PaymasterDocs
  • All-In-One Paymaster
  • Basics of Paymaster
    • What is Paymaster?
    • Breaking down the paymaster
  • Several types of the paymaster
    • Several types of the paymaster
      • Breaking down the paymaster-TokenPaymaster
      • Breaking down the paymaster-SponsorshipPaymaster
  • Vectors of Paymaster
    • Threat Modeling
    • General Vectors
      • Mismanagement of funds
      • Incorrect Validation Logic
      • Incorrect Calculation Logic
      • Structural Error
      • Threats in v0.6
      • Reputation-Related Risk
        • Understanding Reputation for Paymaster
      • Signature Reuse Risk
    • Sponsorship Paymaster Specific Vectors
    • EIP-7702 Paymaster Specific Vectors
    • How to apply test code
    • Test Results Dashboard
  • Multichain paymaster
    • Overview
      • Omnichain paymaster - Particle Network
  • RESOURCES
    • Resources
    • Remaining services
    • Integrating with further EIPs
      • EIP-7702
      • EIP-6900
    • Contributions and FAQ
Powered by GitBook
On this page
  1. Vectors of Paymaster

Threat Modeling

This thread outlines potential attack vectors when using the Paymaster. Attackers can be any entity involved in the operations, and attacks may also stem from unexpected behavior in the Ethereum blockchain state or malicious mempool actors. We categorize these vectors into several states, and where possible, provide test code and attack scenarios like rug-pulls, honeypot scams, and more.

These pages are still in development, and there may be additional vectors due to ERC-4337 updates or newly/currently deployed services. If you discover any new or unknown vectors, please report them to us via GitHub or email. We’re excited to collaborate with you in identifying these issues!

PreviousBreaking down the paymaster-SponsorshipPaymasterNextGeneral Vectors

Last updated 6 months ago