安全公司慢雾在 X 平台表示,以太坊的 Pectra 升级(EIP-7702)现已上线——这是一次重大飞跃,但新功能也带来了新风险。以下是用户、钱包提供商、开发者和交易所应注意的事项: 对于用户:私钥保护应始终是重中之重;要意识到,在不同链上的同一合约地址,其合约代码可能并不总是相同的;在进行操作前,要了解委托目标的详细信息。 对于钱包提供商:检查委托链是否与当前网络匹配;提醒用户注意使用 chainID 为 0 的委托签名所带来的风险,这种签名可能在不同的链上被重放;在用户签署委托时显示目标合约,以降低钓鱼攻击的风险。 对于开发者:确保在钱包初始化期间执行权限检查(例如,通过 Ecrecover 验证签名地址);遵循 ERC-7201 中提出的命名空间公式,以缓解存储冲突;不要假设 Tx.Origin 始终是外部拥有账户(EOA),使用 Msg.Sender == Tx.Origin 作为防御重入攻击的手段将不再有效;确保用户委托的目标合约实现了必要的回调函数,以确保与主流代币兼容。 对于中心化交易所(CEXs):对存款进行追踪检查,以降低来自智能合约的虚假存款风险。
慢雾:各方需注意以太坊 Pectra 升级后新功能带来的新风险
趋势预测者
05-08 19:21
Follow
DisclaimerAll content on this website, hyperlinks, related applications, forums, blog media accounts, and other platforms published by users are sourced from third-party platforms and platform users. BiJieWang makes no warranties of any kind regarding the website and its content. All blockchain-related data and other content on the website are for user learning and research purposes only, and do not constitute investment, legal, or any other professional advice. Any content published by BiJieWang users or other third-party platforms is the sole responsibility of the individual, and has nothing to do with BiJieWang. BiJieWang is not responsible for any losses arising from the use of information on this website. You should use the related data and content with caution and bear all risks associated with it. We strongly recommend that you independently research, review, analyze, and verify the content.
No comments yet