As the pectra upgrade of the atherium comes closer, the Will Henesi of the Alchemi talked about why EIP -7702 is not for beginners and should be known about blockchain developers.
Etharium developers have announced that the much -awaited pectra upgrade will be launched on 8 April. Update atherium transactions will introduce new mechanisms aimed at increasing the processing speed, reducing gas fees and adding smart accounts, which can simultaneously perform several transactions and pay gas fee with separate cryptocurites.
While the update is ready to be live on the mennet in April, it has already been rolled out on the Holesky Testnet of the Atherium, although the rollout has faced some challenges, including issues with translating and unexpected delays.
Crypto.news spoke with the Blockchain Infrastructure Company’s Alchemy product manager Will Henesi, to find out if the upgrade brings any hidden threat and why he believes that an important part of the pectra is not suitable for beginners, and whether it needs to know what wallet processes are needed.
CN: Ethereum eventually wants to act every wallet like a smart contract, and the 2025 Pectra upgrade (EIP-7702) seems to play a big step in that direction, as it will allow regular wallets to run a smart contract code without the need of a full account overhaul. But does this update not make it easy for bad actors to hide malicious smart contracts as a regular EOA?
With: EIP-7702 does not actually make it easy to hide malicious contracts. here’s why:
The delegation mechanism requires a clear user authority – nothing happens automatically or without user awareness. The owner of EOA will actively choose to hand over control to a smart contract through a specific signature. This delegation is permanent until it is clearly canceled.
It is important to understand that the private key of EOA retains complete control and can override the smart account behavior. This is actually a safety feature – if a user finds out that they are assigned to a malicious contract, they can always use the private key of their EOA to cancel the delegation.
This is why we do not recommend EIP-7702 for new users-it is better to start with pure smart accounts for them that allow safe key rotation and multi-compress policies that cannot be bypassed. EIP-7702 is the most valuable to upgrade the existing EOA wallet that already has property or history, making them access to smart contract features in a controlled manner.
For wallet providers, we recommend implementing clear security measures:
- Visual indicators when users bypass smart account security.
- Check the automatic reputation for representative contracts.
- Chain-specific warning when the delegation varies in the state network.
Therefore, while EIP-7702 connects new abilities in EOAs, its design includes safety ideas and maintains user control through clear authority and cancellation options. It is not easy to run an arbitrary code to the goal – it is to enable the existing wallet to safely access smart contract features.
CN: Can EIP-7702 lead the growth in fishing scams, given that EOAS can now execute the smart contract logic?
With: While EIP-7702 adds new functionality to EOAs, it does not naturally increase the fishing risk. The main point is that the EOA owner still needs a clear authority to execute the smart contract logic.
Prefer to add account recovery to your email – it adds new functionality but does not make your account more weak. In fact, EIP-7702 can help make the wallet more secure by enabling better security facilities:
- Session keys for limited time authorities.
- Social recovery options.
- More sophisticated transactions verification.
- The ability to determine the spending range and other safety controls.
Users maintain complete control through their EOA’s personal key, which can override or cancel any delegated functionality. This means that if a user identifies malicious behavior, they can immediately cancel access.
He said, wallet providers need to implement proper security measures:
- Clear user shows interface when smart contract features are used.
- Strong verification of representative contracts.
- Easy-to-understand delegation management.
- Apparent Warnings when users are bypassing smart account safety.
For users with existing EOA wallets who want these features, the upgrade path through EIP-7702 is actually easier than options such as creating new smart contract wallets and transferring all assets. Proper implementation by wallet providers and proper implementation by clear user education is how these new features work.
CN: Should we expect a blockchain providers such as alchemy – or even wallets to take steps with protection against such attacks?
With: Yes, security is our complete top priority. Our smart accounts have been fully audited, and we have been gaining important infrastructure for atherium ecosystem for 7 years. We will continue to maintain the same harsh security standards as we support the adoption of EIP-7702.
We are already helping to prepare apps with EIPS-7702 Support in Account Kit, our smart wallet toolkit for this infection.
CN: Why has the atherium taken so much time to bring an account for life?
With: The journey to keep in mind the abstraction in Ethereum has been organized for a good reason. How accounts at the protocol level require excessive care as it affects every user and application on the network.
Initial efforts of the account abstraction proposed more radical changes in the core architecture of the atherium. These proposals will require major amendments in the atherium virtual machine itself, which leads to important technical risk and implementation complexity.
Instead, the ecosystem took a step. The first ERC-4337 came, which enabled smart contract accounts-to work around the need for individually deep protocol changes. This allowed to refine the account abstract concepts in community testing and production.
Now with EIP-7702, we are seeing a more elegant solution that makes on those learns. Instead of completely restructuring, how accounts work, it enables EOAS to hand over the capabilities to smart contracts while maintaining the rear compatibility. This trusts users the security properties when unlocking new functionality.
Each stage requires comprehensive testing, safety audit and community consent. When you are working with a network securing the value of hundreds of billions, this measured approach is important for fundamental change. The target has been to expand the wallet capabilities without compromising the main security and reliability of the atherium.
Now what we are seeing is not just an account abstract, coming finally-this account is intangible, which has been informed by years of research, testing and real-world experience.
