It is a section from the 0xResearch e-newsletter. To learn full editions, subscribe.
A Solidity developer good friend of mine reached out on Sign the opposite day in a tizzy. “I can’t consider this,” he wrote. “How did Ethereum builders let this occur?”
He was referring to a recent article worrying about Ethereum’s Pectra upgrade — particularly EIP-7702 — and its supposed potential to let hackers “drain wallets with simply an offchain signature.” The piece has been bandied about on X/Twitter, it appears, although not by individuals I observe. Fears have been clearly being stoked in some circles {that a} new transaction sort quietly enabled attackers to grab management of wallets with out an onchain transaction or perhaps a person’s data.
However like many issues in crypto, the fact is each extra nuanced — and fewer dramatic.
Ethereum’s current Pectra improve, activated on May 7, launched a robust mechanism that permits externally owned accounts (EOAs) to quickly act like smart accounts. However the rollout has been accompanied by breathless claims that it exposes customers to some insane new danger.
These headlines are deceptive. Whereas EIP-7702 may introduce a brand new assault floor for phishing, it doesn’t bypass wallet signatures or permit unauthorized entry per se. As a substitute, it indicators a particular message for the momentary superpowers. But when that message falls into the flawed arms, another person may take management — as if handing over a personal key to your wallet for a single session.
Sounds harmful, and it may be, however provided that a person is tricked into signing a malicious delegation. It’s not a protocol failure, however one thing for wallet software program publishers to take account of.
Safety researchers and wallets responded proactively to 7702. For instance, alongside assist for the characteristic, Ambire and Belief Wallet launched patches or warnings. Wallets that don’t but assist 7702 are usually not abruptly made insecure. However confusion spread with viral tweets claiming EIP-7702 made {hardware} wallets “now not protected,” for instance.
Will Hennessy, a product supervisor at Alchemy, strongly pushed again on that narrative:
“It’s a non-issue for finish customers,” he advised Blockworks. “No wallet helps signing arbitrary delegations, neither is there a wallet RPC for a dapp to request an arbitrary delegation signature.”
He’s proper…at the moment. Mainstream wallets like MetaMask and Ledger don’t expose a technique for signing EIP-7702 authorization tuples — the time period for the one-time-use permission slip, signed by the wallet proprietor.
However that’s starting to vary. Embedded wallet SDKs — together with Alchemy’s personal Account Package — already embody a technique referred to as signAuthorization that creates legitimate EIP-7702 signatures. These merchandise can bypass the EIP-1193 commonplace completely by bundling their very own supplier. As wallets start to natively assist smart accounts, this performance will probably unfold.
“The article describes signing a message with a wallet from a malicious web site,” Hennessy added, “however it isn’t attainable for any web site to request an EIP-7702 delegation signature from an exterior wallet.”
Regulate this risk vector. Simply as current requirements have been exploited in “blind signing” attacks, the identical may occur with EIP-7702 if wallet UX isn’t specific about what the person is delegating and to whom.
TL;DR — the criticism of 7702 as an “auto-drain” risk is exaggerated. There isn’t a magical backdoor, and attackers nonetheless want your signature. However the phishing danger is there if wallets don’t clearly present the contract, nonce and scope of a delegation.
So, don’t signal opaque 32-byte hex strings, individuals. Favor wallets that flag EIP-7702 requests and simulate the delegated contract. Pectra opens the door to highly effective smart account options, however bear in mind, with nice energy…
Get the information in your inbox. Discover Blockworks newsletters:
