- Security concerns arise with EIP 3074’s capabilities, allowing potential complete asset drainage from wallets with compromised signatures.
- The upgrade includes a social recovery feature, eliminating traditional seed phrases and introducing new operational instructions, AUTH and AUTHCALL.
The Ethereum network is poised for a significant update with the planned introduction of the Pectra upgrade, slated for late 2024 or early 2025.
This update will incorporate Ethereum Improvement Proposal (EIP) 3074, which is designed to equip standard externally owned accounts (EOAs), such as those in MetaMask, with functionalities similar to smart contracts.
EIP-3074 allows for advanced operations like transaction bundling, where multiple transactions can be authorized with a single signature, and sponsored transactions, enabling one wallet to cover transaction costs for another. This resembles the account abstraction feature previously introduced in ERC-4337.
Read more: Ethereum Enthusiasts Invest in Pepecoin and New Promising AI Crypto
Despite the potential benefits, concerns have been raised about the security implications of these new features. A developer from DefiLlama, using the pseudonym 0xngmi, noted on the social media platform X that the new features could potentially allow a malicious party to empty an address of all its assets with a single compromised signature.
This is how the 3074 flow works:
– User signs a message (off-chain, not a tx)
– User or sponsor sends the message to an invoker contract as a tx
– Invoker uses AUTH and AUTHCALL to verify and call each target contract with the user's address as the sender pic.twitter.com/S0lLh0RnfT— cygaar (@0xCygaar) April 11, 2024
Additionally, Harrison Leggio, co-founder of Gaslite, commented on the security risks, emphasizing that financial risks are an inherent part of digital transactions.
downside of EIP 3074 is that now it'll be possible to fully drain an address (all tokens, all nfts, all defi positions…) with only one bad signature
— 0xngmi (@0xngmi) April 11, 2024
Laurence Day, a software engineer, pointed out the utility of the sponsored transactions feature, which enables assets to be stored in wallets that do not hold Ether, with another contract covering the transaction costs.
In seriousness, the most obviously useful application here is being able to store assets in a wallet that doesn’t hold Ether, since you can sponsor the gas from the contract that marionettes the EOA
This is very cool and long-needed
— laurence (@functi0nZer0) April 11, 2024
Related: Ethereum’s Restaking Service EigenLayer Sees Massive Inflows, Revolutionizes Blockchain Security
The update also introduces a social recovery feature, doing away with the need for traditional seed phrases by adding two new operating instructions—AUTH and AUTHCALL—to turn regular wallets into smart contracts.
This is part of Ethereum’s broader strategy to enhance network efficiency and user experience following its recent Dencun update, which reduced transaction fees on layer-2 solutions.
The current price of Ethereum (ETH-USD) is approximately $3,215.82, experiencing a slight decrease of 0.26% as of the latest update.
