Standards

EntryPoint Contract

The EntryPoint contract is the ERC-4337 contract that validates and executes bundles of UserOperations and manages account and paymaster deposits.

The EntryPoint is the on-chain coordinator for ERC-4337 smart wallet operations.

EntryPoint Contract Explained in Detail

The EntryPoint contract is the trust anchor for ERC-4337 execution. Bundlers call it with a batch of UserOperations. The EntryPoint validates each account, validates paymasters when present, executes calls, and pays the bundler beneficiary.

Smart accounts and paymasters should trust only the intended EntryPoint.

Smart contract example

function handleOps(
    UserOperation[] calldata ops,
    address payable beneficiary
) external;

This is the main execution path bundlers use.

EntryPoint Contract in Auditing

If an account or paymaster accepts calls from the wrong EntryPoint, attackers may bypass expected validation flow. A custom or forked EntryPoint also changes assumptions about failure handling, deposits, and gas accounting.

Auditors verify the EntryPoint address, validation flow, and deposit controls.

Red flags in code

  • Account validation functions are callable by anyone.

  • The trusted EntryPoint address is wrong, mutable without controls, or inconsistent across modules.

  • Paymaster deposits can be withdrawn by unexpected callers.

  • A custom EntryPoint fork changes expected handleOps behavior.

  • Failure handling differs from expected ERC-4337 semantics.

How to test or review it

  • Call account and paymaster validation functions directly and expect rejection.

  • Run valid and invalid operations through handleOps.

  • Test deposit, withdrawal, and beneficiary payment behavior.

  • Verify account, factory, and paymaster all use the same intended EntryPoint.

  • Review upgrade or configuration paths that can change EntryPoint trust.

Sources