EIP-4337 Security Smart Contract Audit

Summary

EIP-4337 is a specification to add account abstraction functionality to the Ethereum mainnet without modifying the consensus rules. The Ethereum Foundation asked us to review the specification and a reference implementation. The audited commit is 8832d6e04b9f4f706f612261c6e46b3f1745d61a... and make the code easier to reason about, change, and audit. We also believe this audit would have benefited from a more detailed description of the off-chain processing steps that are not apparent from the code base itself, along with mitigations employed by paymasters and bundlers, including...

Project

Ethereum.org

Multi-Chain

No active critical issues

Last audited on 2024/02/05

Auditor

239 audits on Trustblock

Multi-Tags

Issues (25)

	Low	Medium	High	Critical	Total
Not fixed	1	-	-	-	1
Fixed	14	4	5	1	24
Total	15	4	5	1	25

Contracts (9)

#	File Name
1	contracts/EntryPoint.sol
2	contracts/samples/SimpleWalletForTokens.sol
3	contracts/StakeManager.sol
4	contracts/IWallet.sol
5	contracts/UserOperation.sol
6	contracts/samples/SimpleWallet.sol
7	contracts/samples/DepositPaymaster.sol
8	contracts/samples/VerifyingPaymaster.sol
9	contracts/samples/TokenPaymaster.sol

EIP-4337

Summary

Issues (25)

[L09] Wallet may not be deployed [core]not_fixed/low

Contracts (9)