Pectra升級叉子以太坊區塊鏈，引入了新功能和漏洞

以太坊區塊鏈今天針對其Pectra代碼更改而分配，並引入了一系列新功能，升級和脆弱性。

The Ethereum blockchain underwent a planned code change, known as Pectra, which brought a suite of new features, upgrades, and unfortunately, also some vulnerabilities.

以太坊區塊鏈進行了計劃的代碼更改，稱為Pectra，它帶來了一套新功能，升級，不幸的是，也帶來了一些漏洞。

This new set of opcodes will be used for an upcoming version of Ethereum Improvement Proposal (EIP) 3074. The proposal aims to introduce a new authorization pattern.

這套新的Opcodes將用於即將推出的以太坊改進建議（EIP）3074。該提案旨在引入新的授權模式。

It is an important step towards account abstraction, which is being brought to Ethereum in later phases with further upgrades.

這是邁向賬目抽象的重要一步，這是在以後的階段帶到以太坊的，並進一步升級。

However, some critics say it will open up new phishing attack vectors that could allow an entire user’s account to be stolen if they accidentally delegate control of their key.

但是，一些批評家說，它將打開新的網絡釣魚攻擊媒介，如果他們不小心將其鑰匙的控制權委派給了整個用戶的帳戶。

pectra pros:>approve spend then swap is deadpectra cons:>signing messages just got a whole lot spicier

Pectra Pros：>批准支出然後交換是Deadpectra Cons：>簽署消息變得更加辣

Credit: EIP-3074 authors

學分：EIP-3074作者

The authors of EIP-3074, which is part of the Pectra upgrade, are introducing new AUTH and AUTHCALL Ethereum operation codes.

EIP-3074的作者是Pectra升級的一部分，它引入了新的Auth和Authcall Etherereum操作代碼。

These opcodes will allow the holder of an Ethereum private key to delegate authorization to a smart contract.

這些操作碼將允許以太坊私鑰的持有人將授權委託給智能合約。

The authors of the EIP, which is part of the Pectra upgrade, are introducing new AUTH and AUTHCALL Ethereum operation codes.

EIP的作者是Pectra升級的一部分，正在引入新的AUTH和Authcall Ethereum操作代碼。

These opcodes will allow the holder of an Ethereum private key to delegate authorization to a smart contract.

這些操作碼將允許以太坊私鑰的持有人將授權委託給智能合約。

It is an important step towards account abstraction, which is being brought to Ethereum in later phases with further upgrades.

這是邁向賬目抽象的重要一步，這是在以後的階段帶到以太坊的，並進一步升級。

However, some critics say it will open up new phishing attack vectors that could allow an entire user’s account to be stolen if they accidentally delegate control of their key.

但是，一些批評家說，它將打開新的網絡釣魚攻擊媒介，如果他們不小心將其鑰匙的控制權委派給了整個用戶的帳戶。

pectra pros:+ approve spend then swap is deadpectra cons:signing messages just got a whole lot spicier

Pectra Pros：+批准支出然後交換是Deadpectra Cons：簽署消息變得更加辣

Careful signing Ethereum transactions and messages

仔細簽署以太坊交易和消息

According to a post on Binance, the authors of EIP-3074 are trying to calm fears. They claimed they are "unaware" of any wallet that would allow signing of improperly prefixed messages without a user warning.

根據Binance的一篇文章，EIP-3074的作者正試圖平息恐懼。他們聲稱，他們“不知道”任何錢包，允許在沒有用戶警告的情況下簽署不當前綴的消息。

Transactions use the prefix 0x04, and the authors of the EIP hope that all major Ethereum wallets will put 0x04 messages in a way that will alert the user about their expansive power to authorize multiple withdrawals.

交易使用前綴0x04，EIP的作者希望所有主要的以太坊錢包都會以一種將0x04消息列出的方式，該消息將提醒用戶有關其廣泛的功率以授權多次提款。

“The caller field in the EIP-3074 signature is very important. A bad caller could steal your funds.”

“ EIP-3074簽名中的呼叫者字段非常重要。不良的呼叫者可以竊取您的資金。”

Today's Pectra fork also added EIP-7702, which is increasing the stakes even higher.

當今的Pectra叉還增加了EIP-7702，它正在增加賭注。

With the power of EIP-7702, a single malicious signature can temporarily delegate someone’s entire account to a third-party smart contract.

借助EIP-7702的力量，單個惡意簽名可以將某人的整個帳戶暫時委託給第三方智能合約。

If that contract is malicious, it could potentially drain all assets (ETH, tokens, NFTs) in one go.

如果該合同是惡意的，那麼它可能會一口氣耗盡所有資產（ETH，代幣，NFT）。

As opposed to pre-Pectra Ethereum transactions, the possible attack surface for victims is broader with EIP-7702 because externally owned accounts (EOAs) are now exposed to third-party temporary smart contract vulnerabilities.

與eptra前的以太坊交易相比，受害者可能的攻擊表面在EIP-7702中更廣泛，因為外部賬戶（EOAAS）現在暴露於第三方臨時智能合同脆弱性。

This temporary delegation of executable code was not a concern before Pectra.

在Pectra之前，這個暫時的可執行代碼代表團並不關心。

Although warnings are proliferating across social media, there are no reports yet of a successful theft of funds using the new Pectra-enabled attack vector.

儘管警告在整個社交媒體上都在激增，但尚無報導說，使用新的支持pectra的攻擊載體成功盜竊了資金。

Most wallet providers like MetaMask were prepared for Pectra and added prominent warnings for EIP-3074 message signings.

大多數錢包提供者（如MetAmask）都是為Pectra準備的，並為EIP-3074留言簽名添加了突出的警告。