EIP-7702 migration status 2026

Ethereum mainnet activated EIP-7702 as part of the Pectra upgrade on May 7, 2025, marking the transition from experimental proposal to network baseline. The EIP introduces a new transaction type (Type 4) that allows Externally Owned Accounts (EOAs) to temporarily delegate execution authority to smart contracts without altering their fundamental address structure. This mechanism enables EOAs to adopt smart wallet features like session keys, gas sponsorship, and transaction batching while retaining the simplicity of private-key control.

The migration status in 2026 is defined by widespread integration across major wallet providers and infrastructure layers. EOAs can now sign authorization messages that set code in their account, allowing for complex interactions in a single transaction. However, this power introduces significant security considerations. Delegating control to a smart contract means that if the contract is compromised or the user is phished, the attacker gains immediate access to the assets within that EOA. The risk is not theoretical; it fundamentally changes the threat model from simple key theft to potential contract-level exploitation.

Invalid TradingView symbol: ETHUSD

Despite the risks, the adoption curve has been steep because the upgrade requires no migration for existing users. EOAs remain EOAs unless they explicitly choose to delegate. This opt-in nature has facilitated rapid uptake among DeFi protocols seeking to improve user experience without forcing users to deploy new smart contract wallets. The primary challenge now lies in user education and the security of the delegation contracts themselves, as the protocol ensures the delegation is valid but cannot verify the trustworthiness of the target contract.

Security audit results and delegation risks

The activation of EIP-7702 on the Pectra network introduced a paradigm shift by allowing Externally Owned Accounts (EOAs) to temporarily delegate execution to smart contracts. While this mechanism enables gasless transactions and session keys without deploying new contracts, it fundamentally alters the trust model of the Ethereum Virtual Machine. Security audits conducted by firms such as CertiK and Openfort have identified specific vectors where this delegation capability can be weaponized if user consent is not rigorously enforced.

The State of EIP-7702 Adoption in

The most critical finding across all major audits concerns the phishing surface area. Unlike traditional transactions where a user signs a specific action, EIP-7702 requires the EOA to sign a special authorization message containing the target contract address and nonce. Audits highlight that if a user unknowingly delegates their account to a malicious contract, that attacker gains immediate control over the assets in the account. The risk is not merely a single transaction loss; it is the potential for total account takeover if the delegation is not explicitly revoked or if the authorization signature is harvested by a social engineering attack.

Callout: Audits emphasize that explicit user consent is the only defense against delegation attacks. Wallets must clearly distinguish between a standard transaction and an authorization signature, ensuring users understand they are setting code for their EOA.

Beyond phishing, contract rollback risks present a secondary but severe threat. The EIP-7702 specification allows an EOA to set code in its account, which is then executed in the context of the EOA's balance. If a delegated smart contract contains flawed logic or fails to handle reentrancy correctly, it can exploit the EOA's state. This is particularly dangerous in complex DeFi interactions where an EOA delegates to a router contract that interacts with multiple external protocols. A vulnerability in any downstream contract can trigger a rollback or state corruption that drains the EOA's funds.

The Ethereum Improvement Proposal documentation stresses that the authorization hash must include the chain_id, address, and nonce to prevent replay attacks. However, audits note that if the nonce is not properly managed or if the user signs multiple authorizations without understanding the implications, the attack surface expands. The high-stakes nature of this upgrade means that even minor oversights in implementation can lead to significant financial losses, making rigorous security auditing and user education paramount.

Wallet and dapp migration readiness

The activation of EIP-7702 during the Pectra upgrade has shifted the burden of compatibility from the protocol to the user interface layer. As Externally Owned Accounts (EOAs) gain the ability to delegate execution to smart contracts, the security model changes fundamentally. If a user inadvertently signs an authorization for a malicious contract, they risk ceding total control of their assets. This high-stakes environment means that wallet readiness is no longer just a feature update; it is a security imperative.

Major wallet providers have adopted different strategies to manage this transition. MetaMask, the industry standard, has prioritized user safety by gating the feature behind a "Smart Wallet" toggle. This approach ensures that users must explicitly opt-in to delegation, reducing the risk of accidental exposure. In contrast, hardware wallet providers like Ledger have taken a more cautious stance, focusing on rigorous audit processes before enabling full delegation capabilities. Their slower rollout reflects the heightened responsibility of protecting cold storage keys in a smart contract-enabled environment.

The following comparison highlights the current state of support for key EIP-7702 features across leading wallets. This data reflects the post-Pectra landscape, where support levels vary based on security protocols and user experience design.

WalletEIP-7702 SupportGas SponsorshipSession Keys
MetaMaskOpt-in (Smart Wallet)Full SupportLimited
SafeNativeFull SupportFull Support
Ledger LiveBetaPartialPending
RabbyNativeFull SupportFull Support

Dapps integrating EIP-7702 must also ensure their smart contracts are compatible with the new delegation logic. While some decentralized exchanges have already implemented gasless transactions using EOA delegation, others remain on the ERC-4337 standard due to the complexity of integrating Type 4 transactions. Users should verify that their preferred dapp explicitly supports EIP-7702 before attempting to delegate, as mismatched contract code can lead to failed transactions or, in worse cases, security vulnerabilities.

The divergence in wallet support creates a fragmented user experience. While MetaMask and Rabby offer immediate access to smart wallet features, Ledger users may find themselves waiting for beta access. This gap underscores the importance of choosing a wallet that aligns with your risk tolerance and desire for advanced features. As the ecosystem matures, we expect this fragmentation to narrow, but for now, the choice of wallet directly impacts your ability to leverage EIP-7702's benefits safely.

Gas Efficiency and Execution Speed

EIP-7702 fundamentally changes the economics of user interaction by removing the overhead of account abstraction deployment. Unlike ERC-4337, which requires a separate smart contract wallet and incurs bundler fees for every transaction, EIP-7702 allows an Externally Owned Account (EOA) to temporarily delegate execution to a smart contract. This distinction creates a significant gas advantage for high-frequency interactions.

The primary efficiency gain comes from the ability to batch operations. In a traditional ERC-4337 flow, a user might pay a fixed bundler fee (often $0.10–$0.50 depending on network congestion) plus gas. With EIP-7702, multiple actions can be signed and executed in a single Type-4 transaction. This reduces the per-action cost to near-zero for the user, as the gas is paid directly on-chain without an intermediary bundler taking a cut.

Session Key Savings

Session keys activated via EIP-7702 offer a dramatic reduction in friction for specific use cases like gaming or DeFi interactions. Because the delegation is temporary and transaction-specific, users avoid the one-time deployment cost of a smart wallet (~$15–$25 at current gas prices). The savings compound over time; for a user making 100 transactions, the avoided bundler fees alone can exceed the cost of a single smart wallet deployment.

Comparison: EIP-7702 vs. ERC-4337

The table below illustrates the structural differences that drive these efficiency gains. EIP-7702 leverages the existing EOA structure, while ERC-4337 relies on an off-chain mempool and bundlers.

FeatureEIP-7702ERC-4337
DeploymentNone (uses EOA)Required (~$20)
Bundler FeesNoneYes ($0.10+)
Transaction TypeType-4 (On-chain)Type-1153 (Off-chain)
BatchingNativeBundler-dependent

Security and gas choices that change the plan

While EIP-7702 offers superior gas efficiency for session-based interactions, it introduces a unique security vector. The temporary delegation means that if a user signs an authorization message for a malicious contract, that contract gains control over the EOA’s funds until the nonce changes or the session expires. This is a higher-stakes risk than ERC-4337, where the smart wallet’s code is fixed and audited at deployment. The gas savings are real, but they come with the responsibility of carefully managing delegation permissions.

~90%
Reduction in per-transaction overhead for high-frequency users compared to standard ERC-4337 bundler models

Eip-7702 vs erc-4337 choices that change the plan

Developers often confuse EIP-7702 with ERC-4337 because both enable smart account functionality. The distinction is fundamental: one modifies the protocol, the other operates above it.

EIP-7702 allows Externally Owned Accounts (EOAs) to temporarily delegate execution to smart contract code. This is a protocol-level change activated in the Pectra upgrade. Users sign a specific authorization transaction that sets code for their account. While this enables features like gas sponsorship, it introduces immediate on-chain state changes. If a user delegates to a malicious contract, the attacker gains direct control. This creates a high-stakes phishing vector where a single signature can compromise an entire wallet.

ERC-4337, or account abstraction, works differently. It relies on a separate mempool and bundlers to process transactions through smart contract wallets. It requires no protocol changes. The user's funds remain in a smart contract wallet, and the logic is enforced by the wallet's code. This approach is safer for delegation because the user interacts with a known wallet contract, not by blindly trusting an arbitrary external code deployment.

Choose EIP-7702 if you need to upgrade existing EOAs without forcing users to migrate their address. It is a quick win for UX but carries significant delegation risks. Choose ERC-4337 if you are building a new smart account product. It offers better security isolation and avoids the protocol-level risks of temporary code delegation.

FeatureEIP-7702ERC-4337
ImplementationProtocol-level (Pectra)User Operation mempool
Asset LocationEOA (private key)Smart contract wallet
Risk ProfileHigh (phishing delegation)Lower (wallet logic)
MigrationNo address changeNew wallet address

Frequently asked questions about EIP-7702