Standards

Paymaster

A paymaster is an ERC-4337 contract that can sponsor gas for a UserOperation when its validation rules pass.

A paymaster lets someone other than the smart wallet pay for gas.

Paymaster Explained in Detail

A paymaster decides whether it will pay gas for a UserOperation. It can sponsor users directly, require an off-chain signature, charge ERC20 tokens, or enforce application-specific rules.

The paymaster must deposit funds into the EntryPoint contract and validate operations before it is charged.

Smart contract example

function validatePaymasterUserOp(
    UserOperation calldata userOp,
    bytes32 userOpHash,
    uint256 maxCost
) external returns (bytes memory context, uint256 validationData);

This function decides whether the paymaster accepts the gas liability.

Paymaster in Auditing

Paymasters are easy to drain if validation is too broad. They are also exposed to replay, bad token pricing, failed execution, and gas griefing.

Auditors check that the paymaster sponsors only the intended user, operation, time window, and cost.

Red flags in code

  • Missing msg.sender == EntryPoint check.

  • Paymaster signatures do not bind the full operation hash.

  • Token payment logic ignores fee-on-transfer tokens or non-standard returns.

  • postOp can be reentered or forced into expensive failure paths.

  • Deposit and withdrawal controls are weak.

How to test or review it

  • Replay paymaster approvals with changed calldata, nonce, user, or chain.

  • Force the target call to revert and inspect postOp behavior.

  • Test depleted deposits and withdrawal permissions.

  • Use non-standard ERC20 behavior if the paymaster charges tokens.

  • Call validation functions directly from non-EntryPoint addresses and expect rejection.

Sources