BlockBeats news, May 8th, the security company Slow Mist issued a reminder regarding the potential new risks brought by the new features after the Ethereum Pectra upgrade.
For users. Private key protection should always be a top priority. Be aware that the same contract address on different chains may not always have the same contract code. Understand the details of the delegated target before proceeding with operations.
For wallet providers. Check if the delegated chain matches the current network. Remind users to be cautious of the risks associated with delegated signatures that have a chainID of 0, as this signature may be replayed on different chains. Display the target contract when users sign the delegation to reduce the risk of phishing attacks.
For developers. Ensure to perform permission checks during wallet initialization (e.g., verify the signature address via ecrecover), follow the namespace formula proposed in ERC-7201 to mitigate storage conflicts; do not assume tx.origin is always an externally owned account (EOA); using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective; ensure that the target contract delegated by the user implements the necessary callback functions to ensure compatibility with mainstream tokens.
For centralized exchanges. Conduct tracking checks on deposits to reduce the risk of false deposits from smart contracts.