Account Abstraction Explained: ERC-4337, EIP-7702, Smart Wallets, and Why AA Has Not Yet Swept Ethereum (2026)

What account abstraction actually means

In classical Ethereum, every transaction must originate from an externally owned account (EOA) — an address derived from an ECDSA private key. The protocol enforces three rigid rules: the signature must be ECDSA over secp256k1, the nonce must increment monotonically, and the account must hold enough ETH to pay for gas before execution begins. These three constraints have produced most of the user-experience pain in Ethereum: seed phrases, gas tokens, transaction-by-transaction approvals, no recovery if a key is lost, no native multi-factor authentication.

Account abstraction is the umbrella term for relaxing those constraints. Instead of the protocol enforcing one signature scheme and one validity rule, the account itself — implemented as a smart contract — defines the rules. Multi-signature, passkeys, hardware-key delegation, social recovery, session keys, gas sponsorship, batched operations, and policy enforcement (spending limits, allowlists, time locks) all become first-class primitives.

Vitalik Buterin and the Ethereum Foundation researchers (notably Yoav Weiss, Ansgar Dietrichs, Sam Wilson) have iterated on this idea since 2016. Five EIPs were proposed and rejected for being too invasive at the protocol layer — EIP-86, EIP-2938, EIP-3074, and others. The breakthrough was ERC-4337: a fully off-chain bundler architecture that achieves AA without any consensus changes. ERC-4337 went live on Ethereum mainnet in March 2023.

ERC-4337 architecture

ERC-4337 introduces five new components:

UserOperation

A UserOperation is a struct that looks like a transaction but is not a transaction. It contains the sender (the smart-contract wallet address), nonce, calldata, gas limits, paymaster data, and a signature. UserOperations are created off-chain and submitted to a parallel mempool of bundlers rather than to the public Ethereum mempool.

EntryPoint

The EntryPoint is a singleton contract deployed at the same address (0x5FF137D4 b8FCB7D6 290f23a5 cAcE8e83 84038Ce4 in the original v0.6 deployment, with v0.7 launched 2024) on every supported chain. It is the trust anchor of the system — auditing the EntryPoint is sufficient for the security of all 4337 wallets that route through it. The EntryPoint defines the validation and execution flow: validateUserOp on the wallet, validatePaymasterUserOp on the optional Paymaster, then executeUserOp on the wallet.

Smart-contract wallet

The wallet itself is a contract that implements the IAccount interface — at minimum a validateUserOp(UserOp, hash, missingAccountFunds) method that returns success/failure and a packed validation result. The wallet defines how signatures are verified (ECDSA, ERC-1271, BLS, Schnorr, passkey/secp256r1, etc.) and what additional checks apply (multi-sig, session keys, spending limits).

Bundler

Bundlers are off-chain operators that maintain the alt-mempool, validate incoming UserOperations (via simulation), batch them into a single handleOps call to the EntryPoint, and submit that call as a normal Ethereum transaction. Bundlers earn the gas spread between what users pay into the EntryPoint and what bundlers pay on-chain.

Paymaster

A Paymaster is an optional contract that prepays gas to the EntryPoint and exposes a validatePaymasterUserOp method. If the wallet's UserOperation specifies a Paymaster, the Paymaster's validation runs alongside the wallet's. Paymasters enable gas sponsorship (dApp pays for users), token gas (user pays in USDC, Paymaster swaps to ETH), and subscription models (project prepays a quota).

EIP-7702: the Pectra hybrid

ERC-4337 has a hard problem: it requires users to migrate from their existing EOA to a new smart-contract address. The new address has no transaction history, no token approvals, no on-chain identity, and (initially) no balance. For the ~250 million existing EOAs that hold the bulk of network value, this migration friction has been a binding constraint.

EIP-7702 was authored by Vitalik, Sam Wilson, Ansgar Dietrichs, and Lightclient and shipped with the Pectra hard fork in May 2025. It introduces a new transaction type (0x04) that includes an authorization list — a list of (chain_id, address, nonce, signature) tuples. Each tuple authorizes the corresponding EOA to temporarily set its code to the specified address for the duration of the transaction.

The practical effect: an EOA at 0xAlice can include a 7702 authorization pointing to a smart-contract implementation, and during that transaction 0xAlice behaves as if it has the implementation's code. The EOA can therefore execute batched operations, validate via passkeys, route through a paymaster, and use session keys — all without migrating to a new address.

7702 does not replace 4337. The two are complementary:

4337 remains the path for fully smart-contract-native wallets (Argent, Coinbase Smart Wallet, Safe). These accounts have richer policy capabilities, on-chain history independent of any EOA, and protocol-level support for passkey-only flows.
7702 is the bridge for the existing EOA base. Users keep their address, their history, and their key — but transiently get AA features. Wallets like MetaMask, Rabby, and Frame have rolled out 7702 support to extend AA to their users without forcing migration.

The wallet landscape

Four wallets define the consumer-AA frontier in 2026:

Coinbase Smart Wallet

Launched June 2024 by Coinbase, Smart Wallet uses passkeys (WebAuthn / secp256r1) as the primary authentication method. The user's private key lives in their device's secure enclave (iOS Keychain, Android Keystore, Windows Hello) and never leaves it. There is no seed phrase. Recovery happens through the device passkey, which is itself synced via iCloud Keychain or Google Password Manager.

Smart Wallet is built on 4337 with Coinbase's own bundler and a built-in paymaster that sponsors the first transactions for new users. It is the dominant onboarding flow on Base — Smart Wallet accounts represent a majority of new active users on Base in 2025-2026.

Daimo

Daimo is a mobile-first stablecoin payments wallet launched in 2023 by ex-Square engineers. The model is closer to Venmo than to MetaMask — open the app, scan a QR code, send USDC. Under the hood Daimo uses 4337 with passkey + 12-word backup phrase, and operates its own bundler and paymaster on Base, Polygon, and Arbitrum.

Daimo's value proposition is the most aggressive demonstration of AA-as-UX: zero gas fees visible to the user, sub-second confirmation via L2 priority lanes, and human-readable usernames via ENS subnames.

Argent

Argent has been building the AA thesis since 2018. The original Argent wallet shipped with on-chain guardian-based social recovery years before 4337 existed. Argent migrated to 4337 architecture in 2023 and operates its own bundler and paymaster infrastructure across Ethereum L1 and major L2s.

Argent's positioning is retail-focused self-custody with strong recovery flows — a user can name 3-7 guardians (other Argent users, hardware wallets, or family members) and recover their wallet via guardian consensus if the device is lost. By 2026 Argent has roughly 1.5-2 million active wallets across L1 and L2.

Safe (Safe-AA)

Safe is the dominant on-chain treasury and DAO multisig — over $80B is held in Safe contracts as of early 2026. Safe added 4337 support via the Safe-AA module in 2024, which lets Safe accounts act as smart-contract wallets routed through the EntryPoint. This is particularly valuable for DAOs and treasuries that want gas sponsorship on operational transactions, batched signing flows, and session-keyed automation while preserving Safe's well-audited multi-signer policy core.

Why AA has not yet swept Ethereum

Forecasts from 2022-2023 expected AA to be the dominant transaction model by 2025. The reality through April 2026 is meaningfully more modest. Several structural reasons:

Migration friction

Moving from an EOA to a smart-contract wallet means a new address. New address means new approvals, new ENS records, no transaction history, no points or airdrop eligibility tied to the old address. For DeFi power users who have built up token approvals and on-chain reputation over years, the cost of migration is real.

Gas overhead

A 4337 UserOperation costs 30-100k gas more than an equivalent EOA transaction. On L1 at $30-50 gwei, this is $1-4 per transaction in extra cost. Bundler-paid optimizations and batching mitigate but do not eliminate this overhead. On L2 the absolute cost is rounding error, which is why 4337 traction has been an L2-first phenomenon.

Integration breakage

Thousands of dApps assume EOA semantics. Signature schemes (raw ECDSA vs ERC-1271), gas estimation (EOA gas vs paymaster gas), msg.sender checks, hardware-wallet support — many of these break or degrade for smart-contract callers. Major DeFi front-ends have shipped 4337 support over 2024-2025 but the long tail of dApps remains EOA-only.

Power-user indifference

For crypto-native users who already manage seed phrases, hardware wallets, and multi-sigs, the consumer-friendly AA features (passkeys, social recovery) provide little net benefit and add operational complexity. AA is an onboarding tool for new users more than a quality-of-life upgrade for existing ones.

EIP-7702 substantially relaxes the migration constraint and is the most likely vector for AA adoption from the existing EOA base. By April 2026, 7702 transactions represent 12-18 percent of Ethereum L1 activity, mostly for batched-approval flows in DEX aggregators and AA-augmented wallets.

Gas sponsorship economics

Paymasters create a new business model: gas-as-a-service. Three flavors are live in 2026:

Project sponsorship. A dApp prepays a quota with a paymaster operator (Pimlico, Alchemy, Biconomy, Stackup) — say $10,000 — and the paymaster sponsors gas for the dApp's users until the quota runs out. Used heavily by NFT mints, gamefi onboarding flows, and stablecoin payments apps.

Token gas. The paymaster accepts the user's USDC, USDT, or any whitelisted token and pays the EntryPoint in ETH from its float. The paymaster earns a 5-15bp spread plus float yield. This is how Daimo and most consumer wallets handle gas without exposing ETH to users.

Subscription. A dApp or wallet provider charges users a monthly fee in exchange for unlimited (or quota-capped) gas-free transactions. Common in gamefi and prediction markets.

Paymaster operator economics in 2026: roughly $40-80M in aggregate annualized revenue across all 4337 paymasters, growing 80-120 percent year-over-year. The two largest operators (Pimlico and Alchemy Account Kit) together account for ~55 percent of paymaster volume.

MEV and security implications

AA expands the attack surface but also introduces new MEV-resistance properties:

Bundler-level reordering. Bundlers see UserOperations in their private mempool before submission. In principle a malicious bundler could reorder, censor, or sandwich UserOps. Empirically the major bundlers (Pimlico, Alchemy, Stackup, Coinbase) have transparent ordering policies and have not been observed extracting MEV. Reputation tracking is in place.
Sponsored-transaction MEV resistance. Sponsored UserOps do not require the user to hold ETH and are usually not visible in the public mempool until bundling, which provides modest sandwich resistance.
Paymaster credit risk. A misconfigured paymaster can exhaust its stake, causing user transactions to revert mid-flight. The EntryPoint enforces a minimum stake and a deposit-and-stake model to limit this risk.
Wallet-implementation bugs. Bugs in validateUserOp logic or upgradeable-proxy patterns have produced real losses in early 4337 deployments. Auditing the wallet implementation matters as much as auditing the protocol contracts the wallet interacts with.

Net assessment: well-audited 4337 wallets and EIP-7702 delegations are at least as safe as well-audited EOAs, with a meaningfully larger but auditable surface.

Bottom line

Account abstraction is real, in production, and growing — but slower than 2023 forecasts predicted, and concentrated in onboarding flows on L2s rather than in DeFi power-user surfaces on L1. The structural reasons (migration friction, gas overhead, integration debt, power-user indifference) are well-understood. The structural fix (EIP-7702) is now live and being adopted at scale.

The realistic 2027-2028 trajectory: 4337 dominates net-new wallet creation on L2s and consumer surfaces; 7702 bridges the existing EOA base into AA semantics; the EVM endgame is a hybrid network where most addresses behave as smart contracts most of the time, with EOA semantics surviving as a fallback.

Sources and further reading

ERC-4337 specification — https://eips.ethereum.org/EIPS/eip-4337
EIP-7702 specification — https://eips.ethereum.org/EIPS/eip-7702
Vitalik Buterin's AA roadmap posts — https://vitalik.eth.limo
ERC-4337 dashboard (Bundlebear) — https://bundlebear.com
Coinbase Smart Wallet documentation — https://www.smartwallet.dev
Argent documentation — https://docs.argent.xyz
Safe-AA module documentation — https://docs.safe.global
Pimlico, Alchemy Account Kit, Stackup paymaster docs

About the author

GG Cypher Research is the in-house research team at GG Cypher, focused on on-chain capital markets, MEV, ZK infrastructure, and verifiable AI.

Last updated: 2026-04-30

Frequently asked questions

What is account abstraction?

Account abstraction (AA) is the umbrella term for letting an Ethereum account be a smart contract rather than an externally owned account (EOA) controlled by a single ECDSA private key. With AA, the account itself defines the rules for what counts as a valid transaction — multi-signature checks, passkey authentication, social-recovery guardians, spending limits, session keys, and gas sponsorship can all be encoded into the account's own logic. The two production paths in 2026 are ERC-4337, a fully off-chain bundler architecture that runs alongside the standard EVM mempool, and EIP-7702, a Pectra-fork hybrid that lets a regular EOA temporarily delegate its execution to smart-contract code for the duration of a transaction.

How does ERC-4337 work?

ERC-4337 introduces a new transaction type called a UserOperation, which is constructed off-chain and submitted to a parallel mempool of Bundlers rather than the public mempool. A Bundler aggregates many UserOperations and submits them together as a single Ethereum transaction targeting a singleton contract called the EntryPoint (deployed at 0x5FF137D4 on every supported chain). The EntryPoint validates each UserOperation by calling validateUserOp on the user's smart-contract wallet, then executes the operation by calling the wallet's executeUserOp. Optionally a Paymaster contract can sponsor gas — paying the EntryPoint in ETH while the user pays the Paymaster in any token, or for free. ERC-4337 went live on Ethereum mainnet in March 2023 and has been deployed on every major L2.

What is EIP-7702 and how does it relate to ERC-4337?

EIP-7702 is an upgrade shipped with the Pectra hard fork in May 2025 that lets an existing EOA temporarily set its code to a smart-contract implementation for the lifetime of a single transaction. It is a hybrid: the user signs a normal Ethereum transaction with their existing private key, but the transaction also includes an authorization tuple that points to a contract — and during execution the EOA address behaves as if it had the contract's code. This lets EOA users access AA features (batched calls, gas sponsorship, session keys, social recovery) without migrating funds to a new smart-contract address. EIP-7702 does not replace ERC-4337; the two are complementary. 4337 remains the path for fully smart-contract-native wallets, while 7702 is the bridge for the ~250 million existing EOAs that hold most of the network's value.

Why has account abstraction not swept Ethereum?

Several structural reasons. First, a fully smart-contract wallet is a new address with no transaction history, no token approvals, no on-chain identity — moving in is friction. Second, gas costs for a 4337 UserOperation are 30-100k gas higher than a basic EOA transfer, which matters on L1 even if it is rounding error on L2. Third, dApps and infrastructure assumed EOA semantics for years — many integrations break or degrade with smart-contract callers (signature schemes, msg.sender checks, gas estimation). Fourth, the user-facing benefit of AA — passkeys, social recovery, gas sponsorship — is largely invisible to existing crypto-native users who already manage seed phrases. The clearest AA traction has been on L2s with onboarding-focused apps (Base via Coinbase Smart Wallet, Polygon via Biconomy) and in mobile flows (Daimo, Argent), not in DeFi power-user wallets. EIP-7702 substantially de-risks the migration question and is the more likely vector for mass AA adoption from the existing EOA base.

What are bundlers and paymasters and how do they make money?

Bundlers are mempool operators that collect UserOperations, validate them off-chain, and submit them to the EntryPoint. They earn the difference between the gas they pay on-chain and the gas the user paid into the EntryPoint, plus a priority fee margin. Major bundler operators include Pimlico, Stackup, Alchemy (Account Kit), Biconomy, Candide, and the chain-native bundlers run by Coinbase, Polygon, and Arbitrum teams. Paymasters are smart contracts that pay gas on behalf of users — they earn either a token spread (charging users in USDC while paying gas in ETH), a sponsorship subscription from dApps (a project pays the Paymaster to sponsor its users' gas), or a margin on stored balances. The Paymaster economics are typically 5-15bp per transaction in spread plus the float on prepaid balances.

What is the difference between Coinbase Smart Wallet, Daimo, Argent, and Safe AA?

Coinbase Smart Wallet is a passkey-based wallet launched in 2024 that uses the user's device biometrics (Face ID, Touch ID, Windows Hello) for signing — the private key never leaves the secure enclave and is recoverable via the device passkey. Daimo is a mobile-first payments wallet built on 4337 with a focus on stablecoin transfers and a passkey + recovery-phrase model. Argent is the original AA wallet (founded 2018, switched to 4337 architecture in 2023) with a long-standing guardian-based social-recovery flow optimised for retail. Safe (formerly Gnosis Safe) is the institutional multisig that added AA support via the Safe-AA module in 2024 — Safe accounts can act as 4337 wallets with multi-signer policies, ideal for DAOs, treasuries, and team accounts. The four target different segments: Coinbase Smart Wallet for onboarding new users, Daimo for payments, Argent for retail self-custody, Safe for institutions.

What are the security and MEV implications of account abstraction?

AA expands the attack surface in three dimensions. First, the wallet contract itself can be exploited — bugs in validation logic, upgradeable proxy patterns, or signature schemes have produced real losses in early 4337 deployments. Second, Paymasters introduce a credit-risk vector — if a Paymaster runs out of staked ETH or fails validation, users' transactions revert mid-flight. Third, Bundlers can theoretically reorder or censor UserOperations in their private mempool, similar to MEV builders on the Flashbots side. The mitigation has been published reputation-tracking for bundlers, EntryPoint-level slashing for malicious paymasters, and audits of major wallet implementations. From an MEV perspective, AA has been a mild positive — sponsored transactions and session-keyed flows are harder to sandwich, and the bundled nature of UserOperations gives a small built-in reorder resistance. Net-net, well-audited 4337 wallets are at least as safe as well-audited EOAs, but the surface is genuinely larger.

What is the realistic adoption forecast for AA in 2026 and beyond?

By April 2026, ERC-4337 UserOperations represent approximately 6-9 percent of weekly transactions across Ethereum and major L2s combined, up from less than 1 percent in early 2024. Base leads with 15-22 percent of its transactions being 4337 UserOps thanks to Coinbase Smart Wallet integration. Polygon and Arbitrum sit at 4-8 percent. Ethereum L1 is below 2 percent due to gas economics. EIP-7702 adoption — measured by transactions including delegation tuples — has grown rapidly since the Pectra fork: roughly 12-18 percent of Ethereum L1 transactions in late 2025 included a 7702 delegation, mostly for batched-approval flows on DEX aggregators and AA-enabled wallets like Rabby and MetaMask. The realistic forecast is that 7702 reaches majority share of EOA-originated transactions on Ethereum L1 by mid-2027, while 4337 continues to dominate net-new wallet creation on L2s. The endgame is a hybrid network where most addresses behave as smart contracts most of the time.

Stay current on this topic

Get the weekly DeFi Intel brief — entity-graph intelligence delivered weekly, free to your inbox.

Subscribe free See Pro →