SlowMist Issues Security Alert on Potential New Risks Following Ethereum Pectra Upgrade

On May 8, the security company SlowMist issued a reminder about potential new risks brought by the new features after the Ethereum Pectra upgrade:

For users: Private key protection should always be a top priority. Be aware that the contract code at the same contract address on different chains may not always be the same. Understand the details of the delegation target before proceeding;

For wallet providers: Check whether the delegation chain matches the current network, and remind users of the risks associated with using delegation signatures with chainID 0, as such signatures may be replayed on different chains. Display the target contract when users sign a delegation to reduce the risk of phishing attacks;

For developers: Ensure permission checks are performed during wallet initialization (e.g., verifying the signature address through ecrecover), and follow the namespace formula proposed in ERC-7201 to mitigate storage conflicts. Do not assume that tx.origin is always an externally owned account (EOA); using msg.sender == tx.origin as a means to defend against reentrancy attacks will no longer be effective. Ensure that the target contract delegated by the user implements the necessary callback functions to ensure compatibility with mainstream tokens.

For centralized trading platforms: Conduct tracking checks on deposits to reduce the risk of false deposits from smart contracts.