ERC-4337 defined a way to achieve Account Abstraction on Ethereum using an alternative UserOperation mempool.
However, one big limitation remains:
each transaction must carry its own signature or other form of validation input in order to be included.
We propose an extension to the ERC-4337 that introduces a new entity, aggregator, that is called during validation, to validate multiple user operations at once.
This addition will enable UserOperations to support sharing validation inputs, saving gas and guaranteeing atomicity of the bundle.
Using validation schemes that allow signature aggregation enables significant optimisations and savings on gas for execution and transaction data cost. This is especially relevant in the context of rollups that publish data on the Ethereum mainnet.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.
UserOperation entity contractA signature aggregator exposes the following interface:
validateUserOp.simulateValidation, this aggregator is returned to the bundler as part of the aggregatorInfo field in the ValidationResult struct.UserOperation, the bundler must call validateUserOpSignature() to validate the UserOperation signature.
This method returns an "alternate signature" that should be used during bundling.acccount.validateUserOp a second time on the account with the UserOperation using the
returned "alternative signature", and make sure it returns the same value.aggregateSignatures() function must aggregate all UserOp signatures into a single value.validateSignatures() function MUST verify the aggregated signature's validity
for all UserOperations in the array, and revert otherwise.
This method is called on-chain by handleAggregatedOps()In addition to the steps described in ERC-4337, during bundling the bundler should:
aggregateSignatures() to create aggregated signature, and update the UserOps.EntryPoint contractWe define the following addition to the core interface of the EntryPoint contract:
An account that works with aggregated signature should return its signature aggregator address
in the authorizer return value of the validateUserOp function.
It MAY ignore the signature field.
handleAggregatedOps can handle a batch that contains userOps of multiple aggregators (and also requests without any aggregator)
handleAggregatedOps performs the same logic as handleOps, but it must transfer the correct aggregator to each
userOp, and also must call validateSignatures on each aggregator before doing all the per-account validation.
code: -32506 - transaction rejected because wallet specified unsupported signature aggregator
data field SHOULD contain an aggregator value, as returned by the account's validateUserOp()When using an aggregator contract, the accounts delegate their ability to authenticate UserOperations.
The entire contents of the
In order to allow the validation function of the account to perform other checks, the validateUserOpSignature
function generates a byte array that will replace the UserOperation signature when executed on-chain.
As ERC-4337 was created with signature aggregation on the roadmap, no modifications are needed to the deployed EntryPoint smart contracts.
This proposal introduces new features without affecting the existing ones, and does not break backwards compatibility.
The aggregator contracts are among te most trusted contracts in the entire ecosystem.
They can authorize transactions on behalf of accounts, and they can invalidate large numbers of transactions with
a simple storage change.
Both account developers and block builders should be extremely careful with the selection of aggregator contracts
that they are willing to support.
Copyright and related rights waived via CC0.