[ERC‑XXXX] Transient EIP‑7702 Delegate Runtime Introspection – Enabling Safer, Smarter Wallet Innovation
With EIP‑7702, we’re stepping into an exciting new chapter for Ethereum wallets. By allowing EOAs to temporarily attach contract logic per-transaction, 7702 opens the door to a new class of user experiences—flexible, programmable, and gas-efficient—without giving up EOA simplicity.
This is more than an upgrade; it’s a foundational shift in what a wallet can be.
But to fully unlock the promise of this model—modular wallets, delegate-driven apps, context-aware smart contracts—we need the ability to understand and verify what’s happening inside a delegated call.
Introducing: callContext7702()
This proposal defines a minimal, low-gas interface that gives any contract clear visibility into a wallet’s delegate call state.
The Core Interface
At the heart of this ERC is a single view function:
function callContext7702() external view returns (CallContext7702 memory context);
struct CallContext7702 {
bool isDelegatedCodeActive;
uint256 callDepth;
address invoker;
uint256 opType;
}
This lets smart contracts or tools answer questions like:
- Am I talking to a delegate, or a plain EOA?
- Who invoked the delegate code if it is active?
- Are we inside a recursive delegate context?
- What type of operation is being performed?
This unlocks composability and security at the same time, without relying on heuristics or external assumptions.
Semantics via opType
One useful aspect of this approach is the ability to include a semantic opType, which allows protocols to interpret the kind of delegate operation being performed and apply relevant policies or safeguards.
uint8 constant OP_NONE = 0;
uint8 constant OP_TOKEN_TRANSFER_SINGLE = 1;
uint8 constant OP_TOKEN_TRANSFER_BATCH = 2;
uint8 constant OP_EXEC_SINGLE = 3;
uint8 constant OP_EXEC_BATCH = 4;
uint8 constant OP_UNKNOWN = 5;
This paves the way for use cases like:
- Approving only certain op types via governance oracles
- Attaching intent metadata to a wallet transaction
- Implementing composable, multi-step workflows without breaking protocol invariants
How It Works (Lightweight + Safe)
We designed the system to be both robust and extremely simple to implement.
The reference implementation has a single modifier to provide delegates with introspection context:
modifier delegateCodeEntered(uint8 opType) {
uint256 contextToRestore = _delegateCodeEnteredBefore(opType);
_;
_delegateCodeEnteredAfter(contextToRestore);
}
This pattern ensures that introspection is:
- Stateless
- Nesting-aware
- Invisible to the wallet’s long-term state
Safe Introspection From Consumers
For contracts or apps that want to inspect a wallet’s delegate status safely the reference implementation contains helper functions to inspect an address for its current EIP-7702 state.
The example below uses the helper functions to check if a wallet has a delegate attached, if the attached delegate is allowed to interact with the contract, and the operation type if the call is being made through the delegate implementation.
(bool isDelegate, address delegate) = _check7702(wallet);
if (isDelegate) {
require(_allowedDelegates[delegate], “Unauthorized delegate implementation”);
(bool error, CallContext7702 memory ctx) = _safeCallContext7702(wallet);
require(!error && (!ctx. isDelegatedCodeActive
|| ctx.opType == OP_EXEC_SINGLE), "Unauthorized delegate op");
}
Why This Matters
By making introspection simple, reliable, and standardized, this ERC enables:
Secure modular wallets — where functionality can be dynamically added without sacrificing protocol assurances
Delegate-aware DeFi — allowing lending, swaps, or governance to enforce op-type constraints
Trust-minimized integrations — where protocols can validate execution context, not just permissions
Composable protocols — that build on each other with full visibility into wallet behavior
We’re not just plugging a hole—we’re creating an interface that expands what’s possible across the wallet stack.
Designed for Safety
- Uses transient storage to avoid collision or contamination
- Nested calls are tracked via callDepth, providing reentrancy awareness
- Introspection is opt-in and observable, but not enforceable unless the delegate is trusted—you control your threat model
Let’s Build the Future of Wallets
EIP‑7702 gives us the freedom to move beyond the binary choice of EOA vs contract account. But with that flexibility, we need the right guardrails and observability.
This ERC is our proposal for that layer. It’s minimal. It’s modular. And it’s designed to empower developers, protocols, and wallets to innovate safely.
Proposed ERC available here. We’d love your feedback, edge cases, and implementation ideas.