mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  • UserOperation attributes
  • Security Concerns
  • The Signature's Dual Dependence
  1. Account Abstraction
  2. Key Roles and Their Interactions

UserOperation Breakdown and Security Concerns

UserOperations detail Ethereum actions without core changes, processed in bundles, with signatures fortified against replay attacks.

UserOperation attributes

To make improvements without changing Ethereum's core rules, it is not being introduced new types of transactions. Instead, users will wrap up their desired actions in a structured format called a UserOperation. Think of it as a form you fill out with all the details of your action.

Here's a breakdown of what this "form" (UserOperation) includes:

  1. sender:

    • Type: address

    • Description: This is the account that's initiating or doing the operation.

  2. nonce:

    • Type: uint256

    • Description: A unique number to ensure the operation isn't mistakenly replayed.

  3. initCode:

    • Type: bytes

    • Description: If an account is brand new and not yet recorded on the blockchain, this code helps create it.

  4. callData:

    • Type: bytes

    • Description: This is the specific data or instruction the sender wants to execute.

  5. callGasLimit:

    • Type: uint256

    • Description: The maximum amount of gas the main action can use.

  6. verificationGasLimit:

    • Type: uint256

    • Description: The gas allocated for verifying the operation.

  7. preVerificationGas:

    • Type: uint256

    • Description: This gas compensates the bundler for initial checks and data processing.

  8. maxFeePerGas:

    • Type: uint256

    • Description: The highest fee per unit of gas a user is willing to pay, inspired by another proposal (EIP-1559).

  9. maxPriorityFeePerGas:

    • Type: uint256

    • Description: The highest priority fee a user is willing to pay for faster processing, again related to EIP-1559.

  10. paymasterAndData:

    • Type: bytes

    • Description: If someone else (a paymaster) is covering the transaction fee, this is their address. It also contains extra data for the paymaster. If left empty, it means the user is paying for their own transaction.

  11. signature:

    • Type: bytes

    • Description: A cryptographic proof, combined with the nonce, used during the verification process.

In simpler terms, a UserOperation is a detailed set of instructions and information about an action a user wants to perform on the Ethereum blockchain. This approach allows for enhancements without the need to change the foundational rules of Ethereum.

  1. Step 1 – Sending the UserOperation:

    • Users craft their actions using the UserOperation format.

    • Once ready, they send these UserOperation objects to a special storage area, known as the user operation mempool or user operations mempool.

  2. Step 2 – The Bundlers' Role:

    • A group of special actors called "bundlers" keep an eye on this mempool.

    • Bundlers can be:

      1. Block builders using specific code to deal with these operations.

      2. Users who have a way to forward these operations to block builders, for instance, using a marketplace like Flashbots that ensures the action is either added to the next block or not at all.

    • These bundlers collect multiple UserOperation objects from the mempool.

  3. Step 3 – Creating the Bundle Transaction:

    • Bundlers combine multiple UserOperations into a single package, called a "bundle transaction."

    • This bundle transaction converts the collection of UserOperations into one combined action, known as a handleOps from EntryPoint contract call.

    • This combined action is then directed to a universally recognized contract, termed the global EntryPoint contract.

In simpler terms: Imagine you want to send a package through a special mail system (UserOperation). Instead of dropping it off at any mailbox, you put it in a specific collection box (user operation mempool). Special mail carriers (bundlers) then gather packages from this box and group them together into a bigger package (bundle transaction). This bigger package is then delivered to a central post office (global entry point contract) for further processing.

Security Concerns

One of the concerns in any blockchain system is a "replay attack". This is when someone tries to repeat or "replay" a transaction, potentially causing unintended consequences. To prevent such issues in the Ethereum system, especially across different chains (cross-chain) and different EntryPoint implementations (think of EntryPoints as central processing units), a safety measure has been proposed:

The Signature's Dual Dependence

When a transaction is signed (think of it as giving a unique stamp of approval), this signature should be based on two things:

  1. ChainID: This is like a unique ID for the specific blockchain chain being used.

  2. EntryPoint Address: The address or location of the central processing unit (EntryPoint) handling the transaction.

By making sure the signature depends on both of these factors, it becomes nearly impossible for someone to misuse a transaction signature on a different chain or through a different EntryPoint. This is similar to how two-factor authentication adds an extra layer of security to online accounts.

PreviousKey Roles and Their InteractionsNextInterfaces

Last updated 1 year ago

🧩
🙍
📄