and trading operations across the largest ecosystem of exchanges, custodians, banks, payment providers and stablecoin issuers in the world. Over 2,000 organizations - including BNY, Galaxy, and Revolut - trust Fireblocks to secure more than $10 trillion in digital asset transactions across 100 blockchains and 250+ million wallets. Learn more at fireblocks.com.

Topics

Ready for a deeper dive?

Get a Fireblocks Platform Demo

Find out how Fireblocks helps your digital asset business to grow fast and stay secure.

g2 & 4.5/5 stars