A verifying paymaster is a specialized smart contract within the ERC-4337 account abstraction standard that authorizes and pays for a user's transaction fees, acting as a financial sponsor. Unlike a traditional paymaster that simply pays gas, its core function is to perform custom verification logic—such as checking a user's signature, validating a session key, or confirming off-chain authorization—before agreeing to sponsor the transaction. This decouples fee payment from the transaction sender, enabling gasless transactions and novel user experiences where dApps or services can cover costs for their users.
LABS
Glossary
Verifying Paymaster
A smart contract in the ERC-4337 account abstraction standard that validates custom logic off-chain before sponsoring a user's transaction gas fees.
Chainscore © 2026
definition
ACCOUNT ABSTRACTION
What is a Verifying Paymaster?
A verifying paymaster is a smart contract in Ethereum's account abstraction ecosystem that validates and sponsors transaction fees on behalf of users, enabling gasless or subsidized interactions with decentralized applications.
The verification process is defined by the validatePaymasterUserOp function in the paymaster's code. When a UserOperation (a bundled user intent) is submitted to the EntryPoint contract, the paymaster is called to verify specific conditions. This could involve checking a cryptographic signature against a whitelist, validating the transaction's calldata, or ensuring a prepaid balance is sufficient. Only after this on-chain verification succeeds does the paymaster commit to paying the network fees, often by depositing ETH or its own tokens into the EntryPoint contract to cover the gas costs.
Common implementations include sponsorship paymasters used by dApps to onboard users, token paymasters that allow fees to be paid in ERC-20 tokens like USDC, and signature-based verifying paymasters that use off-chain signed messages for authorization. This architecture is fundamental to improving UX, as it removes the need for users to hold the network's native token (e.g., ETH) for gas, and allows for complex transaction sponsorship policies. Key related concepts are the EntryPoint, Bundler, and Smart Contract Wallet which together form the complete ERC-4337 stack.
how-it-works
ACCOUNT ABSTRACTION
How a Verifying Paymaster Works
A technical breakdown of the verifying paymaster, a core component in Ethereum's ERC-4337 account abstraction standard that allows third parties to sponsor transaction gas fees under specific, programmable conditions.
A verifying paymaster is a smart contract within the ERC-4337 account abstraction framework that authorizes and pays for a user's transaction gas fees after programmatically verifying that the transaction meets predefined rules. Unlike a simple paymaster that pays unconditionally, its core function is the validatePaymasterUserOp method, which executes custom logic—such as checking a signature, validating a subscription, or verifying an off-chain attestation—before committing to sponsor the gas. This decouples transaction sponsorship from simple balance checks, enabling sophisticated gas sponsorship models like gasless transactions, subscription services, and sponsored sessions where the user never needs to hold the native blockchain token (e.g., ETH).
The operational flow begins when a User Operation (a packaged user intent) is sent to a Bundler. The bundler simulates the call to the verifying paymaster's validatePaymasterUserOp function, which must return a paymasterAndData value, often containing a signature or proof, if validation passes. This simulation ensures the paymaster will accept the cost later. Crucially, the paymaster must maintain a deposit of ETH in the EntryPoint contract to cover actual gas costs. After validation, the bundler includes the UserOp in a bundle, submits it on-chain, and the EntryPoint contract finally calls the paymaster's postOp function, which can execute cleanup logic or revoke a session.
A common implementation is the signature-based verifying paymaster. Here, the validation logic checks a cryptographic signature provided in the paymasterAndData field against a known signer address. This allows a backend server to sign specific UserOps it agrees to pay for, enabling use cases like fee sponsorship for whitelisted dApp actions or employees. The paymaster contract itself holds no business logic about who can be sponsored; that authority is delegated to the off-chain signer, making the system flexible and upgradeable without modifying the on-chain contract.
For the system's security, the validatePaymasterUserOp function is statically called during simulation and execution, meaning it cannot call external contracts or change state beyond its own storage. This prevents a malicious user from manipulating the validation. Furthermore, paymasters must carefully manage their EntryPoint deposit and implement rate-limiting or fraud detection in their off-chain components to prevent resource exhaustion attacks, where an attacker could drain the deposit by submitting many valid but costly operations.
The verifying paymaster is foundational for improving user experience in Web3. It enables applications to abstract away gas complexities entirely, allowing users to interact with blockchains using stablecoins or credit systems. By separating the validation logic from payment, it creates a market for gas fee services, where companies can offer gas sponsorship as a product, paying fees in exchange for tokens, subscription fees, or as a marketing acquisition cost.
key-features
ARCHITECTURE
Key Features of a Verifying Paymaster
A Verifying Paymaster is a smart contract that validates a user's eligibility for gas sponsorship before signing a UserOperation, ensuring only authorized transactions are subsidized.
01
Off-Chain Verification Logic
The core function runs off-chain before signing. It executes custom business logic (e.g., checking a whitelist, verifying a signature, or querying an API) to determine if the user's transaction should be sponsored. This prevents paying for invalid operations on-chain.
02
Paymaster Signature
Upon successful verification, the paymaster cryptographically signs the UserOperation. This signature is a promise to pay, which the bundler includes when submitting the operation batch to the EntryPoint contract for execution.
03
Gas Abstraction
It enables gasless transactions for end-users by allowing dApps or services to pay network fees. Users submit operations without holding the native blockchain token (e.g., ETH), abstracting away gas complexity.
- Sponsorship: The paymaster's deposit covers the gas.
- Payment Models: Can be funded by dApps, via subscription, or with ERC-20 tokens.
04
Security & Deposit Management
The paymaster must maintain a stake or deposit in the EntryPoint contract. This deposit is used to pay for gas and is slashed for malicious behavior, aligning incentives. The verification step is critical to prevent draining this deposit through spam or invalid transactions.
05
Integration with EntryPoint
It is a core component of the ERC-4337 account abstraction standard. The EntryPoint contract acts as the singleton orchestrator, which validates the paymaster's signature and deducts gas payment from its deposit during the execution phase.
06
Example: Session Keys
A common use case is authorizing session keys for gaming or trading. The verifying paymaster checks if the user's signed UserOperation is from a pre-approved session key and within its gas limits, allowing multiple transactions without repeated wallet pop-ups.
COMPARISON
Verifying Paymaster vs. Other Paymaster Models
A feature and operational comparison of the Verifying Paymaster design against common alternative models for sponsoring user transaction fees.
| Feature / Characteristic | Verifying Paymaster | Deposit-Based Paymaster | ERC-4337 Bundler Paymaster |
|---|---|---|---|
Core Sponsorship Logic | Off-chain verification of custom rules | On-chain balance depletion from a deposited fund | Bundler pays gas, may charge user off-chain |
User Pre-Funding Required | |||
Smart Contract Wallet Required | |||
On-Chain Deposit for Paymaster | |||
Primary Use Case | Conditional sponsorship (e.g., whitelist, subscriptions) | Simple, open sponsorship for any user | Bundler service abstraction |
Sponsorship Flexibility | High (programmable business logic) | Low (pays for any valid UserOp) | Medium (bundler policy) |
Typical Gas Overhead | ~42k gas for signature verification | ~25k gas for balance check | Minimal (gas paid natively) |
Trust Assumption for User | Trust paymaster's off-chain service logic | Trust paymaster's on-chain deposit solvency | Trust bundler to submit transaction |
common-use-cases
PAYMASTER VERIFICATION
Common Use Cases and Examples
Verifying a Paymaster is a critical security step in Account Abstraction, ensuring the sponsor is legitimate and the transaction will be executed as expected. These examples illustrate the practical contexts where verification is essential.
05
Fraud Prevention & Rate Limiting
Paymasters implement security checks to prevent abuse. Verification can include:
- Anti-bot measures: Checking
tx.originor implementing a CAPTCHA. - Rate limiting: Tracking the number of sponsored ops per user address.
- Transaction simulation: Pre-checking that the op will not revert, protecting the Paymaster's deposit.
06
Bundler's Paymaster Integrity Check
Before including a user operation in a bundle, the Bundler must simulate the Paymaster's validation phase. This critical verification step confirms the Paymaster's signature is valid and that its stake in the EntryPoint hasn't been slashed due to malicious behavior, ensuring the entire bundle can be executed successfully.
technical-flow
PAYMASTER OPERATIONS
Technical Flow and Contract Interface
This section details the precise sequence of interactions and the smart contract interface required for a Paymaster to validate and sponsor a user's transaction on an ERC-4337 account abstraction stack.
The verification flow begins when a User Operation is submitted to a Bundler, which calls the validatePaymasterUserOp function on the designated Paymaster contract. This function is the core of the Paymaster's logic, where it must verify the transaction's validity and decide whether to sponsor it. The contract checks parameters like the user's signature, the transaction's callData, and any specific rules encoded in its state (e.g., whitelists, token balances). Crucially, it must return a context (a bytes value) and a validation deadline, which will be passed back to it later during the post-operation execution phase.
If validation succeeds, the Paymaster must prefund the EntryPoint contract to cover the transaction's maximum possible gas costs. This is done by the Paymaster (or a designated sponsor) depositing native chain currency (e.g., ETH) via the EntryPoint's depositTo function, creating a stake that the bundler can trust. The bundler then proceeds to include the User Operation in a bundle and submit it on-chain. The actual gas used is deducted from this deposit after execution. This prefunding mechanism is essential for preventing Paymaster griefing, where a malicious actor could cause a Paymaster to waste gas on invalid operations.
After the user's smart contract account logic executes, the EntryPoint calls the Paymaster's postOp function. This is the second half of the Paymaster's interface, receiving the context returned during validation. Here, the Paymaster performs any final settlement, such as charging the user in a different ERC-20 token, updating usage counters, or revoking a session key. The postOp call is guaranteed to execute if the initial validation passed, allowing the Paymaster to enforce payment even if the user's transaction reverts, protecting its economic model. This two-phase pattern (validate/postOp) is fundamental to secure and flexible sponsorship.
security-considerations
PAYMASTER VERIFICATION
Security Considerations and Risks
A Paymaster is a smart contract that sponsors transaction fees on behalf of users, introducing unique trust assumptions and attack vectors that must be carefully evaluated.
01
Malicious Paymaster Logic
A Paymaster's validatePaymasterUserOp function can contain arbitrary logic. Risks include:
- Rug pulls: The contract can be upgraded to steal deposited funds.
- Censorship: It can arbitrarily reject transactions from specific users or dApps.
- Gas griefing: It can execute expensive operations, causing the user's transaction to revert after consuming gas.
Mitigation: Audit the Paymaster's immutable logic or use a well-audited, reputation-based registry.
02
Deposit Management & Withdrawal Rights
Paymasters hold a deposit in the EntryPoint contract. Key risks are:
- Centralized control: A single admin key may control deposit withdrawal, risking fund seizure.
- Insufficient deposit: If the deposit is depleted, all sponsored transactions will fail.
- Sloppy accounting: Improper balance tracking can lead to the Paymaster sponsoring unintended transactions or becoming insolvent.
Best Practice: Use multi-sig or timelock controls for withdrawals and implement real-time deposit monitoring.
03
Signature Verification Bypass
The Paymaster may sign a paymasterAndData payload. If signature verification is flawed:
- Replay attacks: A valid signature could be reused for an unauthorized operation.
- Signature malleability: Weak cryptographic schemes could allow forgery.
- Context-dependent validation: Failing to properly bind the signature to the specific
UserOperationhash allows sponsorship to be hijacked.
Mitigation: Ensure the signature commits to userOpHash, chainId, and the Paymaster's own address.
04
Oracle Manipulation & Price Feeds
Many Paymasters rely on external data (e.g., exchange rates for gas fee sponsorship in stablecoins). This introduces oracle risk:
- Stale prices: Using a delayed price can make sponsorship unprofitable or lead to insolvency.
- Oracle compromise: A manipulated price feed can drain the Paymaster's deposit by sponsoring overvalued transactions.
- Liquidity risk: The on-chain swap to pay the EntryPoint may fail due to slippage or low liquidity.
05
EntryPoint Contract Upgrades
Paymasters interact with a specific EntryPoint contract version. A coordinated upgrade of the EntryPoint by the ecosystem could:
- Break functionality: If the Paymaster doesn't support the new EntryPoint, its services halt.
- Introduce new vulnerabilities: The new contract may have undiscovered bugs affecting all integrated Paymasters.
Mitigation: Monitor official announcements and ensure the Paymaster contract is upgradeable or can be redeployed to a new EntryPoint.
06
User Operation Replay Across Chains
A UserOperation validated by a Paymaster on one chain could be replayed on another if the Paymaster is deployed on multiple networks and the validation logic doesn't account for chainId.
Consequences:
- The Paymaster's deposit on a secondary chain could be drained.
- The user gets unintended sponsored execution on another network.
Critical Check: The validatePaymasterUserOp function must explicitly verify the operation's chainId matches the Paymaster's expected network.
ecosystem-usage
VERIFYING PAYMASTER
Ecosystem Adoption and Protocols
A Verifying Paymaster is a smart contract that validates and sponsors transaction fees on behalf of users, enabling gasless interactions and complex sponsorship logic.
01
Core Function
A Verifying Paymaster is a smart contract that acts as an intermediary in the ERC-4337 User Operation flow. Its primary function is to:
- Validate a user's request for sponsored gas fees against predefined rules.
- Sponsor (pay for) the transaction fees if validation passes.
- Sign a paymasterAndData field to authorize the sponsorship, which is verified on-chain during User Operation execution.
02
Key Components & Flow
The paymaster's operation involves several critical components:
- Validation Logic: Custom rules (e.g., whitelists, token balances, rate limits) checked during
validatePaymasterUserOp. - Sponsorship: Holding funds (ETH or other tokens) to pay for sponsored gas fees.
- Post-Op Execution: An optional
postOpfunction for cleanup or state updates after the main transaction. The flow is: User signs op → Bundler sends to Paymaster → Paymaster validates & signs → Bundler includes in block → Entry Point charges Paymaster.
03
Common Implementation Patterns
Different sponsorship models are implemented via a Verifying Paymaster's validation logic:
- Whitelist Paymaster: Sponsors gas only for approved addresses or dApps.
- Token Paymaster: Users pay fees in ERC-20 tokens; the paymaster validates the user's token balance and swaps tokens for ETH to cover gas.
- Subscription Paymaster: Users hold a valid, non-expired subscription NFT or have prepaid credits for gasless transactions.
- Permissioned Sponsorship: Sponsorship is gated by specific off-chain signatures or attestations.
04
Security & Trust Considerations
Using a paymaster introduces specific security considerations:
- User Trust: Users must trust the paymaster not to censor or front-run their transactions.
- Paymaster Staking: In ERC-4337, paymasters may be required to stake ETH in the Entry Point to prevent spam, making malicious behavior costly.
- Validation Gas Limits: The
validatePaymasterUserOpfunction has a strict gas limit to prevent DoS attacks. - Deposit Management: The paymaster must securely manage its deposit in the Entry Point to ensure it can always sponsor valid operations.
06
Benefits for Adoption
Verifying Paymasters are a catalyst for user adoption by abstracting blockchain complexity:
- Gasless UX: Enables truly gasless transactions, removing a major barrier for new users.
- Sponsored Transactions: DApps can pay for their users' gas, a powerful onboarding tool.
- Multi-Chain Simplicity: Users can interact across chains without needing the native gas token for each.
- Flexible Economics: Enables novel business models like pay-per-action, subscriptions, or fee payment in any asset. This shifts the cognitive and financial burden from the end-user to the application or sponsor.
PAYMASTER
Frequently Asked Questions (FAQ)
A paymaster is a smart contract that can sponsor transaction fees on behalf of users, enabling gasless transactions and novel payment models. This FAQ covers its core mechanics, security, and implementation.
A paymaster is a smart contract on an EVM-compatible blockchain (like Ethereum, Polygon, or Arbitrum) that pays the gas fees for another user's transaction. It acts as a transaction sponsor, abstracting gas costs from the end-user. This enables gasless transactions, where users can interact with dApps without holding the network's native token (e.g., ETH), and allows for novel business models where fees can be paid in ERC-20 tokens or subsidized by the dApp itself. The paymaster's logic validates whether it will pay for a given transaction based on predefined rules before the transaction is included in a block.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall