Why Paymaster Contracts Are the New Attack Surface

Most paymaster services rely on centralized relayers to sponsor transactions, creating a censorship and liveness risk. If the relayer goes down, user transactions fail.

• Censorship Risk: Relayer can selectively filter transactions.
• Liveness Dependency: User experience is tied to operator uptime.
• Trust Assumption: Users must trust the relayer's integrity.

A paymaster contract has the final authority to pay for and validate a transaction, granting it immense power to manipulate outcomes.

• Transaction Hijacking: Can modify msg.sender or call data before execution.
• Rug Pull Vector: Can drain sponsored gas fees or user funds.
• Front-running: Paymaster logic can be exploited for MEV extraction.

Paymasters that accept ERC-20 tokens for gas fees rely on price oracles. Manipulating these oracles can bankrupt the paymaster service.

• Oracle Attack: Feed stale or manipulated prices to drain reserves.
• Liquidity Risk: Requires deep pools for token/ETH swaps (e.g., Uniswap).
• Economic Viability: Volatility can make sponsorship unprofitable.

Mitigation requires moving beyond trusted setups. Key approaches include:

• Bundler-Paymaster Separation: Enshrining paymaster logic in the protocol (EIP-4337 vision).
• Intent-Based Design: Using solvers (like CowSwap, UniswapX) to fulfill user intents without direct contract control.
• ZK Proofs: Employing validity proofs to cryptographically verify paymaster rules without revealing full logic.

Operational security requires hard limits and real-time monitoring to contain damage.

• Stake-Slashing: Enforced via smart contracts for malicious behavior.
• Per-User/Per-Session Limits: Cap sponsorship amounts to limit exposure.
• Real-time Anomaly Detection: Monitor for abnormal gas sponsorship patterns.

Ultimate security shifts control to the user's wallet, allowing them to define and sign explicit sponsorship policies.

• Policy Signing: Users sign which paymaster rules are acceptable (e.g., max cost, allowed contracts).
• Session Keys with Limits: Grant temporary, scoped sponsorship authority.
• Wallet Integration: Native support in smart wallets (Safe, Biconomy, ZeroDev) for policy management.

Most paymaster implementations rely on a centralized relayer to sponsor gas. This creates a single point of failure and censorship.\n- DoS Attack Surface: A targeted attack on the relayer can brick all dependent smart accounts.\n- Censorship Vector: The relayer operator can selectively refuse to process transactions for blacklisted addresses.

The business logic determining which transactions get sponsored is a complex, on-chain contract vulnerable to manipulation.\n- Drain Attacks: Flaws in validation can allow malicious transactions to drain the paymaster's funding pool.\n- Economic Spam: Attackers can craft transactions to trigger subsidy logic, wasting sponsor funds on junk transactions.

The singleton EntryPoint contract in ERC-4337, which all UserOperations pass through, amplifies paymaster risk.\n- Protocol-Wide Impact: A compromised or exploited paymaster can affect all bundlers and users in the ecosystem.\n- Upgrade Risk: Centralized upgrade keys for core contracts (EntryPoint, paymaster templates) pose a governance attack risk.

Bundlers must simulate transactions to verify paymaster sponsorship, creating new MEV and trust issues.\n- Simulation Griefing: Attackers can craft transactions that simulate correctly but fail on-chain, wasting bundler resources.\n- MEV Extraction: Bundlers can front-run or censor UserOperations based on paymaster subsidy rules for profit.

Wallets like Safe, Biconomy, and ZeroDev implement paymaster features, but their security models differ.\n- Fragmented Audits: Each provider's custom paymaster logic requires separate, rigorous auditing.\n- Wallet-Specific Bugs: A vulnerability in one provider's SDK or contract can compromise all its integrated dApps and users.

The mitigation path involves decentralizing the sponsorship layer to eliminate single points of failure.\n- Staked Bundler Pools: Require bundlers to stake, slashing them for malicious simulation or censorship.\n- Intent-Based Routing: Use systems like UniswapX or CowSwap's solver network to create a competitive market for transaction sponsorship.

Most paymaster flows rely on a centralized relayer to sponsor and submit transactions, creating a single point of failure and censorship. This reintroduces the trusted intermediary problem that account abstraction aims to solve.

• Relayer can front-run, censor, or reorder user ops
• User's transaction intent is exposed pre-execution
• Creates systemic risk akin to MEV in sequencers

Shift to a model where paymaster logic is verifiably executed in a decentralized network, not by a single entity. Projects like Ethereum's Pimlico (with its Verifying Paymaster) and Starknet's native paymaster contracts point the way.

• Cryptographic proofs of correct sponsorship rules
• Relayer-agnostic operation prevents censorship
• Enables non-custodial sponsored transactions

The paymaster's validation function is a new, complex smart contract with arbitrary logic that must be bulletproof. A bug here is a direct drain on the paymaster's stake or deposited funds.

• Infinite approval exploits on ERC-20 gas tokens
• Signature replay across different chains or EntryPoints
• Oracle manipulation for dynamic sponsorship rules

Treat the paymaster contract with the same rigor as a protocol's core vault. Use formal verification for critical sponsorship logic. The community must develop and audit standardized, minimal paymaster primitives (like OpenZeppelin for AA).

• Limit validation logic to whitelists & simple rules
• Use battle-tested libraries for signature schemes
• Isolate funds in a cold, delay-withdrawable stake contract

Paymasters must manage volatile gas costs, token exchange rates, and user reputation without being exploited. Flawed models lead to insolvency or force centralization.

• Gas price spikes can bankrupt a fixed-price sponsor
• Sybil attacks on per-user quotas or free tiers
• MEV extraction via transaction ordering in sponsored bundles

Adopt hybrid models where users pay a base fee, covered by protocols like Gelato or Biconomy, with the paymaster covering the rest. Implement on-chain policy engines with real-time data from Chainlink or Pyth for dynamic, sustainable rules.

• User-Pays-Data, Sponsor-Pays-Execution models
• Staked reputation systems to deter Sybil attacks
• Real-time gas & price oracles for solvency