Vitalik Buterin Addresses Security Concerns Over EIP-7702

April 11, 2025 BACK TO NEWS

Vitalik Buterin advises caution on Ethereum’s EIP-7702 upgrade due to security risks, urging users to review contracts carefully - IcoHolder.

Ethereum co-founder Vitalik Buterin has urged caution amid security concerns surrounding the protocol's latest upgrade, EIP-7702. In a recent post shared on decentralized social media platform Warpcast, Buterin responded to community worries regarding the potential vulnerabilities introduced by the upgrade.

The concern was raised by a user on X, who highlighted that while some wallets block suspicious websites, they still allow delegations for potentially fraudulent contracts. This, the user argued, could expose Ethereum users to phishing attacks and other security risks. The user pointed out that delegating control of assets to these unverified contracts could result in significant financial loss with just one signature.

In response, Buterin recommended that users only delegate to contracts that have been thoroughly reviewed and audited by trusted wallet teams and the broader Ethereum community. "The right way to use [EIP] 7702 is to delegate exactly one contract that is well reviewed by the wallet team and the Ethereum community, and have that contract implement the remaining logic in a safe way," he advised.

EIP-7702 introduces a new feature that allows Externally Owned Accounts (EOAs) to temporarily function as smart contract accounts during a single transaction. This feature enables more complex operations, such as gas sponsorships, batch transactions, and custom logic execution, without requiring users to convert their EOAs into permanent smart contract accounts. After the transaction is completed, the EOA reverts to its original state, simplifying advanced transactions for users.

However, the upgrade has raised concerns about potential security exploits. Since attackers could potentially create seemingly safe contracts that conceal vulnerabilities, users remain wary of falling victim to phishing scams, especially if the system mistakenly delegates control to fraudulent contracts.

EIP-7702 is part of the broader Pectra upgrade, which was initially set to launch on the Ethereum mainnet on May 7. However, according to the latest Ethereum Execution Layer Core Developers Meeting, the Pectra client upgrade, including EIP-7702, is now expected to launch on April 21.

Buterin co-authored EIP-7702 alongside Ansgar Dietrich, Matt Garnett, and Sam Wilson to enhance Ethereum's synergy with smart contract functionalities, though it remains clear that users must exercise caution when interacting with the new system.