A few people have asked if this affects Biconomy. Simple answer is, no. Here's why:
Biconomy MEE (Modular Execution Environment) is not impacted by the newly disclosed ERC‑4337 EntryPoint griefing bug because of how it constrains who can execute UserOperations and how gas sponsorship is validated.
In MEE:
- All client transactions are always routed through MEE network (MEE Nodes).
- The ability to have a UserOperation executed and sponsored is controlled inside the paymaster's validatePaymasterUserOp, which enforces that tx.origin must be a whitelisted EOA (MEE relayers).
- If a transaction originates from any non‑whitelisted tx.origin (including any attacker‑controlled contract wrapper), the UserOperation fails in the validation phase, and the paymaster refuses to sponsor gas for it.
- As a result, an attacker cannot submit a UserOperation through a malicious call stack that wraps the user's inner call and triggers DeFi reentrancy guards or similar safety checks while still making MEE pay for gas.
- Because MEE's clients exclusively use this infrastructure and associated paymaster, there is no execution path where an attacker can exploit the disclosed ERC‑4337 griefing vector against MEE user.
