According to PANews, recent contract attacks have exploited the features of EIP-7702 to bypass on-chain security checks, resulting in issues such as flash loan attacks and price manipulation. These incidents have led to losses amounting to nearly a million dollars. Analysis indicates that attackers used malicious delegator authorization to carry out these attacks, affecting well-known DeFi projects like QuickConverter at QuickswapDEX and several CSM liquidity pools.
The implementation of EIP-7702 has enabled Externally Owned Accounts (EOA) to possess smart contract capabilities, rendering traditional security logic ineffective. GoPlus, a security agency, advises project teams to enhance protections against flash loan and reentrancy attacks, restructure EOA checks and permission management logic, and continuously monitor delegator authorizations of administrator addresses to prevent potential risks.