EIP-3074 is a potential DISASTER 🚨
An upgrade that brings a lot of utility to Ethereum accounts
But also arguably makes security MUCH worse
Let’s dive into the benefits and downsides ⬇️
The main idea behind EIP-3074 is to give the user more functionality and provide for a better UX
How it does this is by giving your public and private key pair(EOAs) SC type functionality
Allowing for batch txs, free txs(paid by 3rd party), automatic approval, and more
Do you see a problem yet? 🙄
If not, keep reading…
Yes, it does solve some issues such as needing ETH to do a tx or having to sign an approval separately
But welcome to 2020 #ETH!
The harsh truth is that EIP-3074 brings a lot of features that are already found on many other ⛓️
Let’s use @MultiversX as an example…
Batch tx - Available since launch in 2020
Free tx - Yep, also in 2020 and called metatransactions
No approval signing - #OnlyOnEVM 🤦♂️
These are not unique to just #MultiversX too but also @Cardano @SuiNetwork @Algorand
And other networks that have native assets or object oriented assets
Something that should be required and the standard in the space!
Find out why here ⬇️
twitter.com/dbcrypt0/status/1732766792412463140?s=46&t=OWWPk2bYT63xTNLVjVXe7Q
Anyways, I won’t dive into the specifics on how this works
You can find plenty of threads probably by now on the tech of it if interested
But not many that will mention the MASSIVE downsides! 🤔
Primarily one and that is that it is now even EASIER for hackers to drain your ENTIRE WALLET!
All because you sign an off-chain tx to give control of your account to a smart contract
These smart contracts are called “Invokers”
twitter.com/0xngmi/status/1778539816180965778?s=46&t=OWWPk2bYT63xTNLVjVXe7Q
Yes, I know…
Never click unknown links, always use a burner, hop on one foot, pick your nose and cross your fingers
Blah blah blah…the typical crap “security experts” and even industry leaders recommend
Mainly due to ignorance or bag bias
But the space does have better standards
FAR better standards in fact and ones that are immune to wallet drains and other attacks
Such as the ESDT on @MultiversX
Anyways, you know how we typically see dozens of drains often totaling more than $2 million/day?
Well that is likely going to increase
Possibly by A LOT too
Follow @realScamSniffer to see how often these happen
Here is their report from March ⬇️
twitter.com/realscamsniffer/status/1774963876968436156?s=46&t=OWWPk2bYT63xTNLVjVXe7Q
As if all that wasn’t enough, since the tx you sign is off-chain, it seems you may not be able to revoke it
You know that site revoke.cash #ETH maxis recommend to use to remove approval?
I hear that won’t be possible(not 100%)
So maybe you’ll be drained in 6 months rather than immediately!
Is that a win? 🤔
Some will argue that wallets will continue to build in security measures to warn users ⚠️
But you know what?
Massive amounts of money are on the line
And hackers are likely FAR more incentivized to outwork devs and find ways to spoof front ends
This isn’t web2 where a computer virus may give a hacker access to some personal info
This is web3 where people have millions and billions of $ on the line ripe for the taking
And good ‘ol #ETH makes it even easier for them
Great job 👏
One last thing too, but just a minor one and no biggie
EIP-3074 may make some reentrancy checks fail
So those big 8 and 9 figure hacks we see due to re-entrancy issues
Well they may just get worse and more frequent too 😂
But hey, #ETH users can now batch transactions and save some time not having to approve everything
It may just cost millions if not billions in drained wallets but that’s a solid tradeoff, right?
So glad to see the industry innovating and moving forward! /s
DBCrypto
@DBCrypt0
Educate. Grow. Connect. Co-host of @xSpac3s Video/content creator - DM for info. HeroTag: DBCrypto - MvXLibrary.com
