mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Account Abstraction
  2. Required entry point contract functionality

Paymaster extension

Ethereum introduces 'paymasters' to cover transaction fees, enhancing user experience. The system enforces rigorous checks for these sponsored transactions, ensuring security and paymaster integrity.

PreviousRequired entry point contract functionalityNextPaymaster Interfaces

Last updated 1 year ago

Extended Logic for Transaction Sponsorship

The entry point's capabilities are expanded to cater to 'paymasters'. Paymasters are entities that can cover transaction fees on behalf of others. This is especially handy for:

  • Developers Subsidizing Fees: Application creators can cover the fees to enhance user experience.

  • Paying Fees with ERC-20 Tokens: Users can offset transaction fees using different types of tokens.

  • Other Uses: This feature opens up various transaction fee-related possibilities.

If the paymaster isn't just a placeholder (not a zero address), the entry point follows a special procedure to manage these sponsored transactions.

Enhanced Verification for Paymaster-Sponsored Transactions

In the verification loop, the handleOps execution takes on some extra tasks when dealing with paymaster-sponsored transactions:

  1. Initial Verification: Besides just calling validateUserOp, it checks if the paymaster has enough ETH deposited at the entry point to cover the transaction.

  2. Paymaster's Approval: The handleOps execution calls validatePaymasterUserOp on the paymaster. This ensures the paymaster agrees to bear the operation's costs. Notably, the validateUserOp is now invoked with a missingAccountFunds set to 0, showing the account's deposit isn't used for this particular transaction.

  3. Context Handling: If the paymaster's validatePaymasterUserOp sends back a “context”, then after the main execution call, handleOps needs to invoke postOp on the paymaster. For guaranteed execution of postOp, the main execution is run in an inner call context. If this inner context is reverted, handleOps tries again using an outer call context.

  4. Security Against Malicious Paymasters: There are concerns about paymasters intentionally disrupting the system. To handle this, a reputation mechanism is in place. Any paymaster must either:

    • Keep their storage usage in check, or

    • Maintain a certain stake.

    Further details can be found in the section about reputation, throttling, and banning.

🧩
🚪
🏦