BlockBeats News, May 8th, cybersecurity firm SlowMist issued a post regarding the potential new risks brought by the Ethereum Pectra upgrade:
For users: Private key protection should always be a top priority. Be aware that the contract code at the same address on different chains may not always be the same. Before taking any action, understand the detailed information of the delegated target.
For wallet providers: Check if the delegated chain matches the current network. Remind users to be cautious of the risk associated with using a delegation signature with chainID 0, as this signature may be replayed on a different chain. Display the target contract when users sign a delegation to reduce the risk of phishing attacks.
For developers: Ensure to perform permission checks during wallet initialization (e.g., verifying the signature address via ecrecover). Follow the namespace formula proposed in ERC-7201 to mitigate storage collisions. Do not assume that tx.origin is always an externally owned account (EOA); using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective. Ensure that the target contract delegated by the user has implemented the necessary callback functions to ensure compatibility with mainstream tokens.
For centralized exchanges: Track and inspect deposits to reduce the risk of false deposits from smart contracts.
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.