mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Account Abstraction

Using Signature Aggregators

Signature aggregators in Ethereum compile multiple approvals. Bundlers oversee their trustworthiness by assessing their Ethereum stake and validity, ensuring smooth, secure operations.

Utilizing Signature Aggregators in Ethereum

In some cases, Ethereum accounts might want to use something called "signature aggregators". Here's how they work:

Indicating Usage of Signature Aggregators:

If an account wants to use a signature aggregator, it'll give a heads-up by returning its address when validateUserOp is called. If the bundler then uses simulateValidation, the aggregator's address is provided in the resulting ValidationResultWithAggregator.

Bundler's Duties:

Before a bundler proceeds, they need to ensure that the aggregator is trustworthy. This involves:

  • Confirming that the aggregator has enough at stake (essentially ensuring that the aggregator has something to lose if they act maliciously).

  • Making sure the aggregator isn't currently restricted or banned for some reason.

  • Using the aggregator.validateUserOpSignature() method to confirm the userOp is legitimate.

Requirements for Signature Aggregators:

These aggregators should generally put some Ethereum (or "stake") on the line, much like a guarantor would. This acts as a security deposit to ensure good behavior. There are, however, some exceptions to this. For instance, if the aggregator doesn't access global storage, it might be exempt from staking.

Bundlers also have the authority to restrict or even ban aggregators if they're too resource-heavy, make errors, or if their signature gathering doesn't go as planned.

In essence, signature aggregators streamline certain Ethereum processes, but to ensure security, they are closely checked and monitored by bundlers.

PreviousTransaction NonceNextRequired entry point contract functionality

Last updated 1 year ago

🧩
🤝