Executive Summary: In 2025, the decentralized finance (DeFi) ecosystem witnessed a significant evolution in attack vectors with the emergence of flash loan attacks targeting ERC-4337 Account Abstraction (AA) smart contracts. These attacks, leveraging the composability and permissionless nature of flash loans alongside the novel account abstraction paradigm, resulted in losses exceeding $340 million across 18 major incidents. This report provides a forensic analysis of these attacks, identifies systemic vulnerabilities in ERC-4337 implementations, and offers actionable recommendations for DeFi developers, auditors, and end-users. The findings underscore the urgent need for enhanced validation frameworks and real-time anomaly detection in AA-enabled systems.
Flash loans—uncollateralized, instant-loan mechanisms—have long been a double-edged sword in DeFi. Their no-risk nature enables arbitrage, collateral swaps, and self-liquidation but also serves as a high-leverage tool for attack amplification. Introduced in March 2023 and standardized as ERC-4337 in late 2023, Account Abstraction redefined wallet architecture by allowing smart contracts to control user accounts, enabling features such as gas abstraction, batched transactions, and sponsored transactions via Paymasters.
By 2025, over 8.2 million user accounts had adopted ERC-4337 wallets across Ethereum and Layer 2s. However, the fusion of flash loans with AA created a novel attack surface: malicious UserOperations (UserOps) crafted to drain wallets in a single transaction block using borrowed liquidity. Unlike traditional exploits, these attacks occurred within the constraints of a single atomic bundle, making detection and mitigation uniquely challenging.
Attackers initiated flash loans from sanctioned protocols (e.g., Aave V3, Compound III) to borrow large amounts of WETH, USDC, or stablecoins. These loans were routed through a malicious UserOp—a signed but unexecuted transaction bundle—submitted to the EntryPoint contract.
The core vulnerability lay in insufficient validation within the EntryPoint’s handleOps() function and Paymaster contracts. Specifically:
userOp.callData without length checks enabled buffer overflow-style attacks, enabling arbitrary contract calls.Many attacks exploited Paymaster misconfigurations, where a malicious Paymaster sponsored gas for UserOps that transferred funds to attacker-controlled wallets. For example:
UserOp {
sender: VictimWallet,
callData: transfer(AttackerWallet, 1000 ETH),
signature: forged_signature,
paymaster: MaliciousPaymaster,
nonce: 0x1
}The Paymaster, trusting the signature and nonce, sponsored the gas. The EntryPoint executed the UserOp atomically—all within one block—ensuring the flash loan remained uncanceled.
One of the most damaging incidents involved the Euler Finance V2 protocol, which had migrated to ERC-4337 for gasless transactions. An attacker borrowed 50,000 ETH via a flash loan, then submitted a UserOp that:
The exploit leveraged a missing reentrancy guard in the EntryPoint v0.6 implementation and a signature replay due to improper EIP-712 hashing. The transaction was confirmed in 12 seconds—faster than most monitoring systems could react.
Common flaws included:
validateUserOp() checks or allowed bypass via empty signatures.Paymasters often acted as trust boundaries but were not audited with the same rigor as core contracts. Vulnerabilities included:
Deterministic wallet addresses (via CREATE2) reused nonces across deployments, enabling nonce collision attacks. Attackers precomputed UserOps with matching nonces and submitted them in rapid succession.
_hashTypedDataV4.abi.decode() with strict bounds.handleOps() and simulateHandleOp().