Ethereum co-founder Vitalik Buterin has weighed in on the recent backlash surrounding EIP-7702, a key component of Ethereum’s upcoming Pectra upgrade.
Taking to the decentralized platform Warpcast, Buterin responded to a community discussion on potential vulnerabilities introduced by the new feature. The conversation stemmed from a post by @nftchance on X, which highlighted concerns about the potential abuse of arbitrary contract delegation.
Critics Warn of Loopholes Allowing Portfolio-Wiping Attacks
The critique centered on the fact that Ethereum wallets are blocking suspicious sites but may still allow delegations to malicious contracts—opening the door to phishing or complete wallet drain from a single signature.
The user warned:
“They’re going to allow arbitrary delegation that can result in complete portfolio loss in one signature.”
Buterin: Use Only Audited Contracts to Stay Secure
In response, Buterin clarified that delegation should be limited to a single, thoroughly-audited contract trusted by both the Ethereum community and wallet developers.
“The right way to use [EIP] 7702 is to delegate exactly one contract that is well reviewed by the wallet team and the Ethereum community,” Buterin posted on Warpcast.
What Is EIP-7702? An Overview of Temporary Smart Contract Behavior
EIP-7702 allows Externally Owned Accounts (EOAs) to temporarily act like smart contracts during a single transaction. This enables more advanced operations like gasless transactions, custom logic, and bundled interactions—without needing to convert the EOA to a contract account permanently.
Once the transaction ends, the account returns to its original EOA state.
Concerns Linger Over Potential Exploits Hidden in Delegation Logic
While the feature aims to improve account abstraction and transaction flexibility, critics warn that malicious actors could disguise exploits within contracts that behave normally under typical usage—but behave differently under specific scenarios.
Users fear that these delegated contracts, if not vetted properly, could lead to irreversible losses.
Pectra Upgrade Now Slated for April 21
Originally scheduled for May 7, the Pectra upgrade—which includes EIP-7702—is now expected to go live on April 21, according to the latest Ethereum Execution Layer Core Devs Meeting.
The upgrade will integrate delegated state support into Ethereum’s JSON-RPC, expanding what smart wallets can do.
EIP-7702 was co-authored by Vitalik Buterin, Ansgar Dietrich, Matt Garnett, and Sam Wilson to strengthen Ethereum’s compatibility with evolving smart contract use cases.
