Ethereum’s Pectra upgrade (EIP-7702) is live — a major leap forward, but new functionality brings new risks. Here’s what users, wallet providers, developers, and exchanges should watch out for: 
For Users:
Private key protection should always be a priority.
Be aware that the same contract address on different chains may not always have the same contract code.
Understand the details of the delegated target before proceeding.
For Wallet providers:
Check if the chain of the delegation matches the current network.
Warn users about the risks of delegations signed with a chainID of 0 that could be replayed across different chains.
Display the target contract when users sign delegations to reduce the risk of phishing attacks.
For Developers:
Ensure permission checks are performed during wallet initialization (e.g., via ecrecover to verify the signing address).
Follow the Namespace Formula proposed in ERC-7201 to mitigate storage conflicts.
Don’t assume that tx.origin will always be an EOA, using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective.
Ensure that the target contract for the user’s delegation implements the necessary callback functions to ensure compatibility with mainstream tokens.
For CEXs:
Run trace checks on deposits to mitigate the risk of fake deposits from smart contracts.
Full best practices & in-depth analysis:
https://t.co/IvphpT07rA
https://www.bipu123.com/t/topic/63995