.png){kind=logo}
The Ethereum network completed a much-anticipated Pectra upgrade, which brought with it many new features aimed at improving wallet functionalities, staking, and scalability. While the upgrade is being hailed as a milestone, security concerns have appeared almost instantly, raising concerns in the crypto community.
The most notable upgrade to the Pectra fork is to include EIP-3074, which allows users to delegate control of their Ethereum account to smart contracts via 2 new operations of AUTH and AUTHCALL. Although intended to enhance wallet efficiency, the feature can also expose users to scams.
Security experts and users in Telegram have expressed concerns, advising that signing an evil message can be sufficient to empty an entire wallet. “Watch what you sign… It is sufficient to empty all tokens,” wrote one user. The fear is that users will be tricked into inadvertently signing malicious contracts.
In a similar vein, EIP-7702 introduces ‘smart accounts ’- wallets that act like smart contracts. Users will thus be able to approve transactions with non-ETH tokens and share those approvals with third-party applications. While the intention is to enhance user experience, this opens new avenues for abuse if sufficient checks are not put in place.
The Pectra upgrade of epoch 364032 contains eleven Ethereum Improvement Proposals (EIPs). Three of them are highly important because of their extremely broad powers:
EIP-7702 temporarily allows account abstraction so that wallets may temporarily operate as smart contracts.
EIP-7251 raises the validations staking capacity from 32 ETH to 2,048 ETH and simultaneously facilitates high-volume staking through comparatively easy node requirements.
EIP-7691 improves data management to lower gas costs and hence increase transaction speed, with the scalability issue being addressed as the competition from Layer 2 goes on the surge.
Combined, these updates will make Ethereum more efficient, less expensive, and more accessible.
While there may not be exploitation cases immediately after, the Ethereum Foundation has issued a warning to users. With the upgrade, developers have committed to overseeing the network for one day to manage any arising issues. Validators and node operators must also update their software for continued compatibility.
This update is a substantial move in Ethereum’s evolution, bringing many tools for quality of use with greater staking flexibility, but as with any development, there is a cost. The community has to deal with raging threats, and can use the latest innovations by weighing proactive engagement in light of new vulnerabilities looming.
