Slow fog: All parties need to pay attention to the new risks and response measures brought by new Ethereum functions

PANews reported on May 8 that security company Slow Fog said on X platform that Ethereum’s Pectra upgrade (EIP-7702) is now online - this is a major leap, but new features also bring new risks. Here are the things users, wallet providers, developers and exchanges should pay attention to:

• For users: Private key protection should always be the top priority; be aware that the contract codes of the same contract address on different chains may not always be the same; before performing operations, you must understand the detailed information of the delegate target.
• For wallet providers: Check whether the delegation chain matches the current network; remind users to pay attention to the risks brought by using a delegation signature with chainID 0, which may be replayed on different chains; display the target contract when the user signs the delegation to reduce the risk of phishing attacks.
• For developers: Make sure permission checks are performed during wallet initialization (e.g., verifying the signature address through ecrecover); follow the namespace formula proposed in ERC-7201 to mitigate storage conflicts; do not assume that tx.origin is always an externally owned account (EOA), using msg.sender == tx.origin as a means of defense against reentry attacks will no longer be effective; make sure that the target contract delegated by the user implements the necessary callback functions to ensure compatibility with mainstream tokens.
• For centralized exchanges (CEXs): Track and check deposits to reduce the risk of false deposits from smart contracts.