Ethereum Pectra Upgrade Prompts SlowMist Security Advisory

SlowMist, a prominent cybersecurity firm, has issued a security advisory highlighting potential new risks associated with the recent Ethereum Pectra upgrade. The advisory underscores the importance of heightened vigilance and proactive measures to mitigate these risks.
The advisory is directed at various stakeholders within the Ethereum ecosystem, including users, wallet providers, developers, and centralized exchanges. For users, the primary recommendation is to prioritize the protection of private keys and to thoroughly understand the details of any delegated targets before taking action. This is crucial because contract code at the same address on different chains may not always be identical, posing potential risks.
Wallet providers are advised to ensure that the delegated chain matches the current network and to remind users of the risks associated with using a delegation signature with chainID 0. This signature could be replayed on a different chain, leading to potential security breaches. Additionally, wallet providers should display the target contract when users sign a delegation to reduce the risk of phishing attacks.
Developers are urged to perform permission checks during wallet initialization, such as verifying the signature address via ecrecover. They are also advised to follow the namespace formula proposed in ERC-7201 to mitigate storage collisions. Developers should avoid assuming that tx.origin is always an externally owned account (EOA), as using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective. Ensuring that the target contract delegated by the user has implemented the necessary callback functions is also crucial for compatibility with mainstream tokens.
Centralized exchanges are encouraged to track and inspect deposits to reduce the risk of false deposits from smart contracts. This proactive approach can help prevent potential fraudulent activities and ensure the integrity of transactions.
The Ethereum Pectra upgrade introduces several new features and improvements, but it also brings new security challenges. SlowMist's advisory serves as a timely reminder for all stakeholders to stay vigilant and take necessary precautions to safeguard their assets and operations in the evolving Ethereum ecosystem.

Comments
No comments yet