What is the difference between 7702 and 4337?

  • 7702 lets you upgrade an EOA into a smart account at the same address, supporting code delegation.
  • 4337 defines the account abstraction infrastructure (userops, paymasters, bundlers) for smart account logic.
  • They work best together—7702 lets you add 4337 support to any EOA.

Key terms

  • Authorization: Signed message specifying chain, address, and signature to allow code delegation; can be single- or multi-chain. Only the most recent authorization is active.
  • Delegate: The contract code that your EOA points to and executes.
  • Relayer: Entity that submits the transaction and pays gas; can be any account with a private key including a bundler.

Will Base Appchains support 7702?

  • Yes, after 7702 is live on Base mainnet, Appchains will follow.

What address should I use for my Smart Account (4337) Implementation?

  • The Coinbase Smart Wallet (CBSW) implementation address for both Base and Base Sepolia is 0x000100abaad02f1cfC8Bbe32bD5a564817339E72

Does the current version of Paymaster support EIP-7702 transactions?

  • Yes, as long as the EOA is upgraded to support ERC-4337 validation logic (i.e., after the 7702 upgrade) by sending an authorization transaction that designates a valid smart contract implementation for the account.

How do I upgrade my wallet to 7702?

  • Send a special EIP-7702 transaction that includes a signed authorization and the new contract code to delegate to your EOA.

// Step 1: Setup signer and smart account
const eoa7702 = privateKeyToAccount("0xPRIVATEKEY"); //Also acts as Relayer
const smartAccountImplementation = "0x000100abaad02f1cfC8Bbe32bD5a564817339E72"; // CBSW account implementation

//Step 2: Create a wallet client
export const walletClient = createWalletClient({
  account: eoa7702,
  chain: baseSepolia,
  transport: http(CDP_RPC_URL),
})

// Step 3: Sign EIP-7702 authorization
const authorizationHash = await sepoliaWalletClient.signAuthorization({
  account: eoa7702,
  contractAddress: smartAccountImplementation,
});

// Step 4: Send authorization onchain
const hash = await walletClient.sendTransaction({ 
  authorizationList: [authorization], 
  to: eoa.address, 
})

How can I tell if a wallet is a smart account or EOA?

Who can be a relayer?

  • Any account with a private key can relay the upgrade transaction.
  • For sponsored (gasless) transactions after upgrade, a relayer may interact with a bundler or paymaster for reimbursement.
  • Bundlers are not required for the initial 7702 tx, but are needed for subsequent ERC-4337 (userop) flows.

How can developers protect their users from 7702 attacks?

  • Use only trusted delegate contracts: Verify that the smart contract implementation you’re asking users to delegate to is legitimate and audited
  • Verify contract addresses on block explorers: Double-check contract addresses on a block explorer (Etherscan/Basescan) before implementing them in your application to ensure they match expected implementations
  • Implement proper validation: Add checks in your application to verify that the delegate contract address matches known safe implementations (e.g., Coinbase Smart Wallet implementation)
  • Educate users: Provide clear information about what the authorization does and which contract they’re delegating to
  • Use established implementations: Prefer well-known, audited smart account implementations rather than custom or unverified contracts