Controversy Surrounding EIP-3074 Integration into Pectra Hard Fork
EIP-3074 is designed to enhance wallet management and transactions on Ethereum, aiming for greater convenience and security. Despite substantial support for this proposal, concerns have been raised regarding its security implications.
Controversy Surrounding EIP-3074 Integration into Pectra Hard Fork
EIP-3074, acclaimed for significantly improving wallet user experience on Ethereum, has been officially merged into the Pectra update following a decision from the Ethereum development team's meeting on April 12.
EIP-3074 enables individual wallets (EOA) to operate like smart contracts without requiring contract deployment, utilizing two new EVM commands: AUTH and AUTHCALL. This proposal aims to streamline complexity and increase transaction flexibility on Ethereum by:
Transaction bundling: Users can bundle multiple transactions and authenticate them once.
EIP-3074 is coming in the next Ethereum hard fork.
— Georgios Konstantopoulos (@gakonst) April 11, 2024
This is a big deal. Wallet UX will 10x.
Congratulations to Ethereum and the EIP-3074 sponsors.
Reth has already implemented and tested it. We are fans.
Let's go. https://t.co/lUiK2kb3UT
Third-party transaction fee payment: This allows dApps to pay gas fees on behalf of users, reducing the burden of Ethereum transaction costs.
There are several downsides to 3074 that we should be cognizant of.
— cygaar (@0xCygaar) April 11, 2024
The biggest one is around invokers - these need to be fully audited, non-upgradeable, and trustless otherwise user's funds easily be stolen.
Additionally, some existing reentrancy checks may not work with 3074. pic.twitter.com/3XDBp6TATi
Backup tools for wallet recovery in case users forget their private keys.
Georgios Konstantopoulos, CTO of Paradigm, views EIP-3074 as "a major leap. Wallet user experience will be improved tenfold."
However, the Ethereum community has voiced limitations and risks associated with EIP-3074.
As previously reported by Coin68, concerns have surfaced that inadequate scrutiny of the Invoker stage - where transaction delegation and packaging are processed - could pose security risks.
so EIP-3074 will:
— DCinvestor (@iamDCinvestor) April 11, 2024
- allow for “bundling” of multiple transactions so you only have to sign from your wallet once
- allow for apps to pay for gas on their users’ behalf
- will be deployed on L1 and probably every EVM L2
what else to know @josephdelong (for non-devs)?
"There are several downsides to 3074 that we should be cognizant of," noted cygaar, highlighting concerns around potential unauthorized Invoker activity leading to asset loss.
Itamar Lesuisse, co-founder of Argent Wallet, pointed out that EIP-3074 may introduce significant vulnerabilities. "It should allow a scammer to drain your entire wallet with a single offchain signature," he cautioned, raising security concerns about batch transaction features introduced by EIP-3074.
Mudit Gupta, Chief Information Security Officer at Polygon Labs, advocated for banning EIP-3074's MAGIC signatures to protect wallets, citing concerns about the merging of transactions potentially compromising cold wallets.
Henlo wallets, please add feature to ban EIP-3074 MAGIC signatures on per wallet basis.
— Mudit Gupta (@Mudit__Gupta) April 12, 2024
For security reasons, I do not want to expose my cold wallets to AA batching.
Lukas Schor, co-founder of Safe, who has supported ERC-4337, expressed concerns that while EIP-3074 represents a step in the right direction, it lacks a clear roadmap to achieve "full account abstraction" and could adversely impact the implementation of account abstraction.
Despite these diverging viewpoints, EIP-3074 has been decided to be part of the upcoming Pectra update. Additionally, within the Pectra hard fork, the Ethereum community has proposed the addition of EIP-7251. This proposal aims to increase the limit of ETH that can be staked, thereby enhancing the Validator setup process for operators.
