What Is Account Abstraction and Why Does ERC-4337 Matter?

Traditional Ethereum accounts come in two flavors: Externally Owned Accounts (EOAs) controlled by a private key, and Contract Accounts that run code. EOAs are the only type that can initiate transactions, which creates a fundamental UX problem. Users must safeguard a seed phrase, maintain an ETH balance for gas, and approve every action one at a time.

ERC-4337, authored by Vitalik Buterin, Yoav Weiss, Kristof Gazso, Namra Patel, Dror Tirosh, and Shahaf Nacson, introduces a parallel mempool system that allows smart contract wallets to function as first-class accounts. Instead of sending transactions directly to the Ethereum mempool, users sign UserOperations (UserOps) — data structures describing the intended action. These UserOps flow through an alternative mempool, are collected by Bundlers, and executed on-chain via a singleton EntryPoint contract.

The key innovation: ERC-4337 achieves account abstraction without requiring a hard fork or protocol change. It works on Ethereum mainnet today, and on every EVM-compatible chain.

Core Benefits for Builders

According to Dune Analytics, the number of monthly active ERC-4337 accounts crossed 8.3 million in February 2026, up from 1.2 million in February 2025 — a 591% year-over-year growth rate.

The ERC-4337 Architecture: Components Deep Dive

Understanding the full ERC-4337 stack is essential before writing code. There are five core components that interact in a specific flow.

1. UserOperation: The New Transaction Primitive

A UserOperation is a pseudo-transaction object signed by the user but not broadcast to the standard mempool. It contains:

With ERC-4337 v0.7 (the current standard as of March 2026), UserOps use a "packed" format that reduces calldata costs by approximately 20% compared to v0.6.

2. EntryPoint: The Singleton Orchestrator

The EntryPoint is a single, audited, immutable contract deployed at the same address on every EVM chain: 0x0000000071727De22E5E9d8BAf0edAc6f37da032 (v0.7). It performs two critical phases:

1. •Verification Loop — Calls validateUserOp() on each smart account (and optionally validatePaymasterUserOp() on the paymaster). Reverts are isolated per-UserOp.
2. •Execution Loop — Calls the smart account with the provided callData. Failures here do not revert the entire bundle.

The EntryPoint v0.7 contract has been audited by OpenZeppelin, Spearbit, and Alchemy's internal team. It handles roughly $2.8 billion in monthly transaction volume across all chains.

3. Smart Account: Your Programmable Wallet

The smart account is the user's on-chain identity. It must implement the IAccount interface:

Popular smart account implementations include:

4. Bundler: The Off-Chain Relay

Bundlers collect UserOps from the alternative mempool, simulate them locally, group valid ones into a single handleOps() transaction, and submit it to the blockchain. They earn the gas fee difference as profit.

Leading bundler services:

Running a self-hosted bundler (Rundler is open-source by Alchemy, Silius by Vid201) costs approximately $200-400/month in cloud infrastructure but gives you full control and zero per-UserOp fees.

5. Paymaster: Sponsoring Gas

Paymasters are the game-changer for UX. They allow a third party to pay gas fees on behalf of the user. Two main types:

• •Verifying Paymaster — Approves sponsorship based on off-chain logic (e.g., your backend signs an approval). Cost: you pay the gas.
• •ERC-20 Paymaster — User pays gas in ERC-20 tokens (USDC, DAI) instead of ETH. The paymaster swaps on-chain.

Paymaster sponsorship costs on mainnet average $0.08-0.25 per UserOp on Ethereum L1, but only $0.001-0.01 on L2s like Base or Arbitrum, making L2 deployment the practical choice for consumer apps.

Step-by-Step Implementation Guide

Let's build a production-ready ERC-4337 integration. We will use the Permissionless.js library (by Pimlico), which is the most widely adopted TypeScript SDK for ERC-4337 with 3,200+ GitHub stars.

Step 1: Install Dependencies

Permissionless.js is built on top of viem, the modern TypeScript Ethereum library that has largely replaced ethers.js in new projects (28K+ GitHub stars).

Step 2: Configure the Smart Account Client

Step 3: Send a Gasless Transaction

Behind the scenes, the SDK: constructs a UserOp, estimates gas via the bundler, requests paymaster sponsorship, signs with the owner key, submits to the bundler, and waits for on-chain inclusion.

Step 4: Batch Multiple Operations

One of account abstraction's killer features is batching. Execute multiple contract calls in a single UserOp:

This saves users approximately 40-60% in gas costs compared to three separate EOA transactions, and the UX is a single confirmation.

Step 5: Implement Social Recovery

Social recovery lets users designate guardians who can collectively authorize a key rotation if the primary key is lost:

Safe's social recovery module supports up to 20 guardians with configurable M-of-N thresholds. ZeroDev's weighted recovery allows different guardians to have different weights (e.g., hardware wallet = 3, friend = 1, threshold = 3).

Step 6: Session Keys for Seamless Gaming/DeFi

Session keys let users pre-approve specific actions for a limited time, eliminating per-transaction confirmations:

Session keys have become essential for Web3 gaming. Ronin's implementation (Axie Infinity) processes 800K+ session-key transactions daily, and the upcoming Treasure Chain uses them for all in-game actions.

Passkey Integration: WebAuthn Wallets

The most exciting account abstraction UX pattern in 2026 is passkey-based wallets. Users authenticate with Face ID, Touch ID, or Windows Hello — no seed phrase, no extension, no mobile app.

Coinbase Smart Wallet uses this pattern and has onboarded over 11.5 million users. Their data shows a 78% completion rate for passkey onboarding versus 23% for traditional seed phrase flows.

Cost Analysis: ERC-4337 in Production

Real gas costs as of March 2026 (average UserOp):

Key takeaway: L2s make account abstraction economically viable for consumer apps. A paymaster sponsoring 100,000 UserOps/month on Base costs approximately $300-1,000 — a reasonable customer acquisition cost.

Monthly Infrastructure Cost Breakdown

Security Considerations

Account abstraction introduces new attack surfaces that builders must address:

1. •

   Signature replay — Always include chain ID and EntryPoint address in the signed hash. The v0.7 EntryPoint handles this, but custom validation logic must be careful.

2. •

   Paymaster griefing — Malicious UserOps can drain paymaster deposits. Implement rate limiting and off-chain verification in your verifying paymaster.

3. •

   Storage access restrictions — During validation, smart accounts can only access their own associated storage (slots defined by the account address). Violating this causes bundler rejection. This is the most common implementation bug.

4. •

   Bundler DOS — Bundlers must simulate UserOps before inclusion. A malicious account that passes simulation but reverts on-chain wastes bundler gas. The ERC-4337 mempool rules (ERC-7562) enforce strict validation rules to prevent this.

5. •

   Upgrade risks — If your smart account is upgradeable (proxy pattern), a malicious upgrade could drain all funds. Use timelocks and multi-sig governance for upgrade authority.

The security auditors in our directory have experience auditing ERC-4337 implementations, including smart account modules and paymaster contracts. Book a consultation to discuss your security review needs.

ERC-7579: The Module Standard

ERC-7579 is the emerging standard for modular smart accounts, allowing plug-and-play functionality:

• •Validators — Custom signature verification (passkeys, multisig, MPC)
• •Executors — Automated actions (DCA, stop-loss, recurring payments)
• •Hooks — Pre/post-execution checks (spending limits, allowlists)
• •Fallback handlers — Extended functionality (ERC-721 receiver, flash loans)

The Rhinestone Module Registry (launched September 2025) now lists 47 audited modules that any ERC-7579 account can install. This composability means you don't need to build everything from scratch.

Production Deployment Checklist

Before going live with ERC-4337, ensure:

1. •Smart account factory deployed and verified on your target chains
2. •Bundler configured with proper gas price oracle and retry logic
3. •Paymaster funded with sufficient deposit (monitor with alerts)
4. •UserOp simulation tested against edge cases (out of gas, reverts, concurrent nonces)
5. •Fallback signer implemented (what happens if your auth service goes down?)
6. •Gas estimation buffer set to 20-30% above estimates (network congestion handling)
7. •Monitoring for paymaster balance, bundler health, UserOp success rates
8. •Upgrade path defined for smart account contract migrations
9. •Recovery flow tested end-to-end (guardian recovery, key rotation)
10. •Rate limiting on paymaster to prevent sponsorship abuse

Real-World Case Studies

Coinbase Smart Wallet: Deployed on Base, uses passkey authentication. 11.5M accounts, processes 2.1M UserOps daily. Their paymaster sponsors all gas for approved dApps in the Coinbase ecosystem. Conversion rate from landing page to first on-chain action: 62%.

Worldcoin World App: 8.2M verified users with smart accounts on Optimism. Uses session keys for frictionless transfers. Gas sponsorship cost: $0.003 per operation on average.

Patch Wallet: Email-based wallet creation using ERC-4337 on Polygon. 1.8M wallets created with zero crypto knowledge required. Average paymaster cost per user per month: $0.12.

Tools and Resources for Builders

If you need expert help implementing ERC-4337, browse our development directory for teams with proven account abstraction experience, or post a project request to receive proposals from qualified builders. For security audits of your smart account contracts, check our security partners.

What's Coming: EIP-7702 and Native Account Abstraction

EIP-7702 (included in the Ethereum Pectra upgrade, live since early 2025) allows EOAs to temporarily delegate to smart contract code within a single transaction. This bridges the gap between EOAs and smart accounts, letting existing MetaMask users access batching and sponsorship without migrating to a new address.

The longer-term roadmap includes full native account abstraction (where EOAs become smart accounts at the protocol level), but ERC-4337's infrastructure will remain relevant as the off-chain relay layer. Projects building on ERC-4337 today are future-proofed.

Frequently Asked Questions

What is the difference between ERC-4337 and EIP-7702?

ERC-4337 creates a parallel system of smart contract wallets with their own mempool, bundlers, and paymasters. EIP-7702 lets existing EOAs temporarily adopt smart contract behavior within a single transaction. ERC-4337 is more powerful (persistent smart accounts, modules, social recovery) while EIP-7702 is simpler for basic batching and sponsorship on existing wallets.

How much does it cost to deploy an ERC-4337 smart account?

Deployment happens lazily with the first UserOperation. On Base, the deployment cost is approximately $0.05-0.15. On Ethereum L1, it ranges from $5-25 depending on gas prices. Many paymasters sponsor the deployment cost for new users.

Can ERC-4337 smart accounts interact with any dApp?

Yes. Smart accounts are standard Ethereum contracts and can interact with any protocol. However, some dApps check msg.sender == tx.origin which fails for smart accounts. This anti-pattern is increasingly rare but still exists in older contracts.

What happens if the bundler goes down?

Users cannot submit UserOps if their bundler is offline. Best practice: configure multiple bundler endpoints as fallbacks. Since the bundler API is standardized (eth_sendUserOperation), switching providers requires only a URL change.

Is ERC-4337 compatible with hardware wallets?

Yes. Hardware wallets like Ledger and Trezor can serve as signers (owners) for smart accounts. The hardware wallet signs UserOps instead of regular transactions. Safe and ZeroDev both support this pattern.

How do I migrate users from EOAs to smart accounts?

The recommended approach is counterfactual deployment: compute the smart account address deterministically from the user's existing EOA, show them the new address, and deploy on first use. EIP-7702 can also bridge the transition by letting EOAs delegate to smart account code.

What are session keys and why do they matter?

Session keys are temporary, scoped signing keys that allow specific actions without requiring the main key for each transaction. For example, a gaming dApp can request a session key valid for 1 hour, limited to the game contract, with a maximum spend of 0.1 ETH. The user approves once and plays without interruptions.

Which chains have the best ERC-4337 support?

Base, Arbitrum, Optimism, and Polygon have the strongest ERC-4337 ecosystems with multiple bundlers, paymasters, and established smart account factories. zkSync Era offers native account abstraction at the protocol level, which is even more efficient. For the latest chain support, check The Signal's intelligence reports.

What Is Account Abstraction and Why Does ERC-4337 Matter?

Traditional Ethereum accounts come in two flavors: Externally Owned Accounts (EOAs) controlled by a private key, and Contract Accounts that run code. EOAs are the only type that can initiate transactions, which creates a fundamental UX problem. Users must safeguard a seed phrase, maintain an ETH balance for gas, and approve every action one at a time.

ERC-4337, authored by Vitalik Buterin, Yoav Weiss, Kristof Gazso, Namra Patel, Dror Tirosh, and Shahaf Nacson, introduces a parallel mempool system that allows smart contract wallets to function as first-class accounts. Instead of sending transactions directly to the Ethereum mempool, users sign UserOperations (UserOps) — data structures describing the intended action. These UserOps flow through an alternative mempool, are collected by Bundlers, and executed on-chain via a singleton EntryPoint contract.

The key innovation: ERC-4337 achieves account abstraction without requiring a hard fork or protocol change. It works on Ethereum mainnet today, and on every EVM-compatible chain.

Core Benefits for Builders

According to Dune Analytics, the number of monthly active ERC-4337 accounts crossed 8.3 million in February 2026, up from 1.2 million in February 2025 — a 591% year-over-year growth rate.

The ERC-4337 Architecture: Components Deep Dive

Understanding the full ERC-4337 stack is essential before writing code. There are five core components that interact in a specific flow.

1. UserOperation: The New Transaction Primitive

A UserOperation is a pseudo-transaction object signed by the user but not broadcast to the standard mempool. It contains:

With ERC-4337 v0.7 (the current standard as of March 2026), UserOps use a "packed" format that reduces calldata costs by approximately 20% compared to v0.6.

2. EntryPoint: The Singleton Orchestrator

The EntryPoint is a single, audited, immutable contract deployed at the same address on every EVM chain: 0x0000000071727De22E5E9d8BAf0edAc6f37da032 (v0.7). It performs two critical phases:

1. •Verification Loop — Calls validateUserOp() on each smart account (and optionally validatePaymasterUserOp() on the paymaster). Reverts are isolated per-UserOp.
2. •Execution Loop — Calls the smart account with the provided callData. Failures here do not revert the entire bundle.

The EntryPoint v0.7 contract has been audited by OpenZeppelin, Spearbit, and Alchemy's internal team. It handles roughly $2.8 billion in monthly transaction volume across all chains.

3. Smart Account: Your Programmable Wallet

The smart account is the user's on-chain identity. It must implement the IAccount interface:

Popular smart account implementations include:

4. Bundler: The Off-Chain Relay

Bundlers collect UserOps from the alternative mempool, simulate them locally, group valid ones into a single handleOps() transaction, and submit it to the blockchain. They earn the gas fee difference as profit.

Leading bundler services:

Running a self-hosted bundler (Rundler is open-source by Alchemy, Silius by Vid201) costs approximately $200-400/month in cloud infrastructure but gives you full control and zero per-UserOp fees.

5. Paymaster: Sponsoring Gas

Paymasters are the game-changer for UX. They allow a third party to pay gas fees on behalf of the user. Two main types:

• •Verifying Paymaster — Approves sponsorship based on off-chain logic (e.g., your backend signs an approval). Cost: you pay the gas.
• •ERC-20 Paymaster — User pays gas in ERC-20 tokens (USDC, DAI) instead of ETH. The paymaster swaps on-chain.

Paymaster sponsorship costs on mainnet average $0.08-0.25 per UserOp on Ethereum L1, but only $0.001-0.01 on L2s like Base or Arbitrum, making L2 deployment the practical choice for consumer apps.

Step-by-Step Implementation Guide

Let's build a production-ready ERC-4337 integration. We will use the Permissionless.js library (by Pimlico), which is the most widely adopted TypeScript SDK for ERC-4337 with 3,200+ GitHub stars.

Step 1: Install Dependencies

Permissionless.js is built on top of viem, the modern TypeScript Ethereum library that has largely replaced ethers.js in new projects (28K+ GitHub stars).

Step 2: Configure the Smart Account Client

Step 3: Send a Gasless Transaction

Behind the scenes, the SDK: constructs a UserOp, estimates gas via the bundler, requests paymaster sponsorship, signs with the owner key, submits to the bundler, and waits for on-chain inclusion.

Step 4: Batch Multiple Operations

One of account abstraction's killer features is batching. Execute multiple contract calls in a single UserOp:

This saves users approximately 40-60% in gas costs compared to three separate EOA transactions, and the UX is a single confirmation.

Step 5: Implement Social Recovery

Social recovery lets users designate guardians who can collectively authorize a key rotation if the primary key is lost:

Safe's social recovery module supports up to 20 guardians with configurable M-of-N thresholds. ZeroDev's weighted recovery allows different guardians to have different weights (e.g., hardware wallet = 3, friend = 1, threshold = 3).

Step 6: Session Keys for Seamless Gaming/DeFi

Session keys let users pre-approve specific actions for a limited time, eliminating per-transaction confirmations:

Session keys have become essential for Web3 gaming. Ronin's implementation (Axie Infinity) processes 800K+ session-key transactions daily, and the upcoming Treasure Chain uses them for all in-game actions.

Passkey Integration: WebAuthn Wallets

The most exciting account abstraction UX pattern in 2026 is passkey-based wallets. Users authenticate with Face ID, Touch ID, or Windows Hello — no seed phrase, no extension, no mobile app.

Coinbase Smart Wallet uses this pattern and has onboarded over 11.5 million users. Their data shows a 78% completion rate for passkey onboarding versus 23% for traditional seed phrase flows.

Cost Analysis: ERC-4337 in Production

Real gas costs as of March 2026 (average UserOp):

Key takeaway: L2s make account abstraction economically viable for consumer apps. A paymaster sponsoring 100,000 UserOps/month on Base costs approximately $300-1,000 — a reasonable customer acquisition cost.

Monthly Infrastructure Cost Breakdown

Security Considerations

Account abstraction introduces new attack surfaces that builders must address:

1. •

   Signature replay — Always include chain ID and EntryPoint address in the signed hash. The v0.7 EntryPoint handles this, but custom validation logic must be careful.

2. •

   Paymaster griefing — Malicious UserOps can drain paymaster deposits. Implement rate limiting and off-chain verification in your verifying paymaster.

3. •

   Storage access restrictions — During validation, smart accounts can only access their own associated storage (slots defined by the account address). Violating this causes bundler rejection. This is the most common implementation bug.

4. •

   Bundler DOS — Bundlers must simulate UserOps before inclusion. A malicious account that passes simulation but reverts on-chain wastes bundler gas. The ERC-4337 mempool rules (ERC-7562) enforce strict validation rules to prevent this.

5. •

   Upgrade risks — If your smart account is upgradeable (proxy pattern), a malicious upgrade could drain all funds. Use timelocks and multi-sig governance for upgrade authority.

The security auditors in our directory have experience auditing ERC-4337 implementations, including smart account modules and paymaster contracts. Book a consultation to discuss your security review needs.

ERC-7579: The Module Standard

ERC-7579 is the emerging standard for modular smart accounts, allowing plug-and-play functionality:

• •Validators — Custom signature verification (passkeys, multisig, MPC)
• •Executors — Automated actions (DCA, stop-loss, recurring payments)
• •Hooks — Pre/post-execution checks (spending limits, allowlists)
• •Fallback handlers — Extended functionality (ERC-721 receiver, flash loans)

The Rhinestone Module Registry (launched September 2025) now lists 47 audited modules that any ERC-7579 account can install. This composability means you don't need to build everything from scratch.

Production Deployment Checklist

Before going live with ERC-4337, ensure:

1. •Smart account factory deployed and verified on your target chains
2. •Bundler configured with proper gas price oracle and retry logic
3. •Paymaster funded with sufficient deposit (monitor with alerts)
4. •UserOp simulation tested against edge cases (out of gas, reverts, concurrent nonces)
5. •Fallback signer implemented (what happens if your auth service goes down?)
6. •Gas estimation buffer set to 20-30% above estimates (network congestion handling)
7. •Monitoring for paymaster balance, bundler health, UserOp success rates
8. •Upgrade path defined for smart account contract migrations
9. •Recovery flow tested end-to-end (guardian recovery, key rotation)
10. •Rate limiting on paymaster to prevent sponsorship abuse

Real-World Case Studies

Coinbase Smart Wallet: Deployed on Base, uses passkey authentication. 11.5M accounts, processes 2.1M UserOps daily. Their paymaster sponsors all gas for approved dApps in the Coinbase ecosystem. Conversion rate from landing page to first on-chain action: 62%.

Worldcoin World App: 8.2M verified users with smart accounts on Optimism. Uses session keys for frictionless transfers. Gas sponsorship cost: $0.003 per operation on average.

Patch Wallet: Email-based wallet creation using ERC-4337 on Polygon. 1.8M wallets created with zero crypto knowledge required. Average paymaster cost per user per month: $0.12.

Tools and Resources for Builders

If you need expert help implementing ERC-4337, browse our development directory for teams with proven account abstraction experience, or post a project request to receive proposals from qualified builders. For security audits of your smart account contracts, check our security partners.

What's Coming: EIP-7702 and Native Account Abstraction

EIP-7702 (included in the Ethereum Pectra upgrade, live since early 2025) allows EOAs to temporarily delegate to smart contract code within a single transaction. This bridges the gap between EOAs and smart accounts, letting existing MetaMask users access batching and sponsorship without migrating to a new address.

The longer-term roadmap includes full native account abstraction (where EOAs become smart accounts at the protocol level), but ERC-4337's infrastructure will remain relevant as the off-chain relay layer. Projects building on ERC-4337 today are future-proofed.

Frequently Asked Questions

What is the difference between ERC-4337 and EIP-7702?

ERC-4337 creates a parallel system of smart contract wallets with their own mempool, bundlers, and paymasters. EIP-7702 lets existing EOAs temporarily adopt smart contract behavior within a single transaction. ERC-4337 is more powerful (persistent smart accounts, modules, social recovery) while EIP-7702 is simpler for basic batching and sponsorship on existing wallets.

How much does it cost to deploy an ERC-4337 smart account?

Deployment happens lazily with the first UserOperation. On Base, the deployment cost is approximately $0.05-0.15. On Ethereum L1, it ranges from $5-25 depending on gas prices. Many paymasters sponsor the deployment cost for new users.

Can ERC-4337 smart accounts interact with any dApp?

Yes. Smart accounts are standard Ethereum contracts and can interact with any protocol. However, some dApps check msg.sender == tx.origin which fails for smart accounts. This anti-pattern is increasingly rare but still exists in older contracts.

What happens if the bundler goes down?

Users cannot submit UserOps if their bundler is offline. Best practice: configure multiple bundler endpoints as fallbacks. Since the bundler API is standardized (eth_sendUserOperation), switching providers requires only a URL change.

Is ERC-4337 compatible with hardware wallets?

Yes. Hardware wallets like Ledger and Trezor can serve as signers (owners) for smart accounts. The hardware wallet signs UserOps instead of regular transactions. Safe and ZeroDev both support this pattern.

How do I migrate users from EOAs to smart accounts?

The recommended approach is counterfactual deployment: compute the smart account address deterministically from the user's existing EOA, show them the new address, and deploy on first use. EIP-7702 can also bridge the transition by letting EOAs delegate to smart account code.

What are session keys and why do they matter?

Session keys are temporary, scoped signing keys that allow specific actions without requiring the main key for each transaction. For example, a gaming dApp can request a session key valid for 1 hour, limited to the game contract, with a maximum spend of 0.1 ETH. The user approves once and plays without interruptions.

Which chains have the best ERC-4337 support?

Base, Arbitrum, Optimism, and Polygon have the strongest ERC-4337 ecosystems with multiple bundlers, paymasters, and established smart account factories. zkSync Era offers native account abstraction at the protocol level, which is even more efficient. For the latest chain support, check The Signal's intelligence reports.