ERC-4337 Explained in Detail
ERC-4337 defines an account abstraction flow outside the normal transaction path. A user sends a UserOperation to a bundler, the bundler simulates it, and then the bundler submits it to the EntryPoint contract.
The standard also supports paymasters, which can sponsor gas under their own rules.
Smart contract example
entryPoint.handleOps(ops, beneficiary);
handleOps validates accounts, validates paymasters when present, executes operations, and pays the bundler beneficiary.
ERC-4337 in Auditing
ERC-4337 moves critical wallet checks into smart contracts. Bugs can allow unauthorized execution, replayed operations, gas griefing, drained paymasters, or accounts that work only under one bundler's assumptions.
Auditors review both on-chain code and the assumptions made by off-chain simulation.
Red flags in code
-
Account or paymaster trusts the wrong EntryPoint address.
-
Signatures do not bind the operation to the correct chain and EntryPoint.
-
Factory initialization lets attackers create accounts with unsafe owners.
-
Paymaster validation is too broad or replayable.
-
Gas fields enable gas griefing.
How to test or review it
-
Run valid and invalid operations through simulation and
handleOps. -
Test account deployment through the factory path.
-
Check sender-funded and paymaster-funded operations.
-
Replay operations with changed nonce, chain, EntryPoint, and calldata.
-
Validate failure behavior for account validation, paymaster validation, and execution reverts.