Ethereum's Pectra upgrade to bring smart contract functionality to wallets as experts debate EIP-3074

After a wait of nearly four years since its initial proposal, Ethereum ETH -9.56% developers have set their sights on including EIP-3074 in Ethereum's next upgrade, nicknamed Pectra, which is expected later this year. 

EIP-3074 brings a host of user experience improvements to typical wallets by allowing certain functions to be delegated to smart contracts. This enables functionality like approving a large batch of transactions all at once, paying gas in different ERC20 tokens, enhanced security or account recovery, and more. However, the upgrade is still a step away from full account abstraction, as the delegated wallet cannot initiate transactions. 

"All things considered, teams were in agreement about moving forward in the EIP. 3074 will be included in Pectra," wrote Tim Beiko, protocol support lead at the Ethereum Foundation, in a post on X. 

However, developers have also flagged that EIP-3074 enables a new vulnerability: a single malicious transaction has the capability of draining a user's entire wallet through a batched transaction. While the prospect appears terrifying, some experts have reassured users that good wallet design can help eliminate the potential risk.

"I’m not aware of a consumer wallet today that is vulnerable to this [risk]. That was an early research audit task," wrote Dan Finlay, co-founder of MetaMask, in a post on X. "All a wallet has to do to eliminate this risk is to disallow blind signing opaque hashes, and also not allow signing with this reserved prefix."

"[The] upside is forcing wallets to improve UX around this such that more actions are recognized as explicitly safe and arbitrary unknown stuff is made to feel super scary," agreed Uniswap founder Hayden Adams. 

Two Major Caveats

Other developers have expressed qualms with the proposal's latest incarnation since it was modified from the original in order to attract support .

One modification makes it so that the account delegation can be revoked, but also means that any authorization is automatically revoked the next time any other transaction is sent. To give an example, while EIP-3074 may allow a user to sign just one transaction in order to log into a Web3 game and buy and sell in-game items, if they were to pause the game and send some crypto to a friend, they'd have to reauthorize the game. 

The change "Prevents a ton of use cases like standing limit orders and social recovery," wrote Adams. 

Another change to the proposal restricts its ability to affect multiple chains at once. "The 'chainId' check means that even if you want the same authorization on the same contract across 34 chains you'll have to make a separate signature for every chain," wrote developer Philippe Dumonet in a post on X. 

Ethereum's Pectra upgrade is expected to be ready late 2024 or early 2025, Beiko told CoinDesk.