Role of nonces in ERC-4337 process flow
Nonces in ERC-4337 ensure correct transaction ordering. They’re unique identifiers for each transaction, used in operations to prevent replay attacks and maintain the correct order of operations.
In ERC-4337, INONCEMANAGER.sol from eth-inifinitism
provides a structured way to handle nonces.
If someone malicious tries to reuse an old transaction, i.e replay a previous User Operation, we will see there is a mismatch in the nonce , the nonce will be different, and the new transaction won’t go through.
Nonces maintain transaction integrity in ERC-4337.
Using ‘getNonce’ method inside your user account smart contract allows to retrieve the correct nonce for the next UserOp , figuring out what nonce to use for the next transaction. This ensures you always have the right number and prevents any nonce-related issues.
function getNonce() public view returns (uint256) {
return nonce;
}
To put it in a trivial way, It’s like asking for a ticket number before boarding a train – you wouldn’t want to use a ticket from a previous trip, right?
Nonces interaction with ERC-4337 components
-
In Bundlers: bundlers aggregate multiple UserOps objects and submit them to the EntryPoint contract for execution. If the bundler includes a UserOp with an incorrect nonce, the EntryPoint contract will reject it.
-
In entrypoint contract: This crucial smart contract in ERC-4337 process flow checks the nonce of each UserOp to ensure it matches the expected nonce from the AA, preventing replay attacks.
-
In the alternative memory pool: This mempool is an off-chain staging area where un-processed userOps are temporarily stored before being included in a block; Nonces help to identify duplicates and ensure only valid, sequenced UserOps get through.
-
In the paymaster: this helper contract agrees upon pre-determined rules to pay for the fees, instead of the sender itself contract, nonces help ensure the paymaster is indeed sponsoring the correct UserOp.
-
Finally, in the scenario where a signature aggregator contract is used, nonces ensure that each UserOp is valid.