Vitalik Buterin responds to security concerns over new Pectra upgrade

Ethereum co-founder Vitalik Buterin reminds users to rely on contracts that have been reviewed by trusted wallet teams amidst security concerns about the latest upgrade.

In a recent post shared on the decentralized social media platform Warpcast, Buterin responded to the Ethereum (ETH) community’s concerns regarding the protocol’s latest upgrade, EIP-7702. One user shared a statement from X user @nftchance, who pointed out the “non-viability” of EIP-7702.

The user pointed out that the wallet blocks websites that are not suspicious. However, it still allows delegations for potentially fraudulent contracts to pass through, which could leave users vulnerable to potential security breaches like phishing and other cyber hacks.

“Meanwhile they’re going to allow arbitrary delegation that can result in complete portfolio loss in one signature,” stated the user on X.

Upon seeing this critique, Vitalik Buterin offered advice on how to mitigate risks associated with the new upgrade. He stated that the right way to use the EIP 7702 upgrade was to only delegate audited contracts to prevent security exploits.

“The right way to use [EIP] 7702 is to delegate exactly one contract that is well reviewed by the wallet team and the Ethereum community, and have that contract implement the remaining logic in a safe way,” said Buterin in his recent Warpcast post.

EIP-7702 introduces a new type of transaction feature, which allows for Externally Owned Accounts or EOAs to temporarily function as smart contract accounts during a single transaction. With the new feature, users can carry out more advanced transactions such as gas sponsorships, batch transactions, and custom logic execution without having to convert EOAs into smart contract accounts.

After the transaction is processed, the EOA returns to its original state, enabling complex operations without permanently altering the account structure.

Although the new upgrade aims to simplify account abstraction and create more flexibility for users, many have pointed out how it also introduces potential security risks. For instance, attackers could exploit it by creating contracts that seem safe under normal conditions, but could be hiding security loopholes activated under specific circumstances.

Ultimately, users grow weary that they could fall victim to phishing attacks under the new upgrade if the system gets tricked into delegating control to fraudulent contracts.

Ethereum Improvement Proposal 7702 is part of the broader Pectra upgrade, which was originally set to officially launch on the Ethereum mainnet on May 7. However, according to the results of the latest Ethereum Execution Layer Core Developers Meeting, the Pectra client upgrade is expected to launch on April 21. The upgrade would add EIP-7702 for delegated state to JSON-RPC.

Vitalik Buterin co-authored EIP-7702 with Ansgar Dietrich, Matt Garnett, and Sam Wilson to offer better synergy with smart contract capabilities.