Coin World reported on July 9 that according to security agency GoPlus, several recent contract attack cases have exploited the features of EIP-7702 to bypass on-chain security checks, including msg.sender == tx.origin and msg.sender == _owner, resulting in flash loan attacks and price manipulation, with losses approaching one million dollars. Case analysis shows that attackers implemented the attacks through malicious delegator authorizations, affecting well-known DeFi projects including QuickConverter @QuickswapDEX and several CSM funding pools.
The implementation of EIP-7702 enables EOA addresses to possess smart contract capabilities, rendering traditional security logic ineffective. GoPlus recommends that project teams strengthen protections against flash loan attacks and reentrancy attacks, restructure EOA checks and authorization management logic, and continuously monitor the delegator authorization status of administrator addresses to prevent potential risks.
GoPlus: Recent EIP-7702 has led to multiple contract attacks, advising project teams to enhance protections against flash loan attacks and other measures
--
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
QUICK
0
%
Explore the latest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number
Relevant Creator
@BiJieWang