Recently, Benzinga, a well-known American financial technology media, published an article that deeply explored the transformative impact of Ethereum's Pectra upgrade, and specifically cited CertiK's authoritative analysis of potential risks, especially the new trust model changes introduced by EIP-7702. This upgrade not only redefines the way EOA interacts with smart contracts, but also involves the optimization of the staking model and the improvement of data throughput, laying the foundation for the next stage of Ethereum's scalability.

As an important contributor to the security of the Ethereum ecosystem, CertiK has also helped it achieve important progress in another milestone in Ethereum’s scalability strategy. Recently, CertiK was awarded two research grants by the Ethereum Foundation in the first quarter of 2025 to promote the research and application of zkEVM formal verification technology.

As the largest Web3.0 security company, CertiK's analysis is not limited to problem identification, but is also committed to providing developers with practical solutions. We recommend that developers update their code base as soon as possible to avoid continuing to treat EOA as a passive account logic, and adopt industry-standard reentrancy protection measures and more rigorous logical constraints to effectively reduce the potential attack surface.

Faced with the trust model changes brought about by the Pectra upgrade, developers need to re-examine the trust model of their smart contracts to ensure that the contract logic can fully cope with the changes in EOA execution capabilities. CertiK will continue to be committed to providing cutting-edge security protection for global developers, and work hand in hand with developers, researchers and the entire Web3.0 community to jointly shape the future of Web3.0.

The following is the full report:

Ethereum Pectra Upgrade Officially Launched: Key Changes to Know

Ethereum officially activated its much-anticipated Pectra upgrade on May 7, a key step in the network’s development since the Dencun fork last year.

The upgrade officially took effect at 6:05 Eastern Time and was finally confirmed 10 minutes later.

Pectra introduces several major changes to the Ethereum protocol, most notably EIP-7702, which redefines how externally owned accounts (EOAs) interact with smart contracts.

For the first time, regular user wallets can execute contract logic while maintaining the same address, paving the way for building smarter and more flexible user accounts.

EIP-7702 is seen as the basis for achieving comprehensive account abstraction, allowing users to batch transactions, skip manual token authorization, and enable seamless interaction between different applications.

The upgrade also involves adjustments to the validator model. EIP-7251 increases the staking limit for each validator from 32 ETH to 2,048 ETH, allowing large stakers to integrate capital more efficiently, optimize protocol operation efficiency, and improve reward distribution.

In addition, EIP-7691 increases the number of Blob (a temporary data structure specifically used to store big data) data blocks in each block from 3 to 6, significantly improving the throughput of Layer 2 and reducing the cost of Rollup transactions.

However, the Pectra upgrade is not without its challenges. Muriel Médard, a professor at MIT and co-founder of Optimum, pointed out in a statement to Benzinga that with the launch of Pectra, the new bottleneck facing Ethereum is network bandwidth.

“Bandwidth becomes the key limiting factor after Pectra goes live, especially since blobs of data need to be propagated across the peer-to-peer network,” she said. “Whether Ethereum can propagate data efficiently and predictably will determine its ability to scale.”

Médard added that as the size of blob data blocks continues to increase, it is not enough to simply increase the average bandwidth; reducing the variability of data dissemination is also critical.

“Unpredictability undermines the overall reliability of Rollups and applications, and has become a core infrastructure problem,” she stressed.

At the same time, security experts have expressed concerns about the potential far-reaching impact of EIP-7702.

Blockchain security firm CertiK warned in a blog post that the upgrade breaks the long-standing assumption that EOAs cannot execute contract code.

Therefore, smart contracts that rely on old logic such as tx.origin == msg.sender for reentrancy protection or flash loan protection may be exposed to new risks.

“The trust model has changed,” CertiK noted in the post. “EOAs are now able to execute logic, which introduces entirely new risk vectors for contracts that did not anticipate this feature.”

CertiK also cited a case that occurred after BSC introduced a Pascal-like upgrade in March this year, saying that it had observed some suspicious transactions that exploited such hypothetical vulnerabilities.

For this reason, developers are urged to update the code base as soon as possible to avoid continuing to treat EOA as a passive account logic. Instead, industry-standard reentrancy protection measures and more rigorous logic constraints should be adopted to reduce the potential attack surface.

Despite these challenges, the Pectra upgrade is widely seen as an important milestone towards the next stage of ethereum’s evolution.