Alchemy’s Modular Account: ERC-6900 Unlocks Fully Programmable Smart Wallets with Modular Plugins

Source: Alchemy’s Modular Account: Technical Deep Dive into ERC-6900

Alchemy’s Modular Account represents an innovative smart contract wallet built atop the ERC-4337 standard, extended by ERC-6900 to enable modularity through account plugins. These plugins embed programmable logic directly into the lifecycle of user operations, allowing wallets to be flexible, secure, and customizable-all without changing the underlying wallet contract.

Understanding ERC-4337 and ERC-6900’s Role

• ERC-4337 brings account abstraction by processing user actions (UserOps) via a designated entry point instead of traditional externally owned accounts (EOAs).
• ERC-6900 enhances this model with a plugin system that introduces hooks-specific points in a transaction’s lifecycle where developers can inject custom code.

This combination empowers smart contract wallets to be fully programmable and easily extended. Users gain the ability to add or remove plugins on demand, tailoring wallet behavior dynamically to meet different needs such as session management, multisig security, spending limits, and even flash loan handling.

Key Concept: Hooks in ERC-6900

Hooks form the backbone of modular behavior in ERC-6900. They operate at distinct phases of a user operation in three categories:

• Validation Hooks: Run during input checks like signature validation and nonce verification.
• Pre-Execution Hooks: Triggered immediately before the main transaction call, ideal for checking spending constraints or approvals.
• Post-Execution Hooks: Called after the transaction, used for cleanup, confirmation, or ensuring invariants.

This structured approach lets each plugin specialize in a well-defined scope while integrating smoothly into the overall operation flow.

Practical Plugins and Use Cases

• Session Key Plugin: Allows temporary delegation with fine-grained control-like enabling a limited transfer that expires after some time. Hooks enforce permissions and revoke access when appropriate.
• Multi-Sig Plugin: Implements multiple signature verification (including smart contract signatures via ERC-1271), reinforcing wallet security without altering core account logic.
• Flash Loan Plugin: Manages flash loan lifecycle by initiating the loan pre-execution and ensuring payback post-execution, isolating flash loan logic as a safe, modular add-on.

Architecture and Upgrade Strategy

• The wallet uses the UUPS proxy pattern for upgradeability.
• It complies with ERC-7201 to securely manage storage and avoid collisions.
• Core contract responsibilities include:
• Interfacing with ERC-4337 entry points
• Managing plugin lifecycle (install, remove, inspect)
• Supporting batch transactions with ordered hooks execution

Plugins are deployed independently and referenced through plugin manifests, enhancing modularity and maintainability.

Plugin Manifest: The Permission Model

Inspired by Android’s permission system, the plugin manifest explicitly declares:

• Permissions the plugin requires
• Hooks it implements
• External calls it intends to make

This allows users to review and approve each plugin’s scope before installation, fostering transparency and reducing attack surface by limiting plugin privileges to only what’s necessary.

Security Considerations for Developers

Creating safe plugins demands attention to:

• Batch Transactions: Hooks must not rely on static assumptions, as prior calls in a batch can alter state.
• Temporal Scope: Because hooks execute at separate points, state may change between them-guard against inconsistent logic.
• Plugin Authority: Plugins run with high privileges; bugs or malicious code can disrupt or freeze wallets. Careful scoping, reverts, and thorough testing are vital.
• Runtime Isolation: Plugins should explicitly prevent misuse outside expected contexts (e.g., enforce reverts for direct calls if they only apply to UserOps).

Future Outlook

ERC-6900 sets the stage for more adaptable account abstraction solutions. Expected future enhancements include:

• Better developer tooling
• Improved gas efficiency
• Signature aggregation methods

Its modular design also paves the way for deep integration with other on-chain systems, enabling smart accounts to respond dynamically to evolving user preferences and application demands.

Summary

Alchemy’s Modular Account showcases how ERC-6900 transforms smart contract wallets by introducing programmable hooks, clear permission management, and a flexible plugin architecture. This foundation helps developers build secure, customizable wallets designed for the complex needs of Web3 users. As modular smart accounts gain traction, ERC-6900 promises to be a key building block for next-generation decentralized account infrastructure.