Alchemy’s Modular Account is a cutting-edge smart contract wallet built on the ERC-4337 standard and extended by ERC-6900 to introduce modularity through account plugins. These plugins add programmable behavior directly into the execution flow of user operations, enabling secure, flexible, and customizable wallet logic without altering the base contract.
The Role of ERC-4337 and ERC-6900
ERC-4337 standardizes account abstraction by enabling user operations (UserOps) to be processed through an entry point, rather than relying on externally owned accounts. ERC-6900 builds upon this by introducing a structured, modular plugin system that allows developers to define logic hooks—points in the transaction lifecycle where custom code can run.
This design allows developers to create smart contract wallets that are fully programmable and extensible. Users can install or uninstall plugins to adapt their wallet’s behavior dynamically, supporting use cases like session keys, multi-sig, spending limits, flash loan management, and more.
Hooks: Pre, Post, and Validation
Hooks are the cornerstone of ERC-6900. They are categorized by when they execute during the operation lifecycle:
- Validation Hooks: Run during the validation phase of a UserOp. Useful for conditions like signature checks or nonce validation.
- Pre-Execution Hooks: Executed right before a call is made. These are useful for checks on spending limits, approvals, or preconditions.
- Post-Execution Hooks: Executed after a call, allowing confirmation checks, cleanups, or enforcing invariants.
This structure ensures that each plugin can control its own scope while integrating seamlessly into the overall transaction flow.
Real-World Use Cases
Session Key Plugin: A plugin that enables delegation of specific capabilities to a temporary session key. For instance, allowing only a single transfer under a fixed limit, expiring after a timeout. Hooks validate the key, check permissions, and revoke access accordingly.
Multi-Sig Plugin: This plugin can implement a requirement for multiple signatures using EOAs or smart contract signatures (via ERC-1271), enhancing wallet security without changing the account base logic.
Flash Loan Plugin: Executes logic that begins a flash loan in the pre-execution hook and verifies repayment in the post-execution hook. This isolates loan logic into modular, pluggable functionality.
Architecture and Upgradeability
Alchemy’s Modular Account uses the UUPS proxy pattern to ensure upgradability, while leveraging ERC-7201 to manage structured storage and prevent collisions. The core wallet contract handles:
- Integration with ERC-4337 entry points
- Plugin management (installation, removal, inspection)
- Batch transaction support
- Hook sequencing with deterministic ordering
Plugins are deployed separately and referenced via manifests, making the system highly modular and maintainable.
Plugin Manifest Design
The plugin manifest is a declarative structure that describes a plugin’s required permissions, its hooks, and what external calls it may invoke. Much like Android’s permission model, this allows users to review and approve each plugin’s scope before installation.
This manifest-driven design ensures that only explicitly granted functionality is enabled, increasing transparency and minimizing attack surfaces.
Security Considerations for Developers
Developers must carefully account for:
- Batch Transaction Behavior: Hooks should not assume static state, especially in batched operations where one call may invalidate assumptions made earlier.
- Temporal Scope of Hooks: Hooks execute at defined points; state may change after one hook and before another. Developers should guard against inconsistent assumptions.
- Plugin Power: Plugins are highly privileged. Bugs or malicious logic can disrupt or freeze account behavior. Proper scoping, revert behavior, and testing are critical.
- Runtime Isolation: Plugins that should only operate in certain contexts (e.g., UserOps only) must declare always-reverting runtime hooks to prevent misuse in direct calls.
Looking Ahead
ERC-6900 is designed to support evolving account abstraction needs. As its ecosystem grows, improvements in tooling, gas optimization, and signature aggregation are expected. The modular design also opens doors to integrations with other on-chain systems, creating smart accounts that adapt in real-time to user preferences and application needs.
Conclusion
Alchemy’s Modular Account demonstrates how ERC-6900 pushes account abstraction into a new era. With programmable hooks, clear permission models, and a flexible plugin framework, developers can deliver secure, dynamic wallets tailored to diverse user requirements. As modular smart accounts gain adoption, ERC-6900 offers a foundation for building the next generation of Web3 account infrastructure.
