After a nearly four-year wait since its initial proposal, Ethereum developers are now eyeing the inclusion of EIP-3074 in Ethereum’s upcoming upgrade, dubbed Pectra, slated for later this year.
EIP-3074 introduces a range of user experience enhancements to typical wallets by enabling certain functions to be delegated to smart contracts. This allows for functionalities such as approving a large batch of transactions simultaneously, paying gas fees in different ERC20 tokens, enhancing security or facilitating account recovery, among others. However, the upgrade falls short of full account abstraction, as the delegated wallet cannot initiate transactions.
“In light of all considerations, teams reached a consensus to proceed with EIP. 3074 will be integrated into Pectra,” wrote Tim Beiko, protocol support lead at the Ethereum Foundation, in a post on X.
However, developers have also raised concerns that EIP-3074 introduces a new vulnerability: a single malicious transaction could potentially drain a user’s entire wallet through a batched transaction. While this prospect may seem alarming, some experts have reassured users that robust wallet design can mitigate the associated risks.
“I’m not aware of a consumer wallet today that is vulnerable to this [risk]. That was an early research audit task,” stated Dan Finlay, co-founder of MetaMask, in a post on X. “All a wallet has to do to eliminate this risk is to disallow blind signing opaque hashes, and also not allow signing with this reserved prefix.”
“The upside is that it compels wallets to enhance UX around this issue, making more actions explicitly recognized as safe and treating arbitrary unknown actions as highly suspicious,” agreed Uniswap founder Hayden Adams.
Two Major Concerns
Other developers have expressed reservations about the latest iteration of the proposal since it was altered from the original version to garner support.
One modification allows for the revocation of account delegation but also automatically revokes any authorization the next time another transaction is sent. For instance, while EIP-3074 may enable a user to sign just one transaction to log into a Web3 game and conduct in-game item transactions, if they were to pause the game and send cryptocurrency to a friend, they would need to reauthorize the game.
“This change prevents various use cases like standing limit orders and social recovery,” remarked Adams.
Another alteration to the proposal limits its ability to impact multiple chains simultaneously. “The ‘chainId’ check means that even if you want the same authorization on the same contract across 34 chains, you’ll have to create a separate signature for each chain,” explained developer Philippe Dumonet in a post on X.
Ethereum’s Pectra upgrade is anticipated to be finalized by late 2024 or early 2025, according to Beiko’s statement to CoinDesk.