[bug] Invalid UserOperation signature or paymaster signature - Gas Sponsorship on embedded/AUTH wallets not working.

[SaluteDan]

Link to minimal reproducible example

https://demo.attributes.gallery/mint/6993ad07982fa17f65a52c59

Steps to Reproduce

1 - Head to "https://demo.attributes.gallery/mint/6993ad07982fa17f65a52c59"
2 - Log in (ensure it's via social/AUTH, and you switch to the smart account.
3 - Claim ATTR Points, the platform's native token.
4 - Try minting an NFT and keep an eye on the browser's console log.

(Note: If social login is missing from options, clear your cache.)

Summary

What should have happened: The transaction fee should be covered or sponsored by my paymaster, but it fails with the following error: "UserOperation rejected because account signature check failed (or paymaster signature, if the paymaster uses its data as signature)."

Upon researching, the error message means that the user operation was modified after the Paymaster signed it.
Explained more here: "https://docs.cdp.coinbase.com/paymaster/reference-troubleshooting/troubleshooting#invalid-signature"

What is odd is that the transaction works when the wallet client is not AUTH/social login. Performing the same transaction with a Base smart account works flawlessly.

List of related npm package versions

"@reown/appkit": "^1.8.15",
"@reown/appkit-adapter-ethers": "^1.8.14",
"@reown/appkit-adapter-solana": "^1.8.14",
"@reown/appkit-adapter-wagmi": "^1.8.15",
"viem": "^2.43.4",
"wagmi": "^2.19.5",

Node.js Version

20

Package Manager

npm@10

[linear]

REOWN-4478

[SaluteDan]

Update: Root cause identified — wallet_sendCalls mutates gas values after paymaster signing

After extensive debugging, I've identified the exact root cause of this issue.

What's happening

When using wallet_sendCalls with a paymasterService capability on AppKit embedded/AUTH wallets, the wallet internally re-estimates gas after the paymaster has already signed the UserOperation. This mutates callGasLimit, verificationGasLimit, and/or preVerificationGas, invalidating the paymaster's signature. The bundler then rejects the UserOperation with:

UserOperation rejected because account signature check failed

This does not happen with external smart accounts (e.g. Base Smart Wallet via browser extension) because those wallets handle the full ERC-4337 flow themselves and don't re-estimate after paymaster signing.

Attempted fixes that did NOT work

Removing gas: null from the wallet_sendCalls payload — the wallet still re-estimates internally
Retrying on signature validation errors — same failure every attempt
Setting explicit gas values in the calls array — ignored by the wallet

Workaround

Bypass wallet_sendCalls entirely for sponsored transactions and drive the ERC-4337 flow manually against the bundler RPC:

Encode callData directly using the account's executeBatch selector
Fetch nonce from EntryPoint via chain RPC (publicClient.readContract)
pm_getPaymasterStubData → eth_estimateUserOperationGas → pm_getPaymasterData (in sequence, with the same gas values)
Sign the UserOp hash via eth_signTypedData_v4 with the wallet provider
Submit via eth_sendUserOperation
This ensures the gas values are frozen before the paymaster signs and nothing mutates between signing and submission.

Environment

reown/appkit: ^1.8.15
reown/appkit-adapter-wagmi: ^1.8.15
viem: ^2.43.4
Chain: Base Sepolia (84532)
Paymaster: Pimlico (ERC-7677 compatible)
Account type: AppKit embedded/AUTH wallet

Expected fix

wallet_sendCalls should lock gas values after calling pm_getPaymasterStubData and not re-estimate before submitting. The paymaster-signed UserOp should be submitted as-is.