Six mistakes in ERC-4337 smart accounts

This post identifies six critical ERC-4337 vulnerabilities, including improper access control, unsigned gas fields, and stateful validation. These flaws enable fund drainage or account hijacking. Developers must implement EIP-712 domain separation and strict EntryPoint restrictions to secure programmable smart wallets against sophisticated on-chain exploits.