Ethereum's Pectra upgrade to bring smart contract functionality to wallets as experts debate EIP-3074
Ethereum developers have set EIP-3074, which brings smart contract-like functionality to wallets, for inclusion in Ethereum’s next upgrade, nicknamed Pectra. However, crypto traders have raised security risks around the proposal, which could enable a malicious agent to drain a wallet’s entire contents through a single transaction.
EIP-3074 brings a host of user experience improvements to typical wallets by allowing certain functions to be delegated to smart contracts. This enables functionality like approving a large batch of transactions all at once, paying gas in different ERC20 tokens, enhanced security or account recovery, and more. However, the upgrade is still a step away from full account abstraction, as the delegated wallet cannot initiate transactions.
"All things considered, teams were in agreement about moving forward in the EIP. 3074 will be included in Pectra," wrote Tim Beiko, protocol support lead at the Ethereum Foundation, in a post on X.
However, developers have also flagged that EIP-3074 enables a new vulnerability: a single malicious transaction has the capability of draining a user's entire wallet through a batched transaction. While the prospect appears terrifying, some experts have reassured users that good wallet design can help eliminate the potential risk.
"I’m not aware of a consumer wallet today that is vulnerable to this [risk]. That was an early research audit task," wrote Dan Finlay, co-founder of MetaMask, in a post on X. "All a wallet has to do to eliminate this risk is to disallow blind signing opaque hashes, and also not allow signing with this reserved prefix."
"[The] upside is forcing wallets to improve UX around this such that more actions are recognized as explicitly safe and arbitrary unknown stuff is made to feel super scary," agreed Uniswap founder Hayden Adams.
Two Major Caveats
Other developers have expressed qualms with the proposal's latest incarnation since it was modified from the original in order to attract support .
One modification makes it so that the account delegation can be revoked, but also means that any authorization is automatically revoked the next time any other transaction is sent. To give an example, while EIP-3074 may allow a user to sign just one transaction in order to log into a Web3 game and buy and sell in-game items, if they were to pause the game and send some crypto to a friend, they'd have to reauthorize the game.
The change "Prevents a ton of use cases like standing limit orders and social recovery," wrote Adams.
Another change to the proposal restricts its ability to affect multiple chains at once. "The 'chainId' check means that even if you want the same authorization on the same contract across 34 chains you'll have to make a separate signature for every chain," wrote developer Philippe Dumonet in a post on X.
Ethereum's Pectra upgrade is expected to be ready late 2024 or early 2025, Beiko told CoinDesk.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitget Token (BGB) Price Dips 17% After Doubling This Week: Here’s Why
Analyst Predicts 471% Surge for XLM in Bullish Market
2025 Crypto Predictions: Bitcoin, Ethereum, Solana, and XRP Trends
Bitcoin Greed Eases as BTC Price Declines Towards Year-End