mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  • Understanding the UserOpHash and Account Actions
  • UserOpHash
  • The Account's Responsibilities
  1. Account Abstraction
  2. Interfaces

Account Interface

The core interface of the Account contract is as follows:

interface IAccount {
  function validateUserOp
      (UserOperation calldata userOp, bytes32 userOpHash, uint256 missingAccountFunds)
      external returns (uint256 validationData);
}

Understanding the UserOpHash and Account Actions

UserOpHash

  • This is a unique code or identifier.

  • It's created by combining and hashing (turning into a fixed-size code) the details of the user operation (excluding its signature), the EntryPoint's address, and the specific ChainID

The Account's Responsibilities

Validation:

  • The account must first ensure that the incoming request is from a trusted EntryPoint.

  • If the account doesn't use signature aggregation (a method to combine multiple signatures), it must verify that the provided signature matches the UserOpHash. If it doesn't match, it should give a response, "SIG_VALIDATION_FAILED", without causing the operation to crash. Any other errors should cause the operation to stop entirely (revert).

Payments:

  • The account has to pay the EntryPoint a certain amount, known as "missingAccountFunds". This could be zero if the account has enough deposit already.

  • Optionally, the account can choose to pay more than what's required. This can act as a buffer for future transactions. If needed, the account can later retrieve this excess amount using the withdrawTo action.

Response Format:

  • When responding, the account must provide details in a specific format:

    • authorizer: A value indicating the status of the signature. '0' means the signature is good, '1' indicates a failed signature. If any other value, it's the address of a specialized contract called the "authorizer". For this system, the "signature aggregator" is considered the authorizer.

    • validUntil: This is a timestamp (in 6-byte format) specifying when the UserOp will expire. If it's '0', it means the UserOp doesn't expire.

    • validAfter: Another timestamp (in 6-byte format) indicating when the UserOp becomes valid. It's like a start time.

  • Special Note on Aggregated Signatures:

    • If an account uses aggregated signatures (combining multiple signatures), it should provide the address of its signature aggregator when responding to a validateUserOp request.

    • It can choose to ignore the signature field.

In simpler terms, when an account receives a user operation, it performs various checks and actions to ensure everything is in order. It validates the operation, makes necessary payments, and provides a specific response format to indicate the status of the operation. The system also has provisions for accounts that work with aggregated signatures, giving them a bit of flexibility in how they handle such operations.

PreviousEntryPoint InterfaceNextAggregator

Last updated 1 year ago

🧩
🌉
2️⃣