PANews reported on May 8 that security company SlowMist said on the X platform that Ethereum's Pectra upgrade (EIP-7702) is now live - this is a major leap forward, but new features also bring new risks. Here are some things users, wallet providers, developers and exchanges should pay attention to:
- For users: Private key protection should always be the top priority; be aware that the contract code of the same contract address on different chains may not always be the same; understand the details of the delegated target before performing any operation.
- For wallet providers: check whether the delegation chain matches the current network; remind users of the risks of using delegation signatures with chainID 0, which may be replayed on different chains; display the target contract when the user signs the delegation to reduce the risk of phishing attacks.
- For developers: ensure that permission checks are performed during wallet initialization (e.g., verifying the signature address via ecrecover); follow the namespace formula proposed in ERC-7201 to mitigate storage conflicts; do not assume that tx.origin is always an externally owned account (EOA), using msg.sender == tx.origin as a means of defending against reentrancy attacks will no longer be effective; ensure that the target contract delegated by the user implements the necessary callback functions to ensure compatibility with mainstream tokens.
- For Centralized Exchanges (CEXs): Track deposits to reduce the risk of false deposits from smart contracts.
