The security considerations are related to the way in which EIP-4337 changes the underlying interface used by Ethereum to represent accounts.

Areas of Potential Risk


Contract-based accounts make it easier to upgrade the behavior of an Ethereum account. While this is generally a desirable feature, it also means that the behavior of an account can be changed without the full explicit consent of its users.

Gas consumption

Changes the way in which gas consumption is calculated creates unintended consequences if contracts rely on incorrect assumptions about gas consumption.

Bundler DoS

This attack could occur if an attacker is able to manipulate the behavior of a Bundler so that it consumes an excessive amount of resources, potentially leading to users being unable to send UserOperations.

EntryPoint Auditing

The entry point contract will need to be very heavily audited and formally verified, because it will serve as a central trust point for all EIP-4337. In total, this architecture reduces auditing and formal verification load for the ecosystem, because the amount of work that individual accounts have to do becomes much smaller.