A paymaster is a smart contract in the ERC-4337 ecosystem that pays for gas on behalf of users, removing the requirement for smart account holders to hold ETH for transaction fees.

How Paymasters Work

Paymasters deposit ETH into the EntryPoint contract as a gas credit pool. When a UserOperation references a paymaster, the EntryPoint calls validatePaymasterUserOp during the validation phase to confirm the paymaster agrees to sponsor the operation. After execution, the EntryPoint calls the paymaster is postOp function, which can perform accounting, charge alternative tokens, or enforce post-execution conditions.

Common Paymaster Models

Verifying paymasters validate a signed approval from an off-chain service, allowing the service to decide which operations to sponsor based on business logic. Token paymasters accept ERC-20 token payments instead of ETH, automatically swapping tokens to cover gas costs. Sponsorship paymasters unconditionally sponsor operations for whitelisted accounts or applications, typically used to onboard new users with zero-friction experiences.

Security Considerations

Paymasters are among the most underaudited components in the ERC-4337 stack. The primary attack vector is economic: a paymaster that sponsors any operation from a whitelisted user without constraining the operation content can be drained by crafting operations that consume maximum gas while accomplishing nothing useful.

Secure paymaster implementations must validate operation calldata at both the validation and post-operation stages, enforce per-user and per-period sponsorship limits, bound gas limits appropriately, and implement graceful degradation when the deposit pool approaches depletion. The postOp callback is particularly important because it executes after the UserOperation regardless of success or failure, providing a checkpoint for enforcing constraints that could not be fully validated during the initial validation phase.