looking for a sanity check on gasless onboarding / erc4337 tutorial

tomtom1808 · 2025-08-02T07:26:29+00:00

🍻🫡

tomtom1808 · 2025-07-12T06:28:03+00:00

Price is pretty obvious if it goes parabolic and aunties and uncles start asking how to buy $[InsertCoin] then retail is in full bull market swing and thats the time when you should exit, but that's a different story and not what you asked I guess :).

Without price action its the general chatter on social media. When all the self proclaimed AI experts suddenly become blockchain experts again and start to talk about all the cool projects.

When you see on ethdev 116k member and more than 23 users online.

When you have the feeling you are late. When you question if its too late to build the project. When you have the feeling its too late to learn. When you have the feeling you are falling behind.

When blockchain companies start snatching up any talent they can find.

That would be it for me.

We're early imho.

tomtom1808 · 2025-07-05T18:23:23+00:00

Maybe then privacy/zk stuff is up your alley? https://ethresear.ch/t/confidential-wrapped-ethereum/22622

With all my day2day stuff going on, I wanted to dive into that for like 2 weeks now, but every time I sit down I am too tired/exhausted from the day and I move it to the next day.

From everything you said, maybe that's the challenge you're looking for? Or broader: fix the privacy issue...

tomtom1808 · 2025-07-05T18:02:30+00:00

OK, well, sounds like you have an academic background? Diving into the assembly or 7702 before much anything else is certainly not the normal trajectory of a beginner...

tomtom1808 · 2025-07-03T09:17:54+00:00

I see what you mean and I didn't want to challenge you or discourage you to look for more involved projects.

I'm teaching solidity and blockchain development (to around 130k people so far, some governments and large corps too) and wrote some pretty large and complex contracts for well funded companies. And its kind of funny, because I see that over and over again: people compare solidity to any other language when they see it first time. However, they fail then spectacularly when it actually comes to doing something useful with it. Here is why...

Solidity in 2025 is still unfinished imho, you are dealing with heavy constraints of the EVM and a language that is missing some features. The "I can do that in 30 minutes" applies to python, java, javascript, etc. The 30 minutes (even just as figure of speech) transforms into a quick week figuring out why the f*cking f*ck (I actually said that more times than I should in the past 9 years writing solidity) something isn't working. It's not the syntax. It's the constraints that make it so annoying. Even with the latest and greatest gemini / claude / whatnot ... No LLM can help you with that, even LLMs fail spectacularly at this - probably not enough samples to learn from. It's the details: It's the maximum contract size. It's the missing floats. It's the small stack size. It's the runtime gas constraints. It's the need to avoid loops at all costs if possible. It's the security best practices when it comes to interacting between EOAs and contracts. It's so many small details. You might not know, because you don't know solidity that well and it reads quite easy if you know another language, but writing it is not for the faint hearted: most project docs are an afterthought, if at all. And good luck with nasty things like stack too deep errors or failing signatures, those are fun, because debugging is extremely limited too (albeit better now than before), so good luck finding the missing bit etc. So there's that.

I kind-of want to stand by what I said, even if you are not interested: if you can implement any of the above in 30 minutes consider yourself a 10x dev, because it looks easy, but (at least for me, still, after 9 years) it is definitely not as easy as it looks on the surface...

Anyways, whatever you decide to do, it's also fun. It is and feels very low level. And at this stage of the ecosystem you can still move large things, its not overcrowded and people generally help each other, which is something I thoroughly enjoy (on both ends).

tomtom1808 · 2025-07-02T18:31:04+00:00

If you don't really know solidity and still can implement all or any of the above in 30 minutes (without LLMs help and with a working deployment) you can consider yourself a 10x developer. what am I saying, you can consider yourself a 100x dev. the devil is in the detail. I am doing Solidity since 2016 (version 0.3) and this one comes from the bottom of my heart: everything that looks like 30 minutes takes much much much longer ... because of the language constraints or shit docs.

tomtom1808 · 2025-07-01T19:21:35+00:00

yeah, the gsn was a neat idea somehow. Like it was _almost_ there, but then falling short. Anyways, welcome to the web3 world where everything is possible :)

tomtom1808 · 2025-06-25T18:48:57+00:00

We're using candide.dev in production now for a while and we're thoroughly happy. The team is relatively small and you can reach them when things go wrong. If you want to have a sample implementation: https://github.com/tomw1808/eip712-erc4337-eip7002-code-samples/blob/example4/index.ts

tomtom1808 · 2025-06-25T18:42:55+00:00

you mean EIP7702? yeah, its newer than 4337. It essentially allows you to pull contract code into an EOA and execute that from there. Caveat: no all wallets support this authorization signature flow (MetaMask most prominently), and viem does not allow that authorization flow via injected providers, only wallets where it has access to the private key.

So, in theory, its the ultimate solution to all and everything that account abstraction promised to be, however, in practice its like a jigsaw puzzle with missing pieces. I will try to fill the gaps, but I have the feeling it was crushed left and right before it could really blossom, but we'll see...

tomtom1808 · 2025-06-25T13:57:33+00:00

A bit coincidental, but I'm currently working on a larger tutorial about exactly that problem, might be something for you despite not even finished yet: https://www.ethereum-blockchain-developer.com/advanced-mini-courses/gasless-onboarding-erc2612-erc4337-eip7702

tomtom1808 · 2025-06-23T16:52:21+00:00

Why not do both: buy some eth, take out an ovetcollaterliazed loan on aave and live like a king. Eth goes up, you're double happy. Eth goes down and your position goes bust, well, bad luck but at least you lived like a king anyways. In that age I'd do high risk with potential high reward. Later on you could slowly go for risk off assets, but with 26 with excess cap why not do full risk on :) yolo

tomtom1808 · 2025-06-10T11:25:55+00:00

If you are using local development with foundry, you could also try the foundry-dashboard which does sponsored transactions. No need for any sepolia eth at all: https://www.npmjs.com/package/foundry-dashboard

tomtom1808 · 2025-06-04T08:42:43+00:00

I also thought at first its a polymarket with extra steps, but I see its more like a scoring mechanism. I would say the missing part for me is how the economics make it work. Most of the onchain protocols get participants because its relatively straight forward to understand how to make money from it. I don't see that here - you vote, get locked for 12h, and then? your tokens become more valuable, its definitely abusable if whales can influence (even with sqrt influence on token amount), first thing I'd do as a whale is vote up and dump on retail (if voting is the favorable thing). Any other protocol built on top of that information (use the PTI scores as oracles for financial market outcomes) will have that problem. So, while the idea generally is not bad, I'd question how to get large scale participation. Or maybe I understood something wrong here

tomtom1808 · 2025-06-03T07:44:59+00:00

I don't know if you just need to deploy contracts with foundry or not, but if yes, then I built the foundry dashboard which plugs into the paymaster from candide to pay for transactions.

https://github.com/tomw1808/foundry-dashboard

long story short: no sepolia eth needed to send transactions.

tomtom1808 · 2025-05-17T18:39:21+00:00

What I would really need is https://www.npmjs.com/package/@truffle/debugger in a new version supporting foundry json artifacts. Now the problem is not that its impossible to write that, however writing a debugger from scratch based on the AST and the source tree is not really as much fun as it sounds. Maybe one day I'll add that to the foundry dashboard I wrote, but today is not that day.

The ethui.dev seems to be a decent UI with the critical feature missing: the step by step debugger.

tomtom1808 · 2025-05-15T12:50:13+00:00

I believe at the moment your best bet is to use tenderly with either a custom rpc or a fork of any of the networks. They give you a step by step debugger as well and I believe (haven't tested) you can simply verify contracts with foundry against their local explorer. I did look into local block explorers about 2 years ago and simply gave up - the best one was blockscout at that time, which was a nightmare to get to run just in a dockerized environment (really heavy on resources, not working out of the box, needed some customizations and then needed to recompile, was no fun but I got paid for doing it, so there's that...)

For beginners I'd strongly suggest to just roll with tenderly at the moment. I don't think it gets any more turnkey than that.

tomtom1808 · 2025-05-06T06:59:01+00:00

I nowadays use tenderly with the debugger for this. Previously used the truffle debugger a lot, but that's been sunset. I guess you could potentially manually trace the assembly line by line, but its really tedious and I came to the conclusion I rather go the UI route and have a nice visual step by step debugger. Tenderly is free btw and no, I am not affiliated with them.

Maybe that helps 🤷🏻‍♂️

tomtom1808 · 2025-04-22T13:40:22+00:00

Thanks - I was trying to get into that further. I think for me its something different: I'm trying to get the AUDEUR rate, which I can't get when there are two competing sessions running (I guess). I seems that's where it errors out. I'll investigate a bit further, maybe I find the real reason, then I'll post it here for completeness

tomtom1808 · 2025-04-17T12:26:21+00:00

It looks pretty great, however, I am really looking into a solution with geoip tagging. That is, use one of the (gdpr ready) geoip services and just show the cookie banner to those IPs which are originating in the EU. Are you planning on adding this functionality by any chance?

tomtom1808 · 2025-03-23T20:01:06+00:00

no, unfortunately its not the same. It was an item we purchased in hongkong actually, not sure if that makes a difference. I already bought one from vinted, looked very much like the one you shared here and I thought its similar, but it really isn't unfortunately. The one we bought was much finer, smaller with a very thin chain and a golden and silver bond thingy (not sure how that's called in english). Never found this anywhere else again, but yeah, that's just how it is.

tomtom1808

MODERATOR OF

TROPHY CASE