Boop Announcement Appendix B — Griefing in 4337 & Boop

This is an appendix to the Boop account abstraction standard announcement.

The rules in ERC-7562 allow account and paymaster validation to access “associated storage” to each account. An associated storage slot can be a slot in a Solidity mapping derived from the account's address (e.g. storing an ERC-20 balance). While this prevents “mass invalidation attacks” in the sense that a single storage slot change cannot invalidate multiple userOps, it means that a single storage slot write is able to invalidate a single userOp.

Writing a storage slot costs 20k gas. The economic damage to a bundler can be much higher than this, basically upper-bounded by the gas limit of either the account or paymaster validation function.

Requiring paymasters and account factories to be staked with a sufficient stake and a sufficiently long withdraw delay can adequately protect against large-scale deployment of these attacks, by ensuring that they can only cause a minimum amount of economic damage (in relation with the staked amount).

For instance if a stake of 1 ETH + 1 month withdrawal delay is required, and assuming the gas cost is 1 gwei, at the cost of locking 1 ETH for one month + paying 20k gwei, you can cause 500k gwei of economic damage to the bundler (let’s assume the bundler would block gas limits that are too high on the validation functions) — that's only < 0.0005 ETH of damage per ETH locked for one month (or 5$ per 10k$). And the attacker gains absolutely nothing from this. If he can earn a 10% return on capital, he would actually be losing 100$ to make you lose 5$.

If you apply the same staking principles on top of the protocol (as is proposed for Boop whenever you cannot trust paymasters or accounts), you get into the same scenario, but with higher potential damage. Say you limit the Boop gas limit to 5M gas, then you're looking at 50$ per 10k$ locked for a month (still lower than the 100$ foregone by the attacker in yield).

The advantage is that the core protocol is now significantly simpler (no complex checks to implement) and flexible (allowing more operations in the validation functions).

Also note that that on high-throughput chain, the gas cost will be significantly lower than 1 gwei (it's currently lower than 0.5 gwei on Ethereum mainnet). So in practice, we'll probably be looking at 0.5$ per 10k$ instead of 50$.

Unlike 4337, Boop is susceptible to the “mass invalidation attack”, where a single change could affect many boops landing on the same block. This is a good argument to not use trustless accounts and paymaster on a high-fee chain like Ethereum. However, on low-fee chains, the economics still work out perfectly well. There are also easy mitigations, such as rate-limiting unknown paymasters and accounts until they have earned trust by doing legitimate volume.