Go to Home
Web3 security pattern.
Pectra Competition
Web3 security pattern.
What is the Pectra upgrade?
Pectra, Ethereum’s next major upgrade after Dencun (March 2024), is scheduled for early 2025 with 11 included EIPs.Scheduled for early 2025, Pectra follows the Dencun upgrade and introduces 11 EIPs to enhance Ethereum’s network.

What is the Pectra upgrade?

Table of Contents

Heading 2
Heading 3
Heading 4

Understanding the Ethereum Pectra Upgrade

Scheduled for early 2025, it is Ethereum's next major network improvement following the Dencun upgrade in March 2024. The Pectra upgrade, featuring 11 Ethereum Improvement Proposals (EIPs), focuses on three main goals:

  1. Fix Existing Issues: Address critical bottlenecks in Ethereum's performance.
  2. Enhance User Experience: Improve efficiency, interoperability, and security for users, validators, and dApps.
  3. Prepare for Future Upgrades: Lay the groundwork for scalability and data availability enhancements.

Pectra’s Key EIPs and Implications

  1. EIP-7702: Set EOA Account Code
    • Enables externally owned accounts (EOAs) to temporarily function as smart accounts, allowing for:
      • Transaction Batching: Combine multiple actions into a single transaction.
      • Gas Sponsorship: Accounts can pay gas fees for others using tokens like stablecoins.
      • Sub-Key Permissions: Grant limited account access to sub-keys for enhanced security.
    • Implications: Boosts convenience, efficiency, and security while progressing towards account abstraction.
  2. EIP-7251: Increase Validator Staking Limit
    • Raises the staking maximum from 32 ETH to 2,048 ETH to reduce the number of validators and network pressure.
    • Benefits:
      • Consolidates validators, reducing overhead costs.
      • Improves network efficiency and transaction finality.
      • Allows stakers to compound rewards and withdraw partially.
  3. EIP-7742: Dynamic Blob Count Adjustments
    • Optimizes blob handling introduced in the Dencun upgrade by enabling dynamic target and maximum blob limits.
    • Increases blob capacity from 3/6 to 6/9 to support Layer-2 transaction throughput and lower fees.
    • Challenges: Higher blob throughput may require increased bandwidth but studies show minimal impact on solo stakers.

The Pectra upgrade addresses immediate network needs and establishes a foundation for future improvements, such as full account abstraction and enhanced data scalability.These changes will improve efficiency, lower costs, and ensure Ethereum's sustainability as a decentralized platform, affirming it’s position as a leader in developer activity and blockchain innovation.

Pectra EIPs

EL/CL
EIP
Title
Objective/Impact
CL
7251
Increase the MAX_EFFECTIVE_BALANCE (MaxEB)
Increases the maximum effective balance of validators from 32 ETH to 2,048 ETH, which encourages consolidation of staked ETH, reduces inactive nodes, and relieves network pressure
EL
2537
Precompile for BLS12-381 curve operations
Boosts efficiency and security for zero-knowledge cryptography
CL
6110
Supply validator deposits
Shifts responsibility of validating new staked ETH deposits from CL to EL to shorten the delay of validator deposits and activation on Beacon Chain
CL
7002
EL triggerable withdrawals
Smart contracts on EL can trigger validator exits from staking without relying on validator operators, which provides flexibility for various staking applications
CL
7549
Move committee index outside attestation
Restructures how attestations are aggregated to reduce load on the validator node and reduce verification costs
EL
7685
General purpose EL requests
Shares EL-triggered requests with the CL to improve interoperability and communication
EL
7702
Set EOA account code
Enables EOAs to temporarily function as smart contract wallets
EL
2935
Serve historical block hashes from state
Reduces the amount of data that nodes need to store, which improves network efficiency; seen as a step to prepare for Verkle trees
EL
7623
Increase calldata cost
Increases calldata cost to reduce maximum block size to cater for additional blobs or potential block gas-limit increases

Security Implications of the Pectra Upgrade and its EIPs

The Pectra upgrade introduces several Ethereum Improvement Proposals (EIPs) that enhance Ethereum’s functionality, but they also introduce potential security risks. Below is an outline of key risks and proposed mitigations:

1. EIP-2935: Precompile for Historical Block Hashes

  • Risk: Minimal security concerns, as it only extends block history access.
  • Mitigation: No direct attack vectors introduced.

2. EIP-2537: Precompile for BLS12-381 Curve

  • Risk: Potential Denial of Service (DoS) attacks due to variable-sized input/output for cryptographic operations.
  • Mitigation: Gas calculations are structured to prevent excessive computation costs. The EIP includes implementation guidelines to handle edge cases securely.

3. EIP-7702: New Transaction Type for Loading SC Code into EOAs

This is the most security-sensitive upgrade, introducing significant risks:

A. Secure Delegation Risks

  • Attack Vector: Malicious contracts could trick users into delegating control over their EOA.
  • Scenario:
    • A user is prompted to sign a delegation transaction disguised as a normal interaction (e.g., a token swap).
    • The contract, controlled by an attacker, then gains control over the user's funds.
  • Mitigation:
    • Wallet providers should implement strong UI warnings when signing delegation transactions.
    • On-chain audit representations (EIP-7512) should be used to verify the contract being delegated to.

B. Breaking tx.origin Invariant

  • Attack Vector: EOAs delegating execution to smart contracts can bypass existing security mechanisms that rely on tx.origin == msg.sender, potentially enabling reentrancy attacks.
  • Mitigation:
    • Protocols must migrate to new versions that use alternative authentication methods rather than relying on tx.origin.

C. Front-Running Initialization

  • Attack Vector:
    • Unlike traditional contract deployments, delegation does not invoke a constructor, making accounts vulnerable to front-running attacks.
    • A malicious actor could initialize an EOA’s storage before its owner does, leading to unauthorized access.
  • Mitigation:
    • Developers should enforce explicit initialization checks and ensure only the EOA owner can initialize the contract.

4. EIP-7685: Smart Contract Requests to the Consensus Layer

  • Risk: Potential for smart contract-driven requests to introduce new exploit scenarios.
  • Mitigation:
    • Requests to the Consensus Layer are processed asynchronously, making it difficult to use them in an exploit.
    • The EIP includes gas calculations to prevent DoS risks.

While the Pectra upgrade introduces valuable features, the most critical security risks arise from EIP-7702, particularly around secure delegation, tx.origin assumptions, and front-running initialization. Wallet providers and developers must implement safeguards, such as robust UI warnings, contract audits, and improved authentication mechanisms, to mitigate these risks effectively.