PANews reported on July 9 that according to security agency GoPlus, many recent contract attack cases have used EIP-7702 features to bypass on-chain security check mechanisms, including msg.sender == tx.originPANews reported on July 9 that according to security agency GoPlus, many recent contract attack cases have used EIP-7702 features to bypass on-chain security check mechanisms, including msg.sender == tx.origin
GoPlus: Recently, EIP-7702 has triggered multiple contract attacks. It is recommended that the project party strengthen measures such as flash loan attack protection
PANews reported on July 9 that according to security agency GoPlus, many recent contract attack cases have used EIP-7702 features to bypass on-chain security check mechanisms, including msg.sender == tx.origin and msg.sender == _owner, resulting in flash loan attacks and price manipulation, with losses reaching nearly one million US dollars. Case analysis shows that attackers authorized attacks through malicious delegators, affecting well-known DeFi projects including QuickConverter @QuickswapDEX and multiple CSM funding pools.
The implementation of EIP-7702 enables EOA addresses to have smart contract capabilities, and traditional security logic becomes invalid. GoPlus recommends that project owners strengthen protection against flash loan attacks and reentry attacks, reconstruct EOA inspection and permission management logic, and continue to pay attention to the delegator authorization of administrator addresses to prevent potential risks.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO
The post Aave DAO to Shut Down 50% of L2s While Doubling Down on GHO appeared on BitcoinEthereumNews.com. Aave DAO is gearing up for a significant overhaul by shutting down over 50% of underperforming L2 instances. It is also restructuring its governance framework and deploying over $100 million to boost GHO. This could be a pivotal moment that propels Aave back to the forefront of on-chain lending or sparks unprecedented controversy within the DeFi community. Sponsored Sponsored ACI Proposes Shutting Down 50% of L2s The “State of the Union” report by the Aave Chan Initiative (ACI) paints a candid picture. After a turbulent period in the DeFi market and internal challenges, Aave (AAVE) now leads in key metrics: TVL, revenue, market share, and borrowing volume. Aave’s annual revenue of $130 million surpasses the combined cash reserves of its competitors. Tokenomics improvements and the AAVE token buyback program have also contributed to the ecosystem’s growth. Aave global metrics. Source: Aave However, the ACI’s report also highlights several pain points. First, regarding the Layer-2 (L2) strategy. While Aave’s L2 strategy was once a key driver of success, it is no longer fit for purpose. Over half of Aave’s instances on L2s and alt-L1s are not economically viable. Based on year-to-date data, over 86.6% of Aave’s revenue comes from the mainnet, indicating that everything else is a side quest. On this basis, ACI proposes closing underperforming networks. The DAO should invest in key networks with significant differentiators. Second, ACI is pushing for a complete overhaul of the “friendly fork” framework, as most have been unimpressive regarding TVL and revenue. In some cases, attackers have exploited them to Aave’s detriment, as seen with Spark. Sponsored Sponsored “The friendly fork model had a good intention but bad execution where the DAO was too friendly towards these forks, allowing the DAO only little upside,” the report states. Third, the instance model, once a smart…
Share
BitcoinEthereumNews2025/09/18 02:28
The "1011 Insider Whale" has added approximately 15,300 ETH to its long positions in the past 24 hours, bringing its total account holdings to $723 million.
PANews reported on December 15th that, according to Hyperbot data, the "whale that opened short positions after the flash crash on October 11th" has added approximately
Share
PANews2025/12/15 17:19
Xinjiang Mining Shutdown Sparks Network Security Concerns
The post Xinjiang Mining Shutdown Sparks Network Security Concerns appeared on BitcoinEthereumNews.com. Bitcoin Hashrate Plummets 8%: Xinjiang Mining Shutdown Sparks
Share
BitcoinEthereumNews2025/12/15 16:50