Account Abstraction (AA) refers to a fundamental change in how user accounts function on Ethereum. Traditionally, Ethereum uses two account types:
EIP-4337 introduces a model where users interact through smart contract wallets (also called smart accounts) instead of EOAs, offering programmable transaction logic, social recovery, paymaster support, batched transactions, and more — all without requiring changes to Ethereum’s consensus layer.
This tutorial walks you through key concepts, why it matters, its core components, and most importantly — which critical areas to focus on Account Abstraction-based smart contracts.
User Experience: AA allows for features like social recovery, session keys, and batched transactions, making blockchain applications more user-friendly.
Security & Flexibility: Developers can implement custom authentication (e.g., biometrics, multi-signature), and accounts can pay gas fees in ERC-20 tokens or even have sponsored transactions.
Decentralisation: By moving logic to smart contracts and using a public mempool for UserOperations, AA avoids central points of failure and enables open participation by bundlers.
Onboarding: AA simplifies onboarding by removing the need for users to manage private keys directly, reducing friction for mainstream adoption
Understanding each component's role and potential vulnerabilities is crucial for effective AA auditing.
A pseudo-transaction struct containing all necessary data for a user action. It contains fields like sender, nonce, callData, gas limits, paymaster info, and signature. The signature validation is defined by the account contract, allowing for custom schemes.