Skip to main content
The Aave Smart Account Ability enables Vincent Apps to validate and sign ERC-4337 UserOperations for Aave protocol interactions on behalf of Vincent Users using Smart Accounts. This ability provides secure, delegated signing with comprehensive validation, ensuring that all operations benefit the user and interact only with authorized Aave contracts.

Key Features

  • Smart Account Integration: Validates and signs UserOperations (ERC-4337) for Smart Accounts with session key permissions
  • Comprehensive Validation: Decodes, simulates, and validates all operations on-chain before signing
  • Aave Protocol Safety: Ensures interactions only occur with authorized Aave contracts (Pool, tokens, etc.)
  • User Protection: Verifies operations benefit the user with no value extraction
  • Multi-Chain Support: Works across networks where Aave V3 is deployed (Ethereum, Base, Arbitrum, etc.)

How It Works

The Aave Smart Account Ability is built using the Vincent Ability SDK and operates in two phases:
1

Precheck Phase

Validates the UserOperation without executing it:
  • Decodes the UserOperation calldata to understand the transaction
  • Simulates the transaction on-chain (read-only) to see effects
  • Validates all contract interactions are with authorized Aave addresses
  • Verifies no value is being extracted from the user
  • Checks operations align with Aave’s intended use (supply, borrow, repay, withdraw)
  • Returns validation results without modifying blockchain state
2

Execution Phase

Performs the same validations as precheck, then signs the UserOperation:
  • Repeats all validation checks from the precheck phase
  • Signs the UserOperation with the Agent Wallet if all checks pass
  • Returns the signed UserOperation ready for broadcast
  • The signed UserOperation can then be submitted to a bundler for on-chain execution

Getting Started

Depending on your role in the Vincent Ecosystem, you’ll be interacting with this Ability in different ways. Click on the link below that matches your role to see how to get started:
  • Vincent App Developers: If you’re building a Vincent App that needs Smart Account integration with Aave, go here.
  • Vincent App Delegatees: If you’re executing this ability on behalf of Vincent App Users, go here.
This ability is designed for Smart Account (ERC-4337) workflows. If you’re using regular EOA wallets, use the standard Aave Ability instead.

Adding the Ability to your Vincent App

If you want to enable your App Delegatees to validate and sign Aave Smart Account operations on behalf of your Vincent App Users, you can add this Ability to your App. Adding Abilities to your Vincent App is done using the Vincent App Dashboard. Visit the Create Vincent App guide to learn more about how to add Abilities to your App during creation, or check out the Updating Your App guide to learn how to add Abilities to an existing App.

Executing the Ability as a Vincent App Delegatee

Before executing Aave Smart Account operations, the following conditions must be met:
  • Smart Account Setup: The Vincent App User must have an ERC-4337 compatible Smart Account (e.g., ZeroDev Kernel, Safe)
  • Session Key Permission: The Agent Wallet must be granted session key permissions on the Smart Account
  • Valid UserOperation: The backend service must construct a valid UserOperation containing interactions with the Aave protocol
  • Gas Sponsorship (Optional): If using a paymaster, ensure proper paymaster data is included in the UserOperation
To learn more about executing Vincent Abilities, see the Executing Abilities guide.

Smart Account Architecture

The typical flow involves multiple components:
Learn more about Smart Accounts in the Smart Accounts concept guide.

Executing the precheck Function

This Ability’s precheck function validates a UserOperation without actually signing it, allowing you to verify the operation will succeed before committing to execution.
  • Parameters
  • Implementation
  • Response
Before executing the precheck function, you’ll need to provide the following parameters:
{
  /**
   * The unsigned UserOperation for the Smart Account (ERC-4337 v0.7.0 format)
   */
  userOp: {
    sender: string;                           // Smart Account address (hex)
    nonce?: string;                           // Account nonce (hex string, e.g., "0x1")
    callData: string;                         // Encoded transaction calls (hex)
    callGasLimit?: string;                    // Gas limit for execution (hex)
    verificationGasLimit?: string;            // Gas for verification (hex)
    preVerificationGas?: string;              // Pre-verification gas (hex)
    maxFeePerGas?: string;                    // Max fee per gas (hex, default: "0x59682F00")
    maxPriorityFeePerGas?: string;            // Priority fee (hex, default: "0x3B9ACA00")
    signature?: string;                       // Can be empty for precheck

    // ERC-4337 v0.7.0 Paymaster fields (separate, not combined)
    paymaster?: string;                       // Paymaster address (hex)
    paymasterData?: string;                   // Paymaster-specific data (hex)
    paymasterVerificationGasLimit?: string;   // Paymaster verification gas (hex)
    paymasterPostOpGasLimit?: string;         // Paymaster post-op gas (hex)

    // Account deployment fields (if account not yet deployed)
    factory?: string;                         // Account factory address (hex)
    factoryData?: string;                     // Factory deployment data (hex)
  };
  /**
   * EntryPoint contract address for UserOperation validation
   */
  entryPointAddress: string;
  /**
   * The Alchemy RPC URL for on-chain simulation and validation
   */
  rpcUrl: string;
}
Important Notes:
  • v0.7.0 Format: This ability uses ERC-4337 v0.7.0 which has separate paymaster fields (not paymasterAndData)
  • Hex Strings: All numeric values must be hex strings (e.g., "0x1"), not bigints or numbers
  • EntryPoint: Must be a valid EntryPoint v0.7 address for your target network
  • The callData field must contain valid Aave protocol interactions
Alchemy RPC Required: This ability requires an Alchemy RPC URL. It uses Alchemy’s proprietary alchemy_simulateUserOperationAssetChanges method for on-chain simulation. Execution will fail if a non-Alchemy RPC URL is provided.

Executing the execute Function

This Ability’s execute function performs the same validation as precheck, then signs the UserOperation with the Agent Wallet.
  • Parameters
  • Implementation
  • Response
The execute function requires the same parameters as precheck, plus an additional parameter for signing:
{
  /**
   * The unsigned UserOperation for the Smart Account (ERC-4337 v0.7.0 format)
   */
  userOp: {
    sender: string;
    nonce?: string;
    callData: string;
    callGasLimit?: string;
    verificationGasLimit?: string;
    preVerificationGas?: string;
    maxFeePerGas?: string;
    maxPriorityFeePerGas?: string;
    signature?: string;

    // v0.7.0 Paymaster fields
    paymaster?: string;
    paymasterData?: string;
    paymasterVerificationGasLimit?: string;
    paymasterPostOpGasLimit?: string;

    // Account deployment fields
    factory?: string;
    factoryData?: string;
  };
  /**
   * EntryPoint contract address for UserOperation validation
   */
  entryPointAddress: string;
  /**
   * The Alchemy RPC URL for on-chain simulation and validation
   */
  rpcUrl: string;
  /**
   * Serialized ZeroDev permission account (session key) that will sign the UserOperation
   * This is the permitted signer configured on the Smart Account
   */
  serializedZeroDevPermissionAccount: string;
}
Important Notes:
  • serializedZeroDevPermissionAccount is REQUIRED for execute (not needed for precheck)
  • This contains the session key configuration that authorizes the Agent Wallet to sign
  • All other parameters are identical to precheck

Supported Networks

This ability supports Aave V3 operations on networks where ERC-4337 infrastructure, Smart Account providers, and Aave V3 are all available:
Network TypeSupported Chains
Mainnetsethereum, polygon, arbitrum, optimism, base, avalanche
Testnetssepolia, basesepolia, arbitrumsepolia, optimismsepolia
Network support is limited by Alchemy’s alchemy_simulateUserOperationAssetChanges API. Only networks where Alchemy supports UserOperation simulation can be used with this ability.

Important Considerations

This ability works with ERC-4337 compliant Smart Accounts. Ensure your Smart Account implementation follows the standard and has proper session key support.
The Agent Wallet must be properly configured as a session key with appropriate permissions on the Smart Account. Without proper session key setup, signature validation will fail.
The ability validates that ALL interactions are with authorized Aave contracts. Any unauthorized contract call will cause validation to fail. This is a security feature to prevent malicious operations.
Operations are simulated on-chain before signing. This means the ability must connect to an actual blockchain node. Ensure proper RPC access for the target network.
Smart Account operations typically require more gas than regular transactions due to verification logic. Ensure gas limits are properly estimated and sufficient funds exist (or paymaster is configured).
Constructing valid UserOperations requires understanding ERC-4337. Consider using Smart Account SDKs (ZeroDev, Biconomy, etc.) to generate properly formatted UserOperations.

Error Handling

  • Invalid UserOperation Format: Malformed UserOperation structure or missing required fields
  • Unauthorized Contract Interaction: UserOperation contains calls to non-Aave contracts
  • Simulation Failure: On-chain simulation reverts or fails
  • Value Extraction Detected: Operation attempts to extract value from the user
  • Session Key Not Configured: Agent Wallet lacks session key permissions on Smart Account
  • Insufficient Gas Limits: Gas limits too low for the operation complexity
  • Invalid Chain: Chain not supported or RPC unavailable
  • Aave Contract Mismatch: Operation targets non-Aave addresses
This ability performs extensive security checks:
  • Contract Allowlist: Only Aave protocol contracts are permitted
  • Simulation Required: All operations must pass on-chain simulation
  • No Value Extraction: ETH/token transfers out of user control are blocked
  • Signature Verification: Session key permissions are validated
If any security check fails, the operation is rejected without signing.

Learn More

Smart Accounts

Learn about Smart Account architecture with Vincent

Standard Aave Ability

Use the regular Aave ability for EOA wallets

Agent Wallets

Understand how Agent Wallets enable delegation