EIP-7702 Defense Checklist: Keep These Security Tips Handy

Recently, EIP-7702 authorization/signature-related attacks have significantly increased.

Meanwhile, wallet companies, crypto security companies, and risk control services are rapidly launching corresponding features (parsing, alerting, blocking, revocation, and monitoring).

This article will summarize the currently implemented and directly usable 7702 protection measures and supported applications—from wallets to security plugins, and even on-chain monitoring and team tools, to help you quickly select and get started.

1/ GoPlus (@GoPlusSecurity): GoPlus's transaction simulation API currently supports EIP-7702 attack detection, providing a convenient detection tool at the infrastructure level. Users with strong hands-on abilities can also use it themselves.

2/ Revoke.cash (@RevokeCash): As a widely used tool for users to revoke authorizations, Revoke is often recommended in many contract vulnerability incidents. Currently, Revoke only supports EIP-7702 authorization detection. If you want to revoke the authorization, you must go to the wallet you are using to do so.

3/ OneKey (@OneKeyHQ): OneKey also supported EIP-7702 signature parsing at the end of August. Simply put, if you are using a OneKey hardware wallet, every 7702 signature will be clearly displayed on your hardware wallet. Please carefully review the related transactions you are authorizing.

4/ Blockaid (@blockaid_): Blockaid provides an enterprise solution for wallet application development and DApp development. It helps developers quickly and securely onboard EIP-7702 features by simulating transaction parsing to detect malicious proxy contracts.

5/ Quick authorization detection website: eip7702[.]app. This is a quick detection website designed by the crypto company Curvegrid (@curvegridinc) (note: do not link your wallet, just enter the address for detection).

6/ It is worth noting that many wallet applications that already support EIP-7702 will conduct security evaluations of related authorized proxy contracts and restrict user interaction to trusted secure contracts. When users interact with external DApps, they will be prompted whether to upgrade their account when encountering EIP-7702 related signatures, which serves as a reminder to users to some extent.

7/ If you are a researcher or data analyst and want a deeper understanding of this type of transaction and related attacks, you can currently view all EIP-7702 authorization transaction records separately on Etherscan.

image.png

At the same time, Wintermute (@wintermute_t) discovered several months ago that hackers were extensively using EIP-7702 to carry out attacks. Through their Dune dashboard, you can clearly observe the current use cases of EIP-7702 (https://dune.com/wintermute_research/eip7702).

In summary, whether you are a user or a developer, please prioritize products that genuinely care about security.