ERC-223 tokens (e.g. DEAPCOIN) become untransferable after EIP-7702 delegation due to missing tokenFallback

[Masanari-Nagai]

Description

After an EOA delegates to EIP7702StatelessDeleGator, ERC-223 token transfers to/from the delegated address revert. This is because the delegator implements IERC721Receiver and IERC1155Receiver but does not implement the ERC-223 tokenFallback(address, uint256, bytes) callback.

Root Cause

EIP-7702 delegation sets 23 bytes of bytecode (the delegation designator 0xef0100 || address) on the EOA. This causes EXTCODESIZE to return 23 instead of 0.

Many ERC-223 tokens use extcodesize to determine whether the recipient is a contract:

// Example from DEAPCOIN (0x1a3496c18d558bd9c6c8f609e1b129f67ab08163)
// Compiled with Solidity 0.4.25
bool isUserAddress;
assembly { isUserAddress := iszero(extcodesize(_to)) }

When extcodesize returns non-zero, the token contract treats the delegated EOA as a contract and either:

1. Calls tokenFallback() / tokenReceived() on the recipient → reverts because the delegator does not implement this interface
2. Rejects the transfer outright (e.g. "try to send token to contract" in batch transfer paths)

Impact

• Users who enable smart account features on MetaMask lose the ability to send or receive ERC-223 tokens
• Tokens already held in the wallet before delegation become effectively locked
• The user cannot easily undo this — revoking delegation requires another EIP-7702 transaction, and many users may not realize the delegation caused the issue
• DEAPCOIN (DEP) is one confirmed affected token, but any ERC-223 token with extcodesize-based contract detection is affected

Steps to Reproduce

1. Delegate an EOA to EIP7702StatelessDeleGator (0x63c0c19a282a1B52b07dD5a65b58948A07DAE32B)
2. Attempt to transfer DEAPCOIN (DEP, 0x1a3496c18d558bd9c6c8f609e1b129f67ab08163) from or to the delegated address
3. Transaction reverts