GoPlus: Recently, EIP-7702 has triggered multiple contract attacks. It is recommended that the project party strengthen measures such as flash loan attack protection

PANews reported on July 9 that according to security agency GoPlus, many recent contract attack cases have used EIP-7702 features to bypass on-chain security check mechanisms, including msg.sender == tx.origin and msg.sender == _owner, resulting in flash loan attacks and price manipulation, with losses reaching nearly one million US dollars. Case analysis shows that attackers authorized attacks through malicious delegators, affecting well-known DeFi projects including QuickConverter @QuickswapDEX and multiple CSM funding pools.

The implementation of EIP-7702 enables EOA addresses to have smart contract capabilities, and traditional security logic becomes invalid. GoPlus recommends that project owners strengthen protection against flash loan attacks and reentry attacks, reconstruct EOA inspection and permission management logic, and continue to pay attention to the delegator authorization of administrator addresses to prevent potential risks.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
3 hour ago
9 hour ago
12 hour ago
15 hour ago
15 hour ago
18 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读