Security And Griefing
How Paymasters are secured in ERC-4337 and the risks of abuse or DoS.
Paymasters introduce a new layer of gas abstraction, but they also open new attack surfaces. A malicious user could try to:
Drain the Paymaster’s deposit by spamming invalid operations
Trick the Paymaster into sponsoring high-cost or reverted calls
Exploit timeouts or race conditions in verification logic
ERC-4337 includes several protections to prevent these issues.
🔐 Stake Requirement
To operate, a Paymaster must:
Register with the EntryPoint contract
Stake ETH (minimum amount set by EntryPoint)
Maintain a deposit to pay for gas
Staked Paymasters are subject to slashing if they misbehave or allow griefing.
🧪 Deterministic Validation
validatePaymasterUserOp()
must:
Avoid
SSTORE
,BLOCKHASH
, or other non-deterministic behaviorNot depend on variable external state (unless staked)
Run within strict gas bounds enforced by bundlers
These constraints reduce DoS risk and make validation safely simulatable.
📦 Bundler Simulation
Before including a UserOp in a bundle, a bundler will:
Simulate the full operation off-chain
Measure gas cost and return data
Reject anything that might revert or exceed limits
This ensures Paymasters don’t get unexpectedly charged on-chain.
🛡️ PostOp Protections
Paymasters can implement logic in postOp()
to:
Reclaim unspent gas
Log usage or enforce backend quotas
Blocklist abusers
However, postOp()
runs after the UserOp executes, and must also be gas-safe.
✅ Summary
Paymasters must balance flexibility with caution. The ERC-4337 spec enforces staking, deterministic validation, and bundler simulation to keep Paymasters safe from griefing and gas theft. A well-designed Paymaster should assume hostile inputs and protect its deposit at all times.
Last updated