EOA session keys fail at scale. They grant temporary, broad permissions to a third party, creating a security model that is either too permissive for complex actions or requires constant, costly re-authorization for each step.
wallet-wars-smart-accounts-vs-embedded-wallets
Blog
Why Batch Transactions Expose the Flaws in EOA Sessions
Externally Owned Accounts (EOAs) cannot natively batch operations, forcing protocols into insecure session key designs. This fundamental limitation is the core technical argument for smart accounts like those enabled by ERC-4337.
introduction
THE FUNDAMENTAL FLAW
Introduction
Batch transactions reveal that Externally Owned Account (EOA) session keys are a brittle abstraction, not a scalable solution for user experience.
Batch execution exposes this brittleness. A single transaction bundle for a DeFi strategy on Uniswap or Aave requires pre-approving every asset and contract, a UX nightmare that intent-based architectures like UniswapX and CoW Swap solve by design.
The evidence is in the gas. Users pay for each approval and execution step. Protocols like Safe{Wallet} and ERC-4337 smart accounts demonstrate that native batching and sponsored transactions are the required infrastructure shift.
thesis-statement
THE FLAWED FOUNDATION
The Core Argument
Batch transactions expose the fundamental architectural mismatch between modern intent-based applications and the legacy Externally Owned Account (EOA) session model.
EOA sessions are stateful. They lock a user's account to a single dApp's logic, creating a fragile, sequential workflow that breaks atomic composability. This prevents a wallet from executing a cross-DEX arbitrage or a UniswapX-style fill across multiple chains in a single, guaranteed operation.
Batch transactions are stateless workarounds. Protocols like Safe{Wallet} and Rabby Wallet simulate atomicity by bundling calls, but this is a client-side illusion. The underlying EOA still signs a linear list, exposing users to sandwich attacks and failed state transitions if any single call reverts.
The market demands intent abstraction. Users express desired outcomes (e.g., 'buy this NFT with the best price'), not manual transaction sequences. The rise of UniswapX, CowSwap, and Across proves the demand for declarative, risk-minimized execution that the EOA session model structurally cannot provide.
Evidence: Over 60% of Ethereum's top 100 contracts by gas usage are now proxy or modular accounts (ERC-4337, Safe). The infrastructure is already migrating away from the native EOA, rendering its session management obsolete for advanced use cases.
market-context
THE SESSION KEY TRAP
The UX Imperative Driving Bad Security
User demand for seamless, multi-step interactions has forced a security regression back to centralized models via session keys.
EOA sessions centralize risk. A user grants a dApp a session key to sign a batch of future transactions, trading granular control for convenience. This recreates the custodial risk of a centralized exchange, where a single compromised key exposes all approved actions.
The approval is the vulnerability. Unlike a smart contract wallet with social recovery, a leaked EOA session key grants irrevocable access. Projects like dYdX and gaming platforms popularized this model, prioritizing fluid UX over the self-custody principle.
Batch transactions reveal the flaw. A session enabling a swap on Uniswap and a bridge via LayerZero in one click is the goal. The security failure is bundling unlimited, future permissions into one all-or-nothing signature, a clear regression from per-transaction signing.
Evidence: The ERC-4337 Intent. The rise of ERC-4337 account abstraction and intent-based systems like UniswapX and CowSwap is a direct market response. These systems execute complex user intents without handing over private keys, proving the session key model is a dead-end.
key-trends
WHY BATCH TRANSACTIONS EXPOSE EOA FLAWS
The Three Insecure Workarounds
Externally Owned Accounts (EOAs) force users and developers into insecure patterns to simulate a single, multi-step session.
01
The Problem: The Approve-Then-Transfer Two-Step
Every DeFi interaction requires a separate approval transaction, creating a race condition between user intent and execution. This exposes users to sandwich attacks and MEV extraction on every swap.\n- Front-running Risk: The approval is a public signal for bots.\n- UX Friction: Users must sign twice for one logical action.
~$1.2B+
MEV Extracted (2023)
2x
Required Signatures
02
The Problem: The Batched Relayer Proxy
Protocols like UniswapX and CowSwap use off-chain solvers and relayers to batch user intents. This outsources security to a trusted third party with temporary custody of funds.\n- Centralization Vector: Relayer is a single point of failure.\n- Censorship Risk: Relayer can reorder or drop transactions.
1
Trusted Executor
~500ms
Custody Window
03
The Problem: The Multi-Sig Session Key
Gaming and social dApps create session keys—limited smart contract wallets—to sign many actions. This reintroduces private key management and expands the attack surface.\n- Key Leakage: A compromised session key can drain allowances.\n- Granularity Overhead: Managing permissions per app is complex.
24-48h
Typical Key Validity
High
Management Burden
THE BATCHING BATTLEGROUND
EOA Sessions vs. Smart Account Batching: A Feature Matrix
A direct comparison of transaction execution paradigms, exposing the architectural limitations of EOA session keys versus the composable power of smart account batching.
| Feature / Metric | EOA Session Keys (e.g., ERC-4337 Sessions) | Smart Account Native Batching (e.g., Safe, Biconomy) |
|---|---|---|
Atomic Multi-Operation Execution | ||
Gas Cost per Operation (Est.) | ~21k gas per txn + session overhead | ~5k-15k gas per internal call |
Cross-Contract Call Dependency | ||
Maximum Operations per Session/Batch | Pre-defined, limited set | Theoretically unlimited (gas-bound) |
Post-Execution State Guarantees | None (per-txn) | All-or-nothing atomic revert |
Native Fee Abstraction Support | Requires Paymaster per txn | Single Paymaster for entire batch |
Time-Based Expiry (Typical) | 24 hours | None (executes immediately) |
Revocation Granularity | Entire session | Individual pending batched txn |
deep-dive
THE ARCHITECTURAL MISMATCH
First Principles: Why EOAs Can't Batch
The Externally Owned Account (EOA) model's atomic, single-operation design fundamentally prevents native transaction batching, creating systemic inefficiency.
EOAs are atomic by design. Every EOA transaction is a single, indivisible operation signed by a private key. This atomicity prevents bundling multiple actions, forcing protocols like Uniswap and Aave to require separate approvals and executions.
Session keys create a false equivalence. EOA 'sessions' via tools like Particle Network or ERC-4337 wallets simulate batching by pre-signing future actions. This is delegation, not true atomic batching, and introduces persistent security trade-offs.
The cost is quantifiable inefficiency. Users pay gas for each atomic step. A simple swap on a DEX aggregator like 1inch often requires two transactions, doubling base network fees compared to a single batched operation.
Smart contract wallets solve this. Accounts like Safe{Wallet} or ERC-4337 smart accounts are contracts, enabling true atomic multi-call bundles. This architectural shift is why intent-based systems (UniswapX, CowSwap) rely on solver contracts, not EOAs.
case-study
WHY BATCH TRANSACTIONS EXPOSE THE FLAWS IN EOA SESSIONS
Case Studies in Compromise
Batch transactions reveal the fundamental trade-offs of EOA session keys, forcing users to choose between security, cost, and functionality.
01
The UniswapX Gas Auction Problem
UniswapX uses a Dutch auction for gas, requiring multiple on-chain approvals and settlement transactions. EOA sessions must pre-approve a high gas limit, creating a massive attack surface for the entire session duration.
- Risk: A single compromised session key can drain all pre-approved assets.
- Cost: Users overpay for gas caps to avoid failed transactions.
- Inefficiency: Batch logic is offloaded to a filler, but the EOA still signs multiple intent messages.
100%
Exposure
~$10M+
Risk per Session
02
The GameFi Session Key Drain
Games like Parallel and Pirate Nation use session keys for seamless gameplay. A batch of in-game actions (craft, battle, trade) is signed once.
- Flaw: The session scope is often overly broad (
CALLpermission vs.DELEGATECALL), allowing malicious contracts to hijack the entire batch. - Result: High-profile drains where a single phishing link empties a wallet's entire approved asset set.
- Reality: User convenience directly compromises asset segregation.
~$5M
Typical Drain
1 Click
To Exploit
03
LayerZero's Omnichain Dilemma
Omnichain transactions (e.g., Stargate swaps) involve multiple calls: approve, bridge, receive, and swap on destination chain. EOA sessions struggle with this.
- Friction: Users must sign a new session for each chain, defeating the purpose of a seamless cross-chain batch.
- Security: To enable a cross-chain batch, the session key needs sweeping permissions on all involved chains, exponentially increasing risk.
- Outcome: Projects either limit functionality or accept catastrophic security models, as seen in the LayerZero OFT standard implementations.
3-5x
More Signatures
Multi-Chain
Attack Surface
04
The ERC-4337 Paymaster Over-Approval
Paymasters in ERC-4337 allow sponsored transactions, but funding them requires batch approvals. The EOA model forces an all-or-nothing approval to the paymaster contract.
- Inefficiency: Users approve large sums for future batches, locking capital and creating a static target.
- Contrast: Smart accounts could approve per-user-operation or use signature-based allowances.
- Evidence: This flaw pushes adoption towards centralized relayers, undermining decentralization for usability.
>24 hrs
Capital Lockup
Single Point
Of Failure
counter-argument
THE UX BOTTLENECK
Steelman: Are EOA Sessions 'Good Enough'?
Batch transaction use cases expose the fundamental UX and security limitations of EOA session keys.
EOA sessions fail at composability. They are single-chain, single-contract constructs. A gaming session key cannot sign a cross-chain swap on Across or a multi-step DeFi operation without a new approval.
Batch execution is impossible. An EOA session signs one action. Complex intents requiring multiple steps—like a Uniswap swap followed by a deposit into Aave—require separate, sequential signatures.
Security is a binary trap. The session is either fully trusted or useless. There is no granularity for partial permissions, like allowing swaps but not transfers, which ERC-4337 account abstraction enables.
Evidence: The rise of intent-based architectures like UniswapX and CowSwap proves the market demands abstracted, batched execution that EOAs cannot provide.
takeaways
WHY BATCHING BREAKS THE MODEL
TL;DR for Builders and Investors
Batch transactions expose the fundamental architectural mismatch between EOA session keys and modern DeFi's composable intent.
01
The Atomicity Problem
EOA sessions fail to guarantee atomic execution for multi-step operations. A batch of swaps and deposits is vulnerable to sandwich attacks and MEV extraction between steps, breaking the user's intended outcome.
- Result: Failed transactions, lost funds, and negative slippage.
- Contrast: Smart contract wallets like Safe or ERC-4337 accounts can enforce atomic bundles.
~15%
Slippage Risk
Non-Atomic
Execution
02
The Gas Abstraction Lie
Session keys promise gasless UX but crumble under batch complexity. The sponsoring relayer faces unpredictable, unbounded gas costs, creating a toxic business model prone to centralization or failure.
- Result: Relayers like Biconomy or Pimlico must impose strict limits, breaking the seamless UX.
- Solution: Paymasters with ERC-4337 UserOperations provide deterministic gas accounting.
Unbounded
Gas Cost
Centralized
Relayer Risk
03
Permission Scope is a Blunt Instrument
EOA sessions grant broad, time-bound permissions (e.g., unlimited USDC spends). Batching requires granular, intent-based allowances. This all-or-nothing model is a security nightmare for wallets like MetaMask and a compliance liability.
- Result: Overprivileged keys lead to $200M+ annual hack losses.
- Future: ERC-7579 modular smart accounts enable minimal, context-aware permissions.
$200M+
Annual Risk
Over-Privileged
Access
04
The Composability Wall
DeFi's value is in lego-like composition (e.g., Uniswap → Aave). EOA sessions, designed for single-chain, single-action flows, cannot natively coordinate cross-chain or cross-protocol batches executed by solvers like CowSwap or Across.
- Result: Fragmented user experience; the "session" is an illusion.
- Architecture: Intent-based systems (UniswapX, Anoma) separate declaration from execution.
Multi-Chain
Requirement
Single-Chain
Design
05
Account Abstraction is the Baseline
The debate isn't EOA vs. AA. It's about recognizing that ERC-4337 smart accounts are the minimum viable primitive for batch-native applications. Sessions will be a feature of AA, not a workaround for EOAs.
- Build On: Safe, ZeroDev, Rhinestone for modular session keys.
- Metric: ~3M AA wallets deployed, growing 10x faster than EOA creations.
3M+
AA Wallets
10x
Growth Rate
06
VC Takeaway: Invest in the Stack
The infrastructure enabling secure, scalable batching is the investable thesis. This includes intent solvers (PropellerHeads, Fluid), AA tooling (Pimlico, Stackup), and modular security (Kleros, Hexagate).
- Avoid: Funding apps built on the flawed EOA session layer.
- Target: Protocols that abstract complexity, don't just hide it.
Infrastructure
Layer
Application
Risk
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall