ERC-4337 Account Abstraction: Complete Developer Guide 2026
ERC-4337 is an Ethereum standard that enables account abstraction without changing the protocol, allowing smart contract wallets to execute transactions with features like gas sponsorship, social recovery, batched operations, and passkey authentication. Developers interact with UserOperations, EntryPoint contracts, Bundlers, and Paymasters to build next-generation smart wallets on Ethereum mainnet and every major L2.
Key Insight
ERC-4337 is an Ethereum standard that enables account abstraction without changing the protocol, allowing smart contract wallets to execute transactions with features like gas sponsorship, social recovery, batched operations, and passkey authentication. Developers interact with UserOperations, EntryPoint contracts, Bundlers, and Paymasters to build next-generation smart wallets on Ethereum mainnet and every major L2.
Introduction: Why Account Abstraction Matters in 2026
ERC-4337 an Ethereum standard that enables account abstraction entirely at the smart contract layer, letting developers build wallets with features that were previously impossible on EOAs: gas sponsorship, social recovery, batched transactions, passkey signing, and programmable security policies.
Since going live on mainnet in March 2023, ERC-4337 has become the foundation of modern wallet UX. By April 2026, over 45 million smart wallets have been deployed across Ethereum and L2s, and the standard processes more than 12 million UserOperations per month. Every serious consumer-facing dApp now uses account abstraction to hide seed phrases, sponsor gas, and enable one-click onboarding.
This guide walks you through the complete developer journey: understanding the architecture, deploying your first smart wallet, submitting UserOperations through a Bundler, sponsoring gas with a Paymaster, and shipping to production on L2s.
The Four Components of ERC-4337
ERC-4337 introduces four actors that work together to process transactions. Understanding how they interact is the foundation of everything that follows.
1. UserOperation
A UserOperation is the account-abstraction equivalent of a transaction. Instead of being signed by an EOA and broadcast to the regular mempool, it is signed by a smart wallet and submitted to a dedicated AA mempool.
A UserOperation contains:
- sender — the smart wallet address
- nonce — prevents replay attacks
- initCode — used to deploy the wallet on first use
- callData — what the wallet should execute
- callGasLimit, verificationGasLimit, preVerificationGas — gas budgeting
- maxFeePerGas, maxPriorityFeePerGas — EIP-1559 fee parameters
- paymasterAndData — optional gas sponsorship
- signature — proves authorization
2. EntryPoint
The EntryPoint is a singleton smart contract deployed at the same address on every chain: 0x0000000071727De22E5E9d8BAf0edAc6f37da032. It is the trust anchor of ERC-4337. Every UserOperation flows through it for validation and execution.
The EntryPoint enforces the security rules that make AA safe: it checks signatures, verifies gas payment, prevents reentrancy, and guarantees atomic execution.
3. Bundler
A Bundler is an off-chain actor (typically a specialized RPC node) that listens to the UserOperation mempool, validates pending operations, bundles them together, and submits the bundle on-chain by calling EntryPoint.handleOps(). Bundlers earn a small fee for this service, similar to how regular transaction relayers work.
Popular hosted Bundlers in 2026:
- Pimlico — the largest public Bundler infrastructure
- Stackup — open-source Bundler with self-hosting support
- Alchemy Account Kit — integrated with Alchemy RPC
- Biconomy — full AA stack with SDKs
- ZeroDev — modular smart account framework
4. Paymaster
A Paymaster is a smart contract that sponsors gas for UserOperations. When a UserOperation includes a paymasterAndData field, the EntryPoint calls the Paymaster to ask "will you pay for this?" before execution.
Paymasters enable three major UX patterns:
- Gasless transactions — dApp pays gas for users
- ERC-20 gas — users pay gas in USDC, DAI, or any token
- Conditional sponsorship — free for first N transactions, or only for specific functions
Architecture Diagram: How a UserOperation Flows
Here is the lifecycle of a single ERC-4337 transaction, step by step:
- User initiates action in a dApp (e.g., "Swap 100 USDC for ETH")
- dApp constructs a UserOperation and asks the smart wallet to sign it
- Wallet signs with passkey, seed phrase, or session key
- Signed UserOperation is sent to a Bundler RPC via
eth_sendUserOperation - Bundler validates: signature, nonce, gas, Paymaster acceptance
- Bundler adds operation to its local mempool
- Bundler batches 1–N operations and calls
EntryPoint.handleOps()on-chain - EntryPoint validates again, calls Paymaster if present, then executes
callDataon the wallet - On success, the wallet emits events and returns control to the EntryPoint
- User sees confirmation in the dApp
Setting Up Your Development Environment
Let's get hands-on. You'll need Node.js 20+, a wallet with testnet ETH on Sepolia, and an Alchemy or Pimlico API key.
mkdir aa-tutorial && cd aa-tutorial
npm init -y
npm install viem permissionless @rhinestone/module-sdk
npm install -D typescript @types/node tsx
npx tsc --initWe'll use permissionless.js — a lightweight TypeScript library built on viem that handles UserOperation construction, signing, and Bundler communication.
Deploying Your First Smart Wallet
Create a file called deploy-wallet.ts. This script will generate a new smart account and deploy it on first use (counterfactual deployment — the wallet has an address before it exists on-chain).
import { createPublicClient, http, parseEther } from 'viem';
import { sepolia } from 'viem/chains';
import { createSmartAccountClient } from 'permissionless';
import { toSimpleSmartAccount } from 'permissionless/accounts';
import { createPimlicoClient } from 'permissionless/clients/pimlico';
import { entryPoint07Address } from 'viem/account-abstraction';
import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
const PIMLICO_API_KEY = process.env.PIMLICO_API_KEY!;
async function main() {
const publicClient = createPublicClient({
chain: sepolia,
transport: http('https://sepolia.rpc.thirdweb.com'),
});
// Generate a new signer key (in production, use passkeys or secure storage)
const signer = privateKeyToAccount(generatePrivateKey());
// Create a SimpleAccount (the reference ERC-4337 wallet implementation)
const account = await toSimpleSmartAccount({
client: publicClient,
owner: signer,
entryPoint: { address: entryPoint07Address, version: '0.7' },
});
console.log('Smart wallet address:', account.address);
console.log('Is deployed:', await account.isDeployed());
}
main();Run it:
PIMLICO_API_KEY=your_key tsx deploy-wallet.tsThe wallet address is determined deterministically from the signer and factory contract, so it exists before any on-chain deployment. The wallet will be deployed automatically the first time you send a UserOperation.
Submitting Your First UserOperation
Now let's actually send a transaction from the smart wallet. We'll send 0.001 ETH to Vitalik's address as a test.
const pimlicoClient = createPimlicoClient({
chain: sepolia,
transport: http(`https://api.pimlico.io/v2/sepolia/rpc?apikey=${PIMLICO_API_KEY}`),
});
const smartAccountClient = createSmartAccountClient({
account,
chain: sepolia,
bundlerTransport: http(`https://api.pimlico.io/v2/sepolia/rpc?apikey=${PIMLICO_API_KEY}`),
userOperation: {
estimateFeesPerGas: async () => (await pimlicoClient.getUserOperationGasPrice()).fast,
},
});
const hash = await smartAccountClient.sendTransaction({
to: '0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045',
value: parseEther('0.001'),
data: '0x',
});
console.log('UserOperation hash:', hash);The sendTransaction call under the hood:
- Builds a UserOperation with the correct nonce and gas estimates
- Asks your account to sign it
- Submits it to the Pimlico Bundler via
eth_sendUserOperation - Waits for inclusion and returns the on-chain transaction hash
Adding Gas Sponsorship with a Paymaster
Gasless transactions are the killer feature of AA for consumer apps. With Pimlico's sponsorship Paymaster, you can pay gas for your users programmatically.
const paymasterClient = createPimlicoClient({
chain: sepolia,
transport: http(`https://api.pimlico.io/v2/sepolia/rpc?apikey=${PIMLICO_API_KEY}`),
});
const sponsoredClient = createSmartAccountClient({
account,
chain: sepolia,
bundlerTransport: http(`https://api.pimlico.io/v2/sepolia/rpc?apikey=${PIMLICO_API_KEY}`),
paymaster: paymasterClient,
userOperation: {
estimateFeesPerGas: async () => (await pimlicoClient.getUserOperationGasPrice()).fast,
},
});
// This transaction costs the user zero gas — Pimlico sponsors it
const hash = await sponsoredClient.sendTransaction({
to: '0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045',
value: parseEther('0.001'),
});In production, you'd configure sponsorship policies on the Paymaster provider's dashboard (Pimlico, Alchemy Gas Manager, Biconomy) to set spending limits, allowed contracts, and user allowlists.
Batching Multiple Actions into One UserOperation
Because smart wallets can execute arbitrary code, a single UserOperation can perform multiple actions atomically. This unlocks UX patterns that would require 3–5 separate transactions with a regular EOA.
Example: approve USDC and swap on Uniswap in one click.
const hash = await smartAccountClient.sendUserOperation({
calls: [
{
to: USDC_ADDRESS,
data: encodeFunctionData({
abi: erc20Abi,
functionName: 'approve',
args: [UNISWAP_ROUTER, parseUnits('100', 6)],
}),
},
{
to: UNISWAP_ROUTER,
data: encodeFunctionData({
abi: uniswapRouterAbi,
functionName: 'swapExactTokensForTokens',
args: [parseUnits('100', 6), 0n, [USDC_ADDRESS, WETH_ADDRESS], account.address, deadline],
}),
},
],
});Both calls execute in a single transaction. If either fails, the whole UserOperation reverts. This is atomicity at the wallet level, not just the contract level.
Session Keys: Granting Scoped Permissions
Session keys are the killer feature for Web3 gaming and AI agents. A session key is a temporary signer that the smart wallet authorizes for a limited scope — specific contracts, value caps, time windows, or function selectors.
Using the Rhinestone ModuleSDK:
import { getSessionKeyPluginInstallData } from '@rhinestone/module-sdk';
const sessionKey = privateKeyToAccount(generatePrivateKey());
const installOp = getSessionKeyPluginInstallData({
signer: sessionKey.address,
permissions: [{
target: GAME_CONTRACT_ADDRESS,
selector: '0xa9059cbb', // only allow the 'move' function
valueLimit: parseEther('0.01'),
validUntil: Math.floor(Date.now() / 1000) + 3600, // 1 hour
}],
});
await smartAccountClient.sendUserOperation({ calls: [installOp] });Now the game can submit transactions using the session key without prompting the user, up to the constraints you defined. When the session expires or hits its value cap, it stops working automatically.
Going to Production: Security Checklist
Before shipping an ERC-4337 integration to mainnet users, verify:
- Signature scheme audited — if you use a custom signer (passkey, multisig, MPC), it must be formally reviewed
- Paymaster rate-limits — prevent attackers from draining your sponsorship budget
- EntryPoint version locked — always use v0.7 (or v0.8 when it ships) and pin the exact address
- Bundler fallback — if Pimlico goes down, can you route to Alchemy or Stackup?
- Nonce management — for high-throughput dApps, use 2D nonces to parallelize operations
- Simulation before signing — never sign a UserOperation without running
eth_estimateUserOperationGasfirst
ERC-4337 vs EIP-7702: What's Next
EIP-7702 is an upcoming upgrade that lets regular EOAs (like MetaMask accounts) temporarily delegate control to a smart contract for a single transaction. It complements ERC-4337 by giving existing users access to AA features without migrating wallets.
In 2026, most serious dApps will support both:
- ERC-4337 for new users and embedded wallets (passkey-first onboarding)
- EIP-7702 for existing MetaMask users who want to batch transactions or use Paymasters without migration
Conclusion
ERC-4337 turns Ethereum wallets into programmable smart contracts, unlocking the UX patterns that Web3 has needed for a decade. The standard is mature, the infrastructure is battle-tested, and the developer tooling (permissionless.js, Alchemy Account Kit, Biconomy SDK, ZeroDev) makes integration a weekend project rather than a research effort.
If you're building a consumer dApp in 2026, you should be using account abstraction. The alternative — asking new users to manage seed phrases, hold ETH for gas, and sign transactions one at a time — is no longer competitive.
Start with permissionless.js + Pimlico on Sepolia, ship a gasless onboarding flow, then add session keys for your most-used actions. Your conversion rates will thank you.
For deeper dives into the protocols you'll integrate with, read our guides on Layer-2 solutions, Ethereum staking, and smart contract development.
Key Takeaways
- ERC-4337 achieves account abstraction entirely at the smart contract layer — no Ethereum hard fork required
- UserOperations replace traditional transactions and flow through a dedicated mempool handled by Bundlers
- The EntryPoint singleton contract (0x0000000071727De22E5E9d8BAf0edAc6f37da032) is the trust anchor for all AA transactions
- Paymasters enable gasless UX — your dApp or sponsor can pay gas on behalf of users in any ERC-20 token
- Social recovery, session keys, and passkey signing are unlocked for every smart wallet
- ERC-4337 is live on Ethereum mainnet, Arbitrum, Optimism, Base, Polygon, and most L2s in 2026
- EIP-7702 (pending) will extend AA features to regular EOAs without requiring wallet migration
Frequently Asked Questions
What is ERC-4337 in simple terms?
ERC-4337 is an Ethereum standard that turns wallets into smart contracts without changing the Ethereum protocol itself. It lets users pay gas in any token, recover accounts socially, batch multiple actions into one transaction, and sign with passkeys instead of seed phrases. Developers build wallets and dApps on top of four components: UserOperations, an EntryPoint contract, Bundlers, and Paymasters.
What is the difference between ERC-4337 and EIP-7702?
ERC-4337 requires users to migrate to a brand new smart contract wallet to access account abstraction features. EIP-7702, proposed by Vitalik Buterin in 2024, lets existing externally owned accounts (EOAs) temporarily delegate control to a smart contract for a single transaction. EIP-7702 is expected to ship in the Pectra upgrade and will complement (not replace) ERC-4337.
Do I need a Bundler to use ERC-4337?
Yes. Bundlers are specialized actors that listen to the UserOperation mempool, validate operations, and submit them on-chain through the EntryPoint contract. You can run your own Bundler or use infrastructure providers like Pimlico, Stackup, Alchemy, Biconomy, or ZeroDev which offer hosted Bundler endpoints through JSON-RPC.
How do Paymasters work in ERC-4337?
A Paymaster is a smart contract that agrees to pay gas on behalf of a user. Before a UserOperation is included, the Bundler asks the Paymaster to validate and sponsor the operation. Paymasters enable gasless transactions (dApp pays), ERC-20 gas payment (user pays in USDC instead of ETH), and conditional sponsorship (free first 10 transactions, for example).
Is ERC-4337 gas-efficient compared to regular transactions?
A single UserOperation costs roughly 40,000–80,000 more gas than an equivalent EOA transaction due to the extra validation and EntryPoint logic. However, batching multiple actions into one UserOperation, combined with L2 execution where gas is effectively free, makes AA cheaper per-action in most real-world scenarios.
Which L2s support ERC-4337 in 2026?
ERC-4337 is deployed on Ethereum mainnet and every major L2 including Arbitrum, Optimism, Base, Polygon PoS, Polygon zkEVM, zkSync Era, Scroll, Linea, Blast, and Mantle. The EntryPoint contract is deployed at the same address (0x0000000071727De22E5E9d8BAf0edAc6f37da032) across all supported chains for tooling compatibility.
What are session keys and why do they matter?
Session keys are temporary signing keys that a smart wallet can authorize for a limited scope — for example, allowing a game to submit up to 10 transactions worth less than 0.01 ETH each over the next hour without user confirmation. They are unlocked by ERC-4337 and power the smooth UX of Web3 games, DeFi automation, and AI agents acting on behalf of users.
Can I migrate my existing MetaMask wallet to ERC-4337?
Not directly. ERC-4337 wallets are smart contracts deployed at new addresses, so you would need to create a new smart wallet and transfer assets to it. EIP-7702 will eventually allow EOAs like MetaMask accounts to temporarily act as smart wallets without migration, combining the best of both approaches.
Share this article
About the Author
Elena Rodriguez
Full-Stack Developer & Web3 Architect
BS Software Engineering, Stanford | Former Lead Engineer at Coinbase
Elena Rodriguez is a full-stack developer and Web3 architect with seven years of experience building decentralized applications. She holds a BS in Software Engineering from Stanford University and has worked at companies ranging from early-stage startups to major tech firms including Coinbase, where she led the frontend engineering team for their NFT marketplace. Elena is a core contributor to several open-source Web3 libraries and has built dApps that collectively serve over 500,000 monthly active users. She specializes in React, Next.js, Solidity, and Rust, and is particularly passionate about creating intuitive user experiences that make Web3 technology accessible to mainstream audiences. Elena also mentors aspiring developers through Women Who Code and teaches a popular Web3 development bootcamp.
