Skip to content

SIP: EIP-7702 Compatibility Standard#31

Open
Ridwannurudeen wants to merge 1 commit into
ProjectOpenSea:mainfrom
Ridwannurudeen:sip/eip7702-compatibility
Open

SIP: EIP-7702 Compatibility Standard#31
Ridwannurudeen wants to merge 1 commit into
ProjectOpenSea:mainfrom
Ridwannurudeen:sip/eip7702-compatibility

Conversation

@Ridwannurudeen
Copy link
Copy Markdown

@Ridwannurudeen Ridwannurudeen commented Mar 15, 2026

Summary

This SIP proposes a standard for how Seaport contracts should handle EIP-7702 delegated EOAs, introduced in Ethereum's Pectra upgrade.

Problem

EIP-7702 breaks three critical assumptions in the Seaport ecosystem:

1. tstorish.__activateTstore() Reentrancy Guard Bypass

The standalone tstorish library uses msg.sender != tx.origin to restrict __activateTstore() to pure EOAs. Under EIP-7702, a delegated EOA can execute arbitrary code while maintaining msg.sender == tx.origin, enabling an attacker to:

  1. Enter a tstorish-inheriting contract (reentrancy guard set via SSTORE)
  2. Call __activateTstore() mid-execution (passes the guard since msg.sender == tx.origin)
  3. Switch the contract from SSTORE to TSTORE mode
  4. Read reentrancy guard from TLOAD (returns 0/unset) instead of SSTORE
  5. Bypass the reentrancy guard entirely

This directly addresses tstorish#5, which has been open since March 2025 with no resolution.

Note: seaport-core's ReentrancyGuard.sol uses a guard-state check (sload == _NOT_ENTERED_SSTORE) instead of tx.origin, making it resilient. But any third-party contract inheriting standalone tstorish is vulnerable.

2. extcodesize Misclassification

Delegated EOAs have extcodesize == 23 (the delegation designator 0xef0100 || address). This causes Seaport's SignatureVerification.sol to misclassify ECDSA failures for delegated EOA signers as BadContractSignature instead of the appropriate ECDSA-specific error.

3. Zone/Offerer Account-Type Assumptions

Custom zones implementing SIP-7 or SIP-15 that use extcodesize-based isContract() checks misclassify delegated EOAs as smart contracts, potentially causing authorization failures, wrong signature verification paths, or incorrect fee calculations.

What This SIP Specifies

Section Content
EOA Detection Replace msg.sender != tx.origin with msg.sender.code.length != 0
Utility Library Standard SIP_EIP7702Utils with fetchDelegate(), isDelegatedEOA(), isPureEOA()
Signature Guidance How to handle ECDSA vs ERC-1271 for delegated EOAs
Zone Guidance Updated isContract() patterns, signature path selection, EOA restriction policies
Reentrancy Guards Ban tx.origin == msg.sender guards; mandate mutex-based guards
SIP-5 Extension Metadata signal for 7702 compatibility
Test Cases 4 concrete test scenarios with Foundry code
Security Analysis Reentrancy bypass, delegation volatility, gas overhead, spoofing resistance, smart wallet interaction

References

@Ridwannurudeen
Add SIP draft: EIP-7702 Compatibility Standard
15630e5 
Proposes how Seaport contracts should handle EIP-7702 delegated
EOAs for activation guards, signature verification, and zone
interactions. Addresses tstorish#5 and broken tx.origin invariants
post-Pectra.
@Ridwannurudeen Ridwannurudeen mentioned this pull request Mar 15, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Ridwannurudeen