Token Paymaster is a token-based paymaster that allows user to pay gas fees in ERC20 tokens. Paymasters can sponsor transaction fees for contract accounts. The ERC4337 Entrypoint verifies whether the Paymaster has a sufficient deposit or if the contract account holds enough funds to cover gas fees. During execution, if a Paymaster is involved, it can implement custom fee logic (which in this case is withdrawing ERC20 tokens as gas fees).

Zellic conducted a security assessment for Biconomy Labs from May 22nd to May 25th, 2022. During this engagement, Zellic reviewed Token Paymaster's code for security vulnerabilities, design issues, and general weaknesses in security posture.