Standards

UserOperation

A UserOperation is the ERC-4337 data structure that describes a smart account action, including sender, nonce, calldata, gas fields, optional paymaster data, and signature.

A UserOperation is the request a smart wallet sends before the EntryPoint executes it.

UserOperation Explained in Detail

A UserOperation is not a normal Ethereum transaction. It is a structured request that a smart account validates before the EntryPoint executes the account's intended call.

Important fields include sender, nonce, callData, gas limits, optional deployment data, optional paymaster data, and signature.

Smart contract example

struct UserOperation {
    address sender;
    uint256 nonce;
    bytes callData;
    bytes paymasterAndData;
    bytes signature;
}

The real ERC-4337 structure includes more gas and deployment fields, but these are the security-sensitive pieces auditors usually trace first.

UserOperation in Auditing

The UserOperation hash is what the account and paymaster usually approve. If the hash omits important context, an attacker may replay or redirect the operation.

Auditors check whether the operation binds the exact account, action, nonce, chain, EntryPoint, gas policy, and paymaster conditions.

Red flags in code

  • Signed data omits nonce, chain ID, or EntryPoint.

  • callData can target unintended functions.

  • Paymaster data can be reused for a different operation.

  • Gas fields are accepted without realistic bounds.

  • Nonce lanes or key-based nonces are misunderstood.

How to test or review it

  • Mutate each UserOperation field and confirm validation fails when it should.

  • Replay the same operation after it succeeds.

  • Replay across a different chain, EntryPoint, or account instance.

  • Test malformed calldata and paymaster data.

  • Confirm duplicate nonces and expired validity windows fail.

Sources