EIP-7702

Introduction

The Ethereum Pectra upgrade recently went live, introducing EIP-7702, which solves many of the “wallet UX” issues the Ethereum Virtual Machine (EVM) community sees today. In this article, we’ll explore what EIP-7702 is, the problems it solves, how it works under the hood, and whether the “lose all your tokens in a single transaction” concern is legitimate.

• Proposal date: May 7, 2024
  
  
• Release date: April 21, 2025 (as part of the Ethereum Pectra upgrade)
  
  
• Authors:
  
  • Vitalik Buterin 
  • Sam Wilson 
  • Ansgar Dietrichs
  • lightclient 
    ‍

What is EIP-7702?

EIP-7702 proposes a new Ethereum transaction format (Type 4) that allows EOAs to temporarily “borrow” logic from smart contract wallets. Traditionally, EOAs are limited to simple operations like sending ETH or approving tokens, while smart contract wallets offer richer capabilities such as batching multiple actions and supporting gas sponsorship.

This proposal bridges that gap by letting EOAs delegate execution to a designated smart contract during a transaction. The account remains externally owned, but gains access to advanced functionality without permanently becoming a contract.

This delegation is achieved by encoding a special prefix and contract address into the EOA’s code field. When called, the EVM routes execution to the specified smart contract. Once the transaction is complete, the account can revert to its previous behavior or switch to a different delegate.

EIP-7702 is an essential step toward full account abstraction. It enhances the functionality of EOAs without compromising compatibility with existing infrastructure.
‍

The problem: too many clicks

In an era where even driving to get fast food feels too inconvenient, the Decentralized Finance (DeFi) community has been struggling with a clunky interaction model. Before the Pectra upgrade, interacting with DeFi protocols typically required multiple transactions:
‍

1. First, approve a token to be used by the protocol
   
   
2. Then, execute the actual transaction (deposit, swap, etc.)
   
   

This meant users had to:

• Click “confirm” multiple times
• Verify different transactions for correctness
• Experience “security fatigue” from checking too many transaction details
• Pay gas fees for each separate transaction
  ‍
  

To avoid this tedious process, many users would simply grant unlimited token approvals to protocols like Aave or Uniswap. While convenient, this created a significant security risk. If such a protocol were ever compromised, you could lose everything, since you gave them access to all your tokens.

If you want, you can watch the video of this article here.
‍

EIP-7702: the solution to multiple transactions

EIP-7702 creates a hybrid between two existing account types in Ethereum:
‍

Before EIP-7702:

• Externally Owned Accounts (EOAs): Standard user wallets like MetaMask or Ledger
  
  
• Smart contract wallets (SCW): Like Safe (formerly Gnosis Safe)
  
  

After EIP-7702:

• Smart EOAs (or “Smart Contract Accounts (SCA)”): A wallet that combines the features of both

‍
‍Smart contract wallets could batch transactions together, but still required an EOA to initialize them. EIP-7702 unlocks the benefits of contract-based accounts, such as transaction batching, custom logic, and gas abstraction, without requiring users to migrate or deploy a new contract.

How EIP-7702 works

As we learnt, EIP-7702 introduces a new transaction type called “Type 4” transactions. It temporarily redefines how an EOA behaves. When sending a Type 4 transaction:

• The user specifies a delegate contract whose code the EOA will execute
  
  
• The EVM treats calls to the EOA as if they are calls to the delegate’s logic
  
  
• After the transaction, the EOA retains this behavior until explicitly changed!
  ‍
  

The delegation mechanism involves storing a code prefix and the delegate’s address in the EOA’s code field. This tells the EVM to redirect execution.

Here’s an example of a type 4 transaction:

‍

This transaction “authorizes” the “delegate’s address,” which just means “hey, our EOA now has the code at the delegated address”. In this case (and typically), the delegate address points to the contract MetaMask uses (audited by Cyfrin, by the way) for Smart EOAs.

To recap, this transaction did a few things:

1. Authorized the MetaMask delegator contract
2. Transferred USDC
3. Transferred aWETH
   

All in 1 transaction!

The technical implementation

Wallets like MetaMask and others can integrate EIP-7702 using the wallet_sendCalls JSON-RPC method. This method enables:

• Setting the EOA’s code to point to a delegate contract
  
  
• Batching multiple calls within one transaction

It makes your wallet look like this when you batch transactions:
‍

This method allows EOAs to behave like smart contract wallets, unlocking complex interactions while preserving the familiar EOA interface.
‍

Real-world benefits

With EIP-7702, users can:

• Approve and use tokens in a single transaction
• Send funds to multiple recipients in one batch
• Perform complex operations without deploying custom contracts
• Reduce confirmation fatigue and save gas fees

This upgrade is beneficial for DeFi users, wallet providers, and any decentralized application (dApp) seeking smoother onboarding or safer flows.

Security considerations: Can you lose all your tokens?

When you examine a transaction on Etherscan that uses EIP-7702, you’ll notice something interesting:

The “from” and “to” addresses are identical because your EOA is calling code on itself. Etherscan shows an “authorization list” that indicates which contract’s code your EOA is borrowing.

Wallets like MetaMask have implemented an important safety feature: they hard-code the delegated contract address. When you use the Smart EOA feature in MetaMask, it only allows your wallet to borrow code from MetaMask’s own audited contract.

This is crucial! If wallets allow any website to designate the contract code, you could potentially lose all your tokens in a transaction that looks legitimate if the website delegates to a malicious contract.

To make this very clear:

1. Yes, you could lose all your tokens if you delegate to a malicious contract. Most wallets hard-code the contracts they allow you to delegate to.
   
   
2. Developers will probably shoot themselves in the foot, delegate somewhere they should not, and lose all their tokens.
   
   
3. You can still lose all your tokens on a “safe” contract that you delegate to, and that’s why it’s still so important to verify your transactions. You should use tools like wise-signer to learn how to make sure you’re not sending away all your tokens!
   
   

The future of EIP-7702

As EIP-7702 adoption grows, the Ethereum ecosystem can expect:

• DeFi apps to consolidate multi-step flows into one-click actions
  
  
• Wallets to offer more programmable, flexible experiences
  
  
• More secure defaults without requiring users to understand smart contract deployment
  
  
• A practical step forward in Ethereum's account abstraction roadmap
  
  

Conclusion

EIP-7702 delivers a significant improvement to the Ethereum user experience by combining the security of EOAs with the flexibility of smart contract wallets. 

While it’s technically possible to “lose all your tokens in a single transaction,” wallet implementations have been careful to build safety mechanisms that protect users from this risk.

By streamlining transactions and reducing approval fatigue, EIP-7702 brings us one step closer to the seamless DeFi experience needed for global adoption.

‍This article explains EIP-7702 and Smart EOAs as implemented in the Ethereum Pectra upgrade. Always ensure you’re using trusted wallets and verify transactions carefully before confirming them.