Ethereum co-founder Vitalik Buterin has responded to community concerns about potential security vulnerabilities stemming from the platform’s latest upgrade, EIP-7702.
Addressing criticism circulating online, Buterin advised Ethereum users to mitigate risk by delegating authority exclusively to contracts audited and endorsed by trusted wallet teams and the broader Ethereum community.
The concerns arose following a critique highlighting the upgrade’s shortcomings. One user noted that wallets were capable of blocking harmless websites but simultaneously permitting delegations to contracts that could be malicious. In practice, users might unknowingly authorize fraudulent contracts, potentially leading to significant financial losses from phishing attempts or related cyber threats.
“The proper utilization of [EIP] 7702 involves delegating authority specifically to a single, thoroughly audited contract, which then securely executes additional logic,” explained Buterin through Warpcast, a decentralized social media platform.
EIP-7702, a key component of the wider Pectra upgrade, introduces innovative transaction capabilities. It permits Externally Owned Accounts (EOAs) to temporarily assume the characteristics of smart contracts for the duration of individual transactions. This allows EOAs to handle advanced transaction types such as batch processing, gas sponsorships, or customized logic execution without having to permanently transition into smart contract accounts.
Once a transaction completes, the account promptly reverts to its original state, ensuring lasting structural changes aren’t necessary. While this flexibility can significantly streamline user experience and account abstraction, community members warn it could inadvertently facilitate malicious exploits.
Attackers, for example, might create contracts that initially seem harmless but harbor concealed security flaws, potentially triggering substantial harm under specific conditions. This has fueled fears among users about increased susceptibility to phishing schemes and other deceptive practices enabled by the upgrade.
Initially scheduled for official release on May 7, the broader Pectra upgrade has been rescheduled due to recent developments. Ethereum’s core development team has now slated its deployment for April 21, accelerated from the original timeframe. Upon implementation, it will incorporate the EIP-7702 feature—adding delegated state functionality to the JSON-RPC interface.
Buterin co-authored the EIP-7702 upgrade alongside Ansgar Dietrich, Matt Garnett, and Sam Wilson, all contributing to enhanced synergy between Ethereum’s core architecture and its expansive smart contract capabilities.
