'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M7.99805%200.949219V6.86571L12.9987%209.10023L7.99805%200.949219Z'%20fill='white'%20fill-opacity='0.602'/%3e%3cpath%20d='M7.9984%200.949219L2.99707%209.10023L7.9984%206.86571V0.949219Z'%20fill='white'/%3e%3cpath%20d='M7.99805%2012.9341V16.9543L13.002%2010.0312L7.99805%2012.9341Z'%20fill='white'%20fill-opacity='0.602'/%3e%3cpath%20d='M7.9984%2016.9543V12.9335L2.99707%2010.0312L7.9984%2016.9543Z'%20fill='white'/%3e%3cpath%20d='M7.99805%2012.0039L12.9987%209.10038L7.99805%206.86719V12.0039Z'%20fill='white'%20fill-opacity='0.2'/%3e%3cpath%20d='M2.99707%209.10038L7.9984%2012.0039V6.86719L2.99707%209.10038Z'%20fill='white'%20fill-opacity='0.602'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_7741_230387'%3e%3crect%20width='16'%20height='16'%20fill='white'%20transform='translate(0%200.953125)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Ethereum Account Abstraction
Started date16 Sep 2024
Last updated08 Jan 2025
Submitted reports69
Total rewards$12,000
First response3 days
Triage time14 days
Reward time14 days
Resolution time90 days
Severity
Critical$100,000 - $250,000
High$25,000 - $50,000
Medium$5,000 - $10,000
Low$1,000 - $2,000
Supported by
What is Account Abstraction?
Account abstraction moves crypto from the current approach of a simple EOA account, where one can lose everything with a small mistake, to a future where an account can be tailored to their needs using smart contracts. The shift from EOAs to smart contract wallets with arbitrary verification logic paves the way for a series of improvements to wallet designs, as well as reducing complexity for end users. Thanks to the ERC-4337 protocol, account abstraction is made possible without having to compromise on the core principles of the Ethereum blockchain such as decentralization, censorship resistance, security, etc.
Use Cases
Streamlined ActionsSmart accounts revolutionize transaction security with multi-signature capabilities. Require approvals from multiple parties before execution, ensuring precise control over critical operations. Perfect for managing shared resources or securing high-value transactions.
Social Recovery Made EasyLosing access no longer means losing funds. With social recovery, you can designate trusted guardians—friends, family, or devices—to help regain account access through multi-signature verification. This blend of community and technology ensures peace of mind in every situation.
Enhanced SecurityProtect your interactions with trusted smart contracts through whitelisting. Whether dealing with decentralized apps or personal wallets, this feature minimizes exposure to malicious actors, creating a secure environment for your digital activities.
'%3e%3cpath%20d='M33.2665%2014.8973C31.2832%2010.9306%2026.6585%208.74196%2022.0618%209.88763C16.7652%2011.2083%2013.5148%2016.456%2014.8005%2021.608C15.1668%2023.085%2015.8692%2024.394%2016.8072%2025.479L10.4862%2035.6756C10.24%2036.0733%2010.0759%2036.5162%2010.0038%2036.9783C9.93166%2037.4404%209.95286%2037.9122%2010.0662%2038.366L10.9062%2041.726C10.9431%2041.8759%2011.0381%2042.0051%2011.1702%2042.0852C11.3023%2042.1652%2011.4608%2042.1896%2011.6108%2042.153L15.1762%2041.264C16.0608%2041.0429%2016.8243%2040.4854%2017.3042%2039.71L24.0335%2028.8483'%20stroke='%23050505'%20stroke-width='2'%20stroke-linecap='round'/%3e%3cpath%20d='M25.828%2020.2389C27.1522%2019.9088%2027.9653%2018.5971%2027.6442%2017.3092C27.3231%2016.0213%2025.9893%2015.2449%2024.6652%2015.5751C23.341%2015.9052%2022.5279%2017.2169%2022.849%2018.5048C23.1701%2019.7927%2024.5039%2020.5691%2025.828%2020.2389Z'%20stroke='%23050505'%20stroke-width='2'/%3e%3cpath%20d='M41.5569%2037.3767C46.8535%2036.056%2050.1062%2030.8084%2048.8205%2025.6564C47.5372%2020.502%2042.2009%2017.3964%2036.9065%2018.717C31.6099%2020.0377%2028.3595%2025.2854%2029.6429%2030.4374C30.0115%2031.9144%2030.7115%2033.2234%2031.6495%2034.3084L25.3309%2044.505C25.0847%2044.9027%2024.9207%2045.3456%2024.8485%2045.8077C24.7764%2046.2698%2024.7976%2046.7416%2024.9109%2047.1954L25.7485%2050.5554C25.7668%2050.6299%2025.7997%2050.7%2025.8451%2050.7618C25.8906%2050.8236%2025.9478%2050.8759%2026.0135%2050.9155C26.0791%2050.9552%2026.152%2050.9815%2026.2278%2050.993C26.3037%2051.0045%2026.3811%2051.0008%2026.4555%2050.9824L30.0185%2050.0934C30.9032%2049.8723%2031.6667%2049.3148%2032.1465%2048.5394L38.8782%2037.6777C39.7633%2037.6995%2040.657%2037.5991%2041.5592%2037.3767H41.5569Z'%20stroke='%23050505'%20stroke-width='2'/%3e%3cpath%20d='M40.7216%2028.9147C42.0457%2028.5846%2042.8589%2027.2729%2042.5378%2025.985C42.2166%2024.6971%2040.8829%2023.9207%2039.5587%2024.2508C38.2346%2024.581%2037.4214%2025.8927%2037.7426%2027.1806C38.0637%2028.4685%2039.3974%2029.2449%2040.7216%2028.9147Z'%20stroke='%23050505'%20stroke-width='2'/%3e%3c/g%3e%3c/svg%3e)
Temporary Access with Session KeysNeed to grant short-term or restricted access? Session keys are the answer. These keys allow limited permissions, such as temporary wallet access or specific dApp usage, ensuring your primary account remains protected, even if a session key is compromised.
Subsidized Gas FeesLower barriers for new users and improve engagement with sponsored gas fees. Smart accounts let projects cover transaction costs, simplifying onboarding and enabling seamless participation in NFT launches, token swaps, or airdrops without upfront fees.
Transaction BatchingStreamline complex processes by combining multiple steps into a single transaction. For instance, swap tokens on a decentralized exchange without executing multiple actions, reducing costs and enhancing user experience. Efficiency meets convenience.
1. Introduction to AA
1.1 Introduction to AAGuides, references and resources that will help you build with ERC-4337
1.2 AA ArchitectureThere are several main components to ERC-4337: UserOperation, Bundler, EntryPoint Contract, Account Contract, Account Factory Contract and Paymaster Contract
1.3 ERC-4337 ComponentsAll components of ERC-4337 revolve around a pseudo-transaction object called a UserOperation which is used to execute actions through a smart contract account. This isn't to be mistaken for a regular transaction type.
1.4 What is the EntryPoint ContractThe EntryPoint contract (which also includes a couple of others, such as StakeManager) is a singleton. There should only be one implementation because only one instance should exist on each chain.
2. What are AA Bundlers
2.1 What are AA BundlersA bundler is the core infrastructure component that allows account abstraction to work on any EVM network without requiring any changes to the protocol. Its purpose is to work with a new mempool of UserOperations and get the transaction included on-chain.
2.2 How to build with AA BundlersIf you want to build your own bundler, it's crucial that it passes all the tests covered in our test suite. More on this in the testing a bundler section. A good reference point to start with is our basic implementations of a bundler. This bundler focuses on being compliant, not on being fast.
3. What are AA Paymasters
3.1 What are AA PaymastersOne of the main reasons why the user experience of using EOAs is so difficult is because the wallet owner needs to find a way to get some ETH before they can perform any actions on-chain. With paymasters, ERC-4337 allows abstracting gas payments altogether, meaning someone other than the wallet owner can pay for the gas instead.
3.2 Build and Deploy a Paymaster in SolidityIn Account Abstraction, a Paymaster gives you the ability to have someone pay for the gas on a transaction on behalf of a smart account. For your production applications using account abstraction, we recommend you use the Account Kit, which has everything you need to provide audited, production-ready smart contract accounts for your users. If you're looking to become more effective with account abstraction by learning it deeply, you're in the right spot!
4. Running AA
4.1 How to run AAThis series "Smart Accounts From Scratch" is intended to help you learn ERC 4337 by working directly with the relevant smart contracts and calldata objects. For your production applications using account abstraction, we recommend you use the Account Kit, which has everything you need to provide audited, production-ready smart contract accounts for your users. If you're looking to become more effective with account abstraction by learning it deeply, you're in the right spot!