Ivo 7702/acc

posting this every day until i stop seeing slop

@Marczeller @ambire did you try using it with revoke btw? Last time I checked Ambire was the only one that could multi-revoke seemlessly in one actual txn

I'm updating the Golden trio of onchain safety: 1) Own a hardware wallet, with the new clear signing framework, screen output will go from gibberish to human-readable. 2) Import your hw into @ambire, they cooked, I migrated to it and it's now the best wallet for the EVM experience, check their simulation. 3) create a @safe, even if 1/1 at first, use tenderly simulation. Bonus: generate a hotwallet without any funds, make it a proposer on your safe and give the private key to your agent to generate the transactions and batchs for you, no more clicking buttons, no more clunky UIs, just prompt then verify simulations at each layer and sign at the end. Voila, this setup makes you safe, 100x your crypto UX and makes unc Kim sad.

@arik_g @ambire @zama will check it out ser!

Different wallets have different positioning, it's very cool to see the @ambire approach of diving head first into new technologies, like account abstraction and clear signing. ERC-7984 confidential token support next? @zama can help...

Ambire Community Call - updates, Safe support, Ambire Vault and more x.com/i/broadcasts/1…

@Trecc_finance @Xylon_lew i assume this is AI slop but i'll address it anyway - there are plenty of legitimate cases, it's not exactly an open design space - ambire uses it and almost all txns use 7702 - nobody notices things when they work, people only notice them when they're hacks/exploits

@Xylon_lew @Ivshti honestly? none yet. that's the problem. legitimate ux for 7702 delegation is still an open design space. whoever ships it first and makes it intuitive wins wallet market share by default.

EIP-7702 is the greatest marketing disaster in Ethereum history... - no mainstream (or any that I know of) wallet implements a flow for signing an arbitrary delegation - attackers use EIP-7702 once they have the user's private key, to make draining easier - user sees EIP-7702 on chain and immediately thinks "I got phished into signing a delegation", not "my private key is compromised" For anyone in this situation who doesn't believe me, just send funds to your compromised address on a DIFFERENT chain. You will see a NEW delegation appear, without your involvement, and your funds get drained.

The most important people in tech you want to meet are almost all on here, and you can just tweet at them They're not at network events!

Delegations ARE for a particular chain. But this is exactly what I'm saying. If you send money to a new chain on the same acc, the attacker will sign a NEW delegation, proving that they have the private key. (technically, there is a cross-chain delegation but in practice it can't work because its tied to the account nonce; this only works if you're starting from a new acc)

@Ivshti wait, I thought it was for particular chain

@hanni_abu read my post again I'm saying it's a marketing disaster, not a disaster it's a fantastically designed and executed EIP that had huge potential, only to be ruined by bad rep and adopted pretty much only by ambire and metamask

@Ivshti If I'm not mistaken, doesn't Ambire recommend using 7702? If it's so bad then isn't it not great we're exposing users to this?

People keep making misleading posts and articles about 7702 delegations and it's genuinely just hurting AA at the end of the day All wallets handle their own AA, and a wallet would not drain you

first of all, sorry for your loss - I shouldn't have focused on the technical parts first, considering the state of our industry and how error prone it is. Second - which wallet did you sign this with? I've never heard of any wallet that allows arbitrary 7702 delegations, this should be investigated

@Ivshti Right Therefore, this wallet is completely useless.

【注意喚起】EIP-7702委任で資産を抜かれました。 今回、SoSoValueでロックしていたUSSI/USDCのLPをクールダウン後にWithdrawしようとしたところ、資産がウォレットに戻った直後に抜かれました。 最初はApprove被害かと思いましたが、Basescanを確認すると、自分のアドレスに 「Delegated to: 不明なアドレス」 という表示が出ていました。 これは通常のERC-20 Approveとは別で、EIP-7702による委任状態です。 EIP-7702は、EOA（普通のウォレット）にスマートウォレットのような機能を持たせるための仕組みです。 便利な機能である一方、悪意あるコントラクトに委任されていると、ウォレットに入ってきた資産が自動で抜かれるような挙動につながる可能性があります。 実際、自分の場合はBaseだけでなく、Ethereum、BNB、PolygonにもEIP-7702委任が残っていました。 確認・解除はRabbyでできます。 手順👇 1️⃣ Rabbyを開く 2️⃣ Approvalsへ 3️⃣ 上部タブの「EIP-7702」を確認 4️⃣ 不明なDelegated Addressがあれば選択 5️⃣ Revokeを実行 6️⃣ 各チェーンのExplorerで「Delegated to」が消えたか確認 自分の場合、EthereumではEtherscan上の「Delegated to」表示が消えたので、解除できた可能性が高いです。 ただし、委任を解除できても、そのウォレットを完全に安全扱いするのは危険です。 なぜ委任されたのかが不明な場合、秘密鍵漏洩・悪質署名・偽サイト接続・端末汚染などの可能性も残ります。 なので基本方針は、 ✅ EIP-7702委任を確認 ✅ 不明な委任はRevoke ✅ Explorerでも確認 ✅ 旧ウォレットは監視・回収専用 ✅ 今後のメイン利用は新ウォレットへ移行 これが安全だと思います。 特に、ステーキングやロック資産がある人は本当に注意してください。 ロック解除後に資産が戻った瞬間、委任先に抜かれる可能性があります。 SoSoValueが悪いという話ではなく、危険な委任状態のウォレットでWithdrawしてしまったことが原因だと見ています。 自分のように実際に抜かれるまで気づかない人も多いと思うので、今すぐRabbyのApprovalsで「EIP-7702」を確認してみてください。 これはApproveとは別枠です。 見慣れないDelegated Addressがあったら、かなり危険です。 #EIP7702 #WalletSecurity

@tail_top_re false, not possible. There's no flow in mainstream wallets (metamask, rabby, ambire, etc) for this to happen with a request from a website. Your PK got leaked.

EIP-7702委任が設定される原因は、主に2つあると思っています。 1つ目は、悪質サイトでEIP-7702 Authorizationに署名してしまうケース。 見た目は「Claim」「Verify」「Connect」「Gasless」「Enable smart account」など普通の操作に見えても、実際には自分のEOAを不明なコントラクトへ委任する署名になっている可能性があります。 2つ目は、シードフレーズや秘密鍵の漏洩。 この場合、犯人がこちらの代わりに各チェーンで委任を設定できるため、委任を解除しても根本的には安全とは言えません。 今回、自分のウォレットではBaseだけでなく、Ethereum / BNB / PolygonにもEIP-7702委任が入っていました。 なので、EIP-7702をRevokeできたとしても、そのウォレットをメイン利用に戻すのは危険だと判断しています。 旧ウォレットはロック資産回収・監視専用。 今後のメイン利用は新しいウォレットへ移行。 これが安全だと思います。 「Approveを消せばOK」ではなく、RabbyのApprovalsで「EIP-7702」タブも必ず確認してください。 見慣れないDelegated Addressがあれば、かなり危険です。

@J222ad lmao we have a warning for non-ascii character tokens but not for this yet

A gang of drainers deployed a malicious contract hiding behind the $ token symbol, tricking transaction simulators into showing fake balance gains in $ 🤣while quietly siphoning real ETH to their wallet.

Second-time founders be like… > GTM > PMF > Go fully remote > Profitability is king > Must have a Big TAM > Outsource non-core tasks > Have great advisors/investors > Prioritize customer conversations > Focused on retention over growth > Hire fewer, more experienced people > Document everything on Notion/Slack > Thinking in decades and acting in days None of this stuff came from a book. It came from living through the first company. The price of admission was worth it.

@ambire @erc4337 cc @erc4337

How much gas overhead does @erc4337 actually add? @Ivshti ran controlled benchmarks on Ethereum and Optimism, comparing smart accounts, proprietary relayers, and native EOA transactions to find out. blog.ambire.com/erc-4337-gas-o…

NEVER LET BRO RANK AGAIN (he didn't rank anything)

if mfs defended crypto as much as they did peptides, wed be at $250k bitcoin lock in

@ambire voted to close Rewards Season 2 with no payout after users hit $1.27M of a $2M swap and bridge volume target, about 63% of the goal. The season had already been extended once. With the target still out of reach, the team framed the close as "rewards follow real volume, not promises." 58% of voting power backed the clean close. 42% pushed for a 50% partial payout worth $50K in $WALLET, arguing participants earned something for getting two-thirds of the way there. The largest no-payout voter argued the market itself was the problem: "statistically speaking, most of the previously claimed tokens were sold... the market is way too tired and value-extracting for this to work in favor of $WALLET." One partial-payout backer pushed a broader rethink: pause the rewards program entirely and redirect $WALLET toward onboarding power users and mobile download incentives instead of volume targets. Closed with 53 wallets participating and a ~9M token margin. Proposal: snapshot.box/#/s:ambire.eth…