Dear OpenZeppelin Security Team,
I'm a security researcher investigating ERC-4337 gas accounting edge cases and would appreciate your
expert guidance on EntryPoint v0.8.0 behavior.
Technical Question:
When a paymaster's postOp function runs out of gas (OOG), should the charged gas be capped to the
configured paymasterPostOpGasLimit stipend?
Observed Behavior:
In my testing with EntryPoint v0.8.0, the _postExecution function calculates:
1 gasUsed = preGas - gasleft() + gasUsedByValidateAccountOp;
2 actualGas += gasUsed;
During postOp OOG scenarios, this appears to charge the full gas consumed (~222k) rather than capping at
the stipend limit (~102k), resulting in paymaster overcharging.
My Research:
-
Reproducible PoC: https://github.com/Tejanadh/poc
-
GitHub issue: https://github.com/eth-infinitism/account-abstraction/issues/606
Given your extensive ERC-4337 audit experience, your insight on whether this represents intended behavior would be invaluable.
Thank you!