SlowMist Issues Security Advisory for Potential New Risks After Ethereum Pectra Upgrade

BlockBeats News, May 8th, cybersecurity firm SlowMist issued a post regarding the potential new risks brought by the Ethereum Pectra upgrade:

For users: Private key protection should always be a top priority. Be aware that the contract code at the same address on different chains may not always be the same. Before taking any action, understand the detailed information of the delegated target.

For wallet providers: Check if the delegated chain matches the current network. Remind users to be cautious of the risk associated with using a delegation signature with chainID 0, as this signature may be replayed on a different chain. Display the target contract when users sign a delegation to reduce the risk of phishing attacks.

For developers: Ensure to perform permission checks during wallet initialization (e.g., verifying the signature address via ecrecover). Follow the namespace formula proposed in ERC-7201 to mitigate storage collisions. Do not assume that tx.origin is always an externally owned account (EOA); using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective. Ensure that the target contract delegated by the user has implemented the necessary callback functions to ensure compatibility with mainstream tokens.

For centralized exchanges: Track and inspect deposits to reduce the risk of false deposits from smart contracts.