Pectra升级叉子以太坊区块链，引入了新功能和漏洞

以太坊区块链今天针对其Pectra代码更改而分配，并引入了一系列新功能，升级和脆弱性。

The Ethereum blockchain underwent a planned code change, known as Pectra, which brought a suite of new features, upgrades, and unfortunately, also some vulnerabilities.

以太坊区块链进行了计划的代码更改，称为Pectra，它带来了一套新功能，升级，不幸的是，也带来了一些漏洞。

This new set of opcodes will be used for an upcoming version of Ethereum Improvement Proposal (EIP) 3074. The proposal aims to introduce a new authorization pattern.

这套新的Opcodes将用于即将推出的以太坊改进建议（EIP）3074。该提案旨在引入新的授权模式。

It is an important step towards account abstraction, which is being brought to Ethereum in later phases with further upgrades.

这是迈向账目抽象的重要一步，这是在以后的阶段带到以太坊的，并进一步升级。

However, some critics say it will open up new phishing attack vectors that could allow an entire user’s account to be stolen if they accidentally delegate control of their key.

但是，一些批评家说，它将打开新的网络钓鱼攻击媒介，如果他们不小心将其钥匙的控制权委派给了整个用户的帐户。

pectra pros:>approve spend then swap is deadpectra cons:>signing messages just got a whole lot spicier

Pectra Pros：>批准支出然后交换是Deadpectra Cons：>签署消息变得更加辣

Credit: EIP-3074 authors

学分：EIP-3074作者

The authors of EIP-3074, which is part of the Pectra upgrade, are introducing new AUTH and AUTHCALL Ethereum operation codes.

EIP-3074的作者是Pectra升级的一部分，它引入了新的Auth和Authcall Etherereum操作代码。

These opcodes will allow the holder of an Ethereum private key to delegate authorization to a smart contract.

这些操作码将允许以太坊私钥的持有人将授权委托给智能合约。

The authors of the EIP, which is part of the Pectra upgrade, are introducing new AUTH and AUTHCALL Ethereum operation codes.

EIP的作者是Pectra升级的一部分，正在引入新的AUTH和Authcall Ethereum操作代码。

These opcodes will allow the holder of an Ethereum private key to delegate authorization to a smart contract.

这些操作码将允许以太坊私钥的持有人将授权委托给智能合约。

It is an important step towards account abstraction, which is being brought to Ethereum in later phases with further upgrades.

这是迈向账目抽象的重要一步，这是在以后的阶段带到以太坊的，并进一步升级。

However, some critics say it will open up new phishing attack vectors that could allow an entire user’s account to be stolen if they accidentally delegate control of their key.

但是，一些批评家说，它将打开新的网络钓鱼攻击媒介，如果他们不小心将其钥匙的控制权委派给了整个用户的帐户。

pectra pros:+ approve spend then swap is deadpectra cons:signing messages just got a whole lot spicier

Pectra Pros：+批准支出然后交换是Deadpectra Cons：签署消息变得更加辣

Careful signing Ethereum transactions and messages

仔细签署以太坊交易和消息

According to a post on Binance, the authors of EIP-3074 are trying to calm fears. They claimed they are "unaware" of any wallet that would allow signing of improperly prefixed messages without a user warning.

根据Binance的一篇文章，EIP-3074的作者正试图平息恐惧。他们声称，他们“不知道”任何钱包，允许在没有用户警告的情况下签署不当前缀的消息。

Transactions use the prefix 0x04, and the authors of the EIP hope that all major Ethereum wallets will put 0x04 messages in a way that will alert the user about their expansive power to authorize multiple withdrawals.

交易使用前缀0x04，EIP的作者希望所有主要的以太坊钱包都会以一种将0x04消息列出的方式，该消息将提醒用户有关其广泛的功率以授权多次提款。

“The caller field in the EIP-3074 signature is very important. A bad caller could steal your funds.”

“ EIP-3074签名中的呼叫者字段非常重要。不良的呼叫者可以窃取您的资金。”

Today's Pectra fork also added EIP-7702, which is increasing the stakes even higher.

当今的Pectra叉还增加了EIP-7702，它正在增加赌注。

With the power of EIP-7702, a single malicious signature can temporarily delegate someone’s entire account to a third-party smart contract.

借助EIP-7702的力量，单个恶意签名可以将某人的整个帐户暂时委托给第三方智能合约。

If that contract is malicious, it could potentially drain all assets (ETH, tokens, NFTs) in one go.

如果该合同是恶意的，那么它可能会一口气耗尽所有资产（ETH，代币，NFT）。

As opposed to pre-Pectra Ethereum transactions, the possible attack surface for victims is broader with EIP-7702 because externally owned accounts (EOAs) are now exposed to third-party temporary smart contract vulnerabilities.

与eptra前的以太坊交易相比，受害者可能的攻击表面在EIP-7702中更广泛，因为外部账户（EOAAS）现在暴露于第三方临时智能合同脆弱性。

This temporary delegation of executable code was not a concern before Pectra.

在Pectra之前，这个暂时的可执行代码代表团并不关心。

Although warnings are proliferating across social media, there are no reports yet of a successful theft of funds using the new Pectra-enabled attack vector.

尽管警告在整个社交媒体上都在激增，但尚无报道说，使用新的支持pectra的攻击载体成功盗窃了资金。

Most wallet providers like MetaMask were prepared for Pectra and added prominent warnings for EIP-3074 message signings.

大多数钱包提供者（如MetAmask）都是为Pectra准备的，并为EIP-3074留言签名添加了突出的警告。