- Vitalik Buterin advises users to delegate only to audited, community-vetted contracts to minimize EIP-7702 security risks.
- EIP-7702 introduces temporary smart contract functionalities for EOAs but raises phishing and malicious contract concerns.
- The Pectra upgrade, including EIP-7702, is now scheduled for April 21 and aims to enhance Ethereum’s flexibility and account abstraction.
Ethereum co-founder Vitalik Buterin responded to rising security concerns over the new network upgrade, urging users to trust only the contracts reviewed by trusted wallet teams.
Recently, Buterin shared a post on the decentralized social media platform Warpcast as to how the community is apprehensive about the new EIP-7702 feature added to the Ethereum protocol. X User @nftchance had also criticized the ‘non viability’ of EIP-7702 and that is what had prompted his remarks.
While wallets can do effective blocking of suspicious websites, they are also allowing the delegations to potentially fraudulent contracts, which can be a threat to users like phishing attacks and other hacking attempts, the user said.
“Meanwhile they’re going to allow arbitrary delegation that can result in complete portfolio loss in one signature,” the user warned on X.
Buterin Advises Delegating Only to Audited Contracts
Buterin responded to the critique by offering advice on how to handle risks posed by EIP-7702. Users should delegate authority to audited contracts only, which have undergone careful vetting by the wallet team and the broader Ethereum community, he advised, to minimize the chance of security exploits.
Buterin elaborates in his post: “The right way to use [EIP] 7702 is to delegate exactly one contract that the wallet team and Ethereum community has vetted and trust using, and the remaining logic is done in an extremely safe and secure way.”
The new transaction involving EOA to temporarily shunt a smart contract account is introduced by EIP-7702. It allows the users to perform more sophisticated actions like gas sponsorships, batch transactions, or users executing custom logic without actually turning the EOAs into smart contracts.
EOA Reversion After Transactions
After a transaction is completed, the EOA returns to its previous state, which is required for complex operations without changing the account’s base structure. Even though EIP-7702 aims to ease account abstraction and increase Ethereum users’ flexibility, there are concerns that it would also create new security vulnerabilities. In particular, critics have warned of attacker-created contracts that appear benign under usual circumstances but have hidden exploits that deploy themselves only in particular circumstances.
This has caused many in the Ethereum community to be concerned that users can be phished into delegating control to malicious contracts, resulting in a rise in phishing attacks and great loss of the assets.
Ethereum’s broader Pectra upgrade includes EIP-7702 and is due to be deployed to mainnet on May 7. However, according to the results of the most recent Ethereum Execution Layer Core Developers Meeting, The Pectra client upgrade has been pushed back to earlier, April 21. For this update, the JSON-RPC interface will have EIP-7702 for delegated state added.
EIP-7702, by Vitalik Buterin and Ansgar Dietrich, Matt Garnett, and Sam Wilson, intends to lead Ethereum users into a new era of flexibility and functionality by creating better synergy between EOAs and smart contract capabilities.
