mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Account Abstraction

Reputation

Reputation Scoring and Throttling/Banning for Global Entities Explained

1. Reputation Rationale:

  • Entities such as paymasters, factories, and aggregators are termed "global" because they can be accessed by multiple UserOperations. This makes them susceptible to potentially invalidating several previously-valid UserOperations, leading to disruptions in the system.

  • To safeguard the system against this, there are measures to regulate entities that frequently cause such disruptions. This regulation could be in the form of reducing their operation speed (throttling) or completely barring their activities for a while (banning).

2. Throttling and Banning:

  • This is a preventive approach to avoid potential abuse from these global entities.

  • If an entity consistently invalidates a significant number of UserOperations in the mempool, the system may decide to throttle or ban the entity temporarily.

3. Staking Mechanism:

  • To further guard against potential abuse, entities are required to deposit a certain amount as stake. This acts as a deterrent to malicious activities.

  • This stake makes it expensive for any entity to carry out a Distributed Denial-of-Service (DoS) attack, thereby providing another layer of security.

  • However, the stake is not forfeited or reduced. It remains intact and can be retrieved by the entity after a predefined delay.

  • Entities that haven't staked are still allowed to operate but with stricter regulations.

  • Staking not only acts as a security deposit but also provides additional permissions. A staked entity can access its storage as well as the sender’s storage.

4. On-chain vs. Off-chain:

  • The system doesn't enforce staking values directly on the blockchain. Rather, it is managed off-chain during transaction simulation by individual nodes.

  • Each entity should have a stake that is at least equal to the MIN_STAKE_VALUE, and the period before they can retrieve their stake should be more than MIN_UNSTAKE_DELAY.

5. Values and Duration:

  • The MIN_UNSTAKE_DELAY is set to 84600, which is equivalent to one day. This means that after deciding to unstake, the entity has to wait for one day before their stake is returned.

  • The MIN_STAKE_VALUE is a chain-specific parameter, and its exact value is given in the “bundler specification test suite.”

In summary, this reputation system is built to ensure the integrity of the network by regulating entities that might cause disruptions. Staking acts as a financial deterrent against potential abuse, and the system of throttling and banning keeps malicious or problematic entities in check. This dual-layered security measure ensures that the network remains resilient against potential threats and runs smoothly.

PreviousForbidden opcodesNextUnstaked

Last updated 1 year ago

🧩