SlowMist: All parties need to pay attention to the new risks and countermeasures brought by Ethereum's new features

Security company SlowMist stated on X platform that Ethereum's Pectra upgrade (EIP-7702) has now been launched - a significant leap forward, but the new features also bring new risks. The following are things that users, wallet providers, developers, and exchanges should pay attention to: For users: Private key protection should always be a top priority; Be aware that the contract code for the same contract address on different chains may not always be the same; Before carrying out the operation, it is necessary to understand the detailed information of the entrusted target. For wallet providers: check if the trust chain matches the current network; Remind users to be aware of the risks associated with using a delegated signature with chainID 0, as this signature may be replayed on different chains; Display the target contract when the user signs the commission to reduce the risk of phishing attacks. For developers: Ensure permission checks are performed during wallet initialization (e.g. verifying signature addresses through ecrecover); Follow the namespace formula proposed in ERC-7201 to alleviate storage conflicts; Do not assume that tx.origin is always an externally owned account (EOA), using msg.sender==tx.origin as a defense against re-entry attacks will no longer be effective; Ensure that the target contract entrusted by the user implements the necessary callback functions to ensure compatibility with mainstream tokens. For centralized exchanges (CEXs): Track and inspect deposits to reduce the risk of false deposits from smart contracts.