CoinVoice has learned that the security company SlowMist stated on platform X that Ethereum's Pectra upgrade (EIP-7702) is now live—this is a significant leap, but the new features also bring new risks. Here are the things that users, wallet providers, developers, and exchanges should pay attention to:
For users: Private key protection should always be a top priority; be aware that the contract code at the same contract address on different chains may not always be the same; understand the details of the delegation target before proceeding. For wallet providers: Check if the delegation chain matches the current network; remind users of the risks associated with delegation signatures that have a chainID of 0, as these signatures may be replayed on different chains; display the target contract when the user signs the delegation to reduce the risk of phishing attacks. For developers: Ensure permission checks are performed during wallet initialization (e.g., by verifying the signature address through Ecrecover); follow the namespace formula proposed in ERC-7201 to mitigate storage conflicts; do not assume Tx.Origin is always an externally owned account (EOA); using Msg.Sender == Tx.Origin as a defense against reentrancy attacks will no longer be effective; ensure that the target contract delegated by the user implements the necessary callback functions to ensure compatibility with mainstream tokens. For centralized exchanges (CEXs): Conduct tracking checks on deposits to reduce the risk of false deposits from smart contracts. [Original link]
