Audit of EIP-3074 for Ethereum Foundation

Ethereum Foundation has requested that Least Authority perform a security audit of the EIP-3074: AUTH and AUTHCALL opcodes specification, which aims to allow Externally Owned Accounts (EOAs) to delegate control of their account to a smart contract. This EIP introduces two Ethereum Virtual Machine (EVM) instructions, AUTH and AUTHCALL. The first sets a context variable authorized based on an ECDSA signature and the second sends a call as the authorized, which essentially delegates control of the EOA to a smart contract.

Our final audit report was completed on June 14th, 2021.

To read the full report including our findings, click here:

Report

Archives