Trail of Bits Blog
Follow
Six mistakes in ERC-4337 smart accounts
Account abstraction replaces traditional accounts with programmable systems, enhancing features like batching and spending controls, but introducing new security risks. Audits of ERC-4337 smart accounts reveal six common vulnerability patterns developers must address. Incorrect access control, granting unauthorized parties execution privileges, is a primary concern. Incomplete signature validation, specifically neglecting gas-related fields, opens doors for attackers to drain funds. Modifying state during validation, particularly by caching signers, creates opportunities for unintended behavior during execution. Replay attacks exploiting ERC-1271 signature validation, due to a failure to bind signatures to the smart account and chain, are also problematic. Reverts during execution do not nullify gas fees paid during successful validation, enabling denial-of-service attacks. Developers should also be wary of paymasters that improperly handle postOp logic, potentially allowing attackers to exploit vulnerabilities. Addressing these issues is crucial for secure ERC-4337 implementation.
