EIP-8224: Counterfactual Transaction introduces a new transaction type (0x08) that lets a sender pay for gas using a ZK proof against a canonical ETH “fee note” pool, instead of holding public ETH.
The problem it solves: A fresh EOA with no ETH can’t pay gas, and receiving ETH from any source creates a traceable on-chain link - defeating privacy. This is the bootstrapping problem that remains even after EIP-8223 (sponsored transactions).
How it works:
- A user pre-deposits ETH into a canonical fee-note contract at 0x14 using fixed denominations (0.001 to 5 ETH), receiving a private commitment
- Later, from a fresh EOA, they submit a counterfactual transaction carrying a Groth16 ZK proof that they own an unspent fee note sufficient to cover gas
- The protocol verifies the proof (no EVM execution needed), consumes the fee note’s nullifier, settles gas, and sends any leftover ETH to a designated gas_refund_recipient
- The transaction body executes normally - it can call any contract (privacy pool withdrawal, account setup, etc.)
Key design properties:
- One-shot bootstrap - used once to fund a smart account and register it in the EIP-8223 payer registry; all subsequent txs use cheap sponsored transactions
- Composable - the data field can target any contract; the fee note only handles ga
- Bounded ETH exit - unused fee-note value emerges as public ETH at the refund recipient, doubling as an account bootstrap mechanism
- Mempool-safe - validation is bounded cryptographic computation + fixed storage reads, no EVM execution
Dependencies: EIP-1559, EIP-2718, EIP-7708. Status: Draft.