Account abstraction on Ethereum has two canonical addresses worth memorizing. EntryPoint v0.6 lives at 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789. EntryPoint v0.7, deployed in early 2024, lives at 0x0000000071727De22E5E9d8BAf0edAc6f37da032. Every ERC-4337 transaction on mainnet, Arbitrum, Optimism, Base, Polygon, and most other EVM chains routes through one of those two singletons. If you understand what those contracts do, and the five other roles around them, you understand ERC-4337.
This is part 2 of our Smart Accounts series. Part 1 covered why EOAs are a bad default. Here we go under the hood: the six-role lineup, the UserOperation struct, what actually happens when you swap a token from a smart account, the v0.6 → v0.7 changes, paymasters, public alt-mempools versus private bundlers, and the cost overhead you should expect.
The six roles in one diagram
ERC-4337 splits what an EOA does in one step into six cooperating actors. None of them required an Ethereum hard fork — the entire system is contracts plus off-chain infrastructure.
- Sender (the smart account): A contract wallet that holds your assets and implements
validateUserOp. It is themsg.senderfrom the perspective of any DApp it interacts with. Examples: Safe, Kernel, Biconomy Nexus, Coinbase Smart Wallet, Alchemy's Light Account. - UserOperation: A pseudo-transaction struct (not a real Ethereum transaction) describing what the sender wants to do. Users sign UserOps, not transactions.
- Bundler: An off-chain node that collects UserOps from a mempool, simulates them, packs them into a single
handleOpscall, and pays the L1 gas. Bundlers earn the difference between what the sender (or paymaster) reimburses and what they pay the validator. - EntryPoint: The trusted singleton contract that loops over the bundle, calls each sender's
validateUserOp, executes the call data, and handles refunds and reverts. There is exactly one EntryPoint per version per chain. - Paymaster (optional): A contract that agrees to pay gas on behalf of a sender, either sponsored (free for the user) or in exchange for an ERC-20 like USDC.
- Aggregator (optional): A contract that validates many UserOps with one signature check — useful for BLS schemes or zk proofs. Rarely deployed in production today.
Keep this lineup in mind. The rest of the article is just these six talking to each other.
The UserOperation struct
A UserOperation is a JSON-RPC-friendly bundle of fields that, once signed, expresses intent without committing it to L1 yet. The v0.7 layout has 11 logical fields:
sender— the smart account address.nonce— a 256-bit value where the upper 192 bits are a key (parallel nonce lane) and the lower 64 bits are a sequence. This is how ERC-4337 supports parallel nonces, unlike EOAs which serialize everything.factoryandfactoryData— for first-time deployment via CREATE2; null after deploy.callData— the call the smart account should make once validated.callGasLimit,verificationGasLimit,preVerificationGas— three separate gas budgets.maxFeePerGas,maxPriorityFeePerGas— same EIP-1559 semantics as a regular tx.paymasterAndData(v0.6) split intopaymaster,paymasterVerificationGasLimit,paymasterPostOpGasLimit,paymasterData(v0.7).signature— opaque bytes the smart account interprets in its ownvalidateUserOp.
The signature scheme is up to the wallet. ECDSA over secp256k1 is common, but P-256/passkey verification, multisig, social-recovery thresholds, and session-key signers all live behind the same interface. That flexibility is the entire point.
End-to-end: what happens when a smart account swaps USDC for ETH
Follow a real swap to see the roles fire in order.
- User taps "Swap" in their wallet UI. The wallet builds a UserOperation:
sender = 0xUserSafe,callData = swapUSDCforETH(amount)targeting Uniswap. - Gas estimation. The wallet calls
eth_estimateUserOperationGason a bundler RPC. The bundler simulates the op against the EntryPoint, returns the three gas limits. - User signs. The wallet hashes the UserOp with the EntryPoint address and chain ID, prompts the user (passkey, hardware key, whatever), attaches the signature.
- Submission. The signed UserOp is sent via
eth_sendUserOperationto one or more bundlers. It enters the alt-mempool — a separate P2P network from Ethereum's regular tx mempool. - Bundler simulation. The bundler re-simulates with
eth_callagainstsimulateValidation. It checks ERC-7562 storage-access rules: a UserOp can only touch its own storage during validation, otherwise the bundler risks getting griefed. - Bundling. The bundler packs this UserOp with up to ~10 others into one
handleOps([...userOps], beneficiary)call to EntryPoint. - On-chain execution. EntryPoint loops: for each op, call
validateUserOpon the sender, deduct the prefund, then executecallData. The Uniswap swap fires from the smart account. - Refund. EntryPoint refunds unused gas to the sender (or paymaster) and pays the bundler's beneficiary address.
If step 5 fails, the bundler drops the op and the user sees an AAxx error code. The most common are AA21 (didn't pay prefund), AA23 (signature error), AA25 (invalid nonce), AA33 (paymaster reverted), and AA40 (over verification gas limit). Memorize that table — you will see them.
EntryPoint v0.6 vs v0.7
v0.6 shipped in March 2023 at 0x5FF1…2789. It worked, but it had three nagging issues: a single paymasterAndData blob that conflated three gas dimensions, awkward initCode packing, and gas accounting that overcharged senders. v0.7 fixed all three.
Key v0.7 changes worth knowing:
- Address:
0x0000000071727De22E5E9d8BAf0edAc6f37da032(notice the leading zeros — that's a vanity-mined address chosen so calldata gas is cheaper, since each zero byte costs 4 gas vs 16 for nonzero). - Split paymaster fields:
paymaster,paymasterVerificationGasLimit,paymasterPostOpGasLimit,paymasterDataare now separate. Easier to estimate, harder to forget a budget. - Factory split: same idea —
factoryandfactoryDataare separate fields instead of a packedinitCode. - Penalty for unused gas: senders are charged 10% of unused
callGasLimit/paymasterPostOpGasLimit, which discourages massively over-estimated ops. - EIP-7702 compatibility hooks: v0.7 added the plumbing that lets a regular EOA temporarily delegate to a smart-account implementation, which became the foundation for the EIP-7702 upgrade path shipped in Pectra.
v0.6 is still live and still used — many wallets did not ship a v0.7-compatible module until well into 2024. Most chains run both EntryPoints in parallel for years.
Paymasters: who pays for the gas
A paymaster is a contract that holds an ETH stake with the EntryPoint and agrees to cover gas for UserOps that match its policy. Three flavors dominate:
- Verifying paymaster (sponsored). Backend signs an off-chain approval; paymaster verifies the signature on-chain and pays. Used by apps that want zero-gas onboarding — Coinbase Smart Wallet, Farcaster Frames, most NFT mints.
- ERC-20 paymaster. User pays in USDC, USDT, or DAI; paymaster swaps to ETH on the back end (or holds ETH inventory). Pimlico, Biconomy, and Stackup all run public ones.
- Token paymaster with permit. Uses EIP-2612 permit so the user signs both the UserOp and a token approval in one signature.
The paymaster's validatePaymasterUserOp runs during the EntryPoint's validation phase. If it reverts, you get AA33. If it runs out of stake, the EntryPoint slashes it and the bundler eats the loss — which is why bundlers maintain paymaster reputation lists. ERC-7562 codifies these reputation rules so the bundler mempool stays spam-resistant. The same primitives explain why DeFi approval and multisig hygiene translate cleanly to a 4337 world: same threats, new wrapper.
Public alt-mempool vs private bundler
There are two ways to get a UserOp on-chain.
Public alt-mempool: ERC-7562-compliant bundlers gossip UserOps over a libp2p network. Anyone running a Pimlico, Stackup, Alchemy, Etherspot, or Voltaire node can pick yours up. This is permissionless and censorship-resistant, but you're exposed to the same MEV concerns as regular Ethereum txs — searchers can see your op before inclusion.
Private bundler: You send eth_sendUserOperation directly to one provider's RPC. They simulate, bundle, and submit privately (often via Flashbots). Faster, MEV-protected, but you trust the bundler not to censor or front-run. Most consumer wallets use private bundlers by default in 2026.
The trade-off mirrors public mempool vs Flashbots Protect for regular txs. If you have not seen the underlying transaction lifecycle since the L1 days, that primer covers what changes when the bundler steps in.
Aggregators, adoption, and what this all costs
Aggregators are contracts that validate batches with one signature check. The canonical use case is BLS — you collect 50 UserOps signed with BLS, aggregate the signatures into one pairing check, and save ~95% on signature gas. Adoption has been slow because writing BLS-signing wallets is hard and the gas savings only pay off at high volume. As of mid-2026, less than 1% of mainnet UserOps use aggregators.
Adoption numbers (Q1 2026 from bundlebear.com): roughly 380 million cumulative UserOps across all chains, with Base, Polygon, and Arbitrum accounting for the majority. Mainnet share is ~6–8% — smallest by volume but biggest by value transferred. Coinbase Smart Wallet, Farcaster, and Argent dominate consumer flow.
Cost overhead: a v0.7 UserOp costs roughly 30,000–40,000 gas more than the equivalent EOA transaction — that's the EntryPoint loop, validation, and bundle housekeeping. On mainnet at 20 gwei, that's a fraction of a dollar per op. First-time account deployment via factoryData adds roughly 250,000 gas on top. On L2s where calldata is the dominant cost, the percentage overhead is single-digit. Sponsored UserOps shift this cost to the dApp, which is why you see free transactions on consumer apps but not on serious DeFi. The broader transaction-fee primer covers how that overhead lands in different fee markets.
The TL;DR: ERC-4337 is six roles (sender, UserOp, bundler, EntryPoint, paymaster, aggregator), one struct, two EntryPoint addresses you should memorize, and ~30–40k gas of overhead in exchange for arbitrary signature schemes, gas sponsorship, batching, and parallel nonces. Part 3 of this series turns to EIP-7702 — Pectra's parallel track that lets your existing EOA borrow this same machinery without changing addresses.
