Standards

Bundler

A bundler is an ERC-4337 actor that receives UserOperations, simulates validation, bundles valid operations, and submits them to the EntryPoint contract.

A bundler packages smart wallet requests and sends them on-chain.

Bundler Explained in Detail

A bundler is an off-chain participant in ERC-4337. It accepts UserOperations, simulates validation, chooses which ones to include, and submits a transaction to the EntryPoint contract.

Bundlers are not the account owner. They are infrastructure that turns valid smart account requests into on-chain execution.

Smart contract example

entryPoint.handleOps(userOps, bundlerBeneficiary);

The bundler pays for the transaction first and is reimbursed by the account or paymaster if the operation is valid.

Bundler in Auditing

Bundler behavior matters because validation is simulated before inclusion. Code that passes only under one bundler setup, depends on unstable state, or can waste bundler gas is risky.

Auditors look for assumptions about timing, ordering, simulation, and reimbursement.

Red flags in code

  • Validation depends on state that can change between simulation and inclusion.

  • Operations only pass on a specific bundler implementation.

  • preVerificationGas or other gas fields are unrealistic.

  • Factories or paymasters can grief bundlers.

  • Protocol logic assumes immediate inclusion after simulation.

How to test or review it

  • Simulate validation, then change relevant state before execution.

  • Test duplicate operations from the same sender.

  • Check replacement and nonce behavior.

  • Run operations against more than one bundler client if possible.

  • Review gas griefing around validation and paymaster logic.

Sources