The EntryPoint is a globally shared singleton contract that serves as the central orchestrator for all ERC-4337 account abstraction operations on a given chain.

Core Responsibilities

The EntryPoint contract manages the complete lifecycle of UserOperations. Its handleOps function accepts batches of operations from bundlers and processes each one through a strict sequence: calling validateUserOp on the smart account, optionally calling validatePaymasterUserOp on the paymaster, executing the operation calldata on the account, and performing gas accounting and refunds.

Gas Accounting

The EntryPoint manages gas deposits for both smart accounts and paymasters. Paymasters pre-deposit ETH that the EntryPoint draws from when sponsoring operations. The contract tracks gas consumption across validation and execution phases separately, ensuring that failed validations cost the bundler (not the user) and failed executions are still paid for by the account or paymaster.

Security Properties

The EntryPoint itself is a battle-tested, audited contract — the current v0.7 deployment has undergone multiple professional audits. However, it enforces protocol rules, not application security. The EntryPoint will faithfully execute any UserOperation that passes validateUserOp, regardless of whether the operation is harmful to the account owner.

A critical implementation detail is the _packValidationData helper that defines how the validateUserOp return value encodes time-bounded validity and signature status. Teams that return raw integers instead of properly packed values risk operations being incorrectly treated as valid or expired by the EntryPoint unpacking logic.

The EntryPoint address is included in the userOpHash computation alongside the chain ID, making it the authoritative source for replay-protected signature verification in smart accounts.