Wallet / Auth·EVM
Pimlico
Provider-agnostic ERC-4337 bundler and paymaster infrastructure with the `permissionless.js` SDK. Lets you build on Safe, Kernel, Biconomy, SimpleAccount, or LightAccount without locking in to a single smart-account vendor.
- 01ERC-4337 bundler infra
- 02verifying + ERC-20 paymasters
- 03vendor-neutral smart accounts
- 04viem-native account abstraction
- 05multi-account-type apps
- pnpm add permissionless viem
| Variable | Scope | Description |
|---|---|---|
| PIMLICO_API_KEY | Server | Pimlico API key used in bundler and paymaster RPC URLs (https://api.pimlico.io/v2/{chain}/rpc?apikey=...). |
Use Pimlico for ERC-4337 bundler and paymaster infra via `permissionless`. Create a `pimlicoClient` with `createPimlicoClient({ transport: http(`https://api.pimlico.io/v2/${chain}/rpc?apikey=${PIMLICO_API_KEY}`) })`, then build a smart account (Safe, Kernel, SimpleAccount, etc.) and pass it to `createSmartAccountClient({ account, chain, bundlerTransport, paymaster: pimlicoClient, userOperation: { estimateFeesPerGas: pimlicoClient.estimateFeesPerGas } })`. Send ops with `smartAccountClient.sendUserOperation({ calls: [...] })` and confirm with `waitForUserOperationReceipt`. Proxy the API key through a server route — don't ship it to the browser.
- ⚑API key is a secret — exposing it client-side lets anyone drain your sponsorship budget. Always proxy bundler / paymaster RPC through a server route.
- ⚑EntryPoint v0.6 vs v0.7 vs v0.8: pick one consistently across account, bundler, and paymaster. `permissionless` v0.2+ defaults to v0.7; older code may still target v0.6.
- ⚑ERC-20 paymaster requires the user to have the chosen token in their smart account, plus an approval — first-tx UX needs a pre-funded sponsor or initial native top-up.
- ⚑Bundler chain coverage varies: not every EVM chain has Pimlico support; check the dashboard before promising users a chain.
- ⚑`permissionless.js` is viem-only and tracks viem's API closely — viem major bumps often require a `permissionless` upgrade in lockstep.