Today, we’re excited to announce the Pectra Audit Competition, kicking off on Cantina! This month-long event will run from February 21 to March 24, and we’re excited to see what issues the security community can find.
Why Pectra Matters
Some of the key EIPs for Pectra are listed below
From EOAs to Smart Accounts (EIP-7702)
Enhances Externally Owned Accounts (EOAs) with smart contract features.
Key Benefits
Transaction Batching: Combine multiple operations into a single transaction.Gas Sponsorship: Others can pay fees for the account.Alternative Authentication: Use hardware security modules or passkeys for authorization.Spending Controls: Limit token usage/outflows for improved security.Recovery Mechanisms: Safer asset protection without changing the main account.
Safety Checks
Chain-Specific: Delegations valid only on one chain ID.Nonce-Bound: Tied to the account’s current nonce, auto-invalidated when it changes.Revocability: The EOA owner can revoke/replace existing delegations at any time.
Validator UX Improvements
EIP-7251
Raises Max Validator Balance from 32 ETH to 2048 ETH.Enables automatic reward compounding and validator consolidation (merge multiple validators with shared withdrawal credentials).
EIP-7002
Execution Layer Triggerable Withdrawals: Allows an Ethereum address (not just the validator signing key) to trigger exits.Reduces Trust in Delegation: The account owner (human, DAO, etc.) can force exits without relying on the validator.
EIP-6110
Speeds Up Deposit Processing: Cuts wait time from ~9 hours to ~13 minutes.Removes the pre-merge buffer for deposit processing (no longer needed post-merge).
Blob Scaling (EIP-7691)
Increases Ethereum’s Blob Capacity by 50% (average from 3 to 6, max from 6 to 9).Blobs are short-lived data for L2 proofs, reducing L1 fees by 10–100×.EIP-7623 caps worst-case block size to manage higher bandwidth.Future scaling will involve data sampling so that nodes store only subsets of blob data.
For a more comprehensive overview, have a look at the Pectra page on ethereum.org.
Scope of the Audit
This competition specifically targets Pectra code. Any vulnerabilities discovered that are not specific to Pectra should be reported through the Ethereum Foundation Bounty Program. By keeping the focus on Pectra in this competition, we hope to surface potential issues prior to the mainnet hard fork.
Ethereum Protocol Attackathon Recap
The Ethereum Protocol Attackathon, which was recently hosted on Immunefi, has also been concluded. In collaboration with Immunefi and the Ecosystem Funding Initiative, major ecosystem players — Bybit, Wormhole, Arbitrum Foundation, The Graph, GMX, and Base — generously donated matching funds alongside the Ethereum Foundation. This collective effort underscored the community’s dedication to building a more secure and resilient blockchain ecosystem.
Ready to Begin?
Head to Cantina’s competition page to get started.
For more information on reporting vulnerabilities outside of the competition, please visit the Ethereum Foundation’s Bug Bounty Program.
We look forward to your discoveries. Good luck, and happy auditing!
GIPHY App Key not set. Please check settings