EOA (Externally Owned Account)

A blockchain account controlled by a private key held by a person or entity, as opposed to a contract account controlled by code.

An Externally Owned Account (EOA) is one of the two types of accounts on Ethereum. Unlike contract accounts (which are controlled by their deployed code), an EOA is controlled by a private key and can initiate transactions. Every transaction on Ethereum must originate from an EOA — contract accounts cannot start transactions on their own.

EOA vs Contract Account

PropertyEOAContract Account
Controlled byPrivate keySmart contract code
Can initiate transactionsYesNo (must be called)
Has codeNoYes
Has ETH balanceYesYes
CreationGenerated from private keyDeployed via transaction

How EOAs Relate to tx.origin and msg.sender

In Solidity, the distinction between EOAs and contract accounts is critical for security:

1// tx.origin always returns the EOA that started the transaction
2// msg.sender returns the immediate caller (could be EOA or contract)
3
4// If: EOA -> ContractA -> ContractB
5// Inside ContractB:
6// tx.origin == EOA address
7// msg.sender == ContractA address

This is why using tx.origin for authorization is dangerous — a malicious contract in the call chain can inherit the EOA's identity.

Account Abstraction (ERC-4337)

Account abstraction blurs the line between EOAs and contract accounts by allowing smart contract wallets to initiate transactions. This enables features like:

  • Social recovery (recover access without seed phrases)
  • Gas sponsorship (someone else pays gas fees)
  • Batched transactions (multiple actions in one transaction)
  • Custom validation logic (multisig, spending limits)

With account abstraction, tx.origin becomes even less reliable as an identity check since the initiator may be a smart contract wallet rather than a traditional EOA.

Need expert guidance on EOA (Externally Owned Account)?

Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.

Get a Quote

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

© 2026 Zealynx