Five parts in, you know why ETH has no hard cap, how the EVM treats accounts, where gas actually goes, what staking costs and pays, and how rollups compress mainnet data. This part is the assembly. It is the shortest in the series because the hard work is done — what remains is turning the theory into the handful of daily moves that protect your coins.
Holding ETH is the mirror image of holding BTC. One account covers what UTXOs spread across many outputs, so coin selection disappears. In its place, a different risk surface: token approvals, signed messages, and addresses that look almost right. The job is to internalize those and make them cheap to check.
Your ETH address in Zelcore
Zelcore derives your Ethereum address at the BIP-44 path m/44'/60'/0'/0/0. Coin type 60 is the SLIP-0044 registration for Ether, used by essentially every HD wallet, which is why the same twelve or twenty-four words generate the same 0x address in any compliant tool.
Because of the EVM account model covered in Part 2, that one address covers native ETH, every ERC-20 you hold, every NFT, and every dApp you connect. There are no UTXOs, no change addresses, no per-transaction churn. Zelcore shows the same 0x across Ethereum mainnet and most of the EVM-compatible chains it supports — Polygon, BNB, Avalanche, Base — because they all derive from the same secp256k1 key.
The trade-off is visibility. One address means one on-chain history that anyone can read. Confirm the first-derived address against a block explorer on receipt, paste it into your address book once, and treat that entry as the only trusted source from that point on.
Gas hygiene: reading the fee UI
Every Ethereum fee is base fee plus priority tip, expressed in gwei, multiplied by the gas units the transaction actually consumes. Base fee floats with block fullness; the tip is your bribe to the proposer. Part 3 covered the mechanics in full — how EIP-1559 base fee and priority tip actually work (Part 3) is the reference page to re-read when a fee spike surprises you.
Three transaction shapes cover almost everything you will do:
- Native ETH send: ~21,000 gas. Cheap, predictable.
- ERC-20 transfer: roughly 40,000–65,000 gas depending on whether the recipient slot is cold or warm. More than a native send because the token contract has to update two balance entries.
- Contract call (swap, approve, mint): 150,000+ gas and highly variable. Always read the estimate before confirming.
Zelcore's fee UI exposes slow, normal, and fast tiers, which set a max priority fee and a max fee cap. You pay base plus tip on inclusion; any headroom between your tip and your max fee refunds. Two rules cover most days. Size the tip to what you actually need — if you are not racing an NFT mint, slow is fine. And check an L2 before L1 for anything under a couple of hundred dollars; the math almost always favors rolling up.
If a transaction gets stuck pending, resubmit with the same nonce and a higher tip. It is the ETH equivalent of Bitcoin's replace-by-fee.
Approvals and drainers: the EVM-specific attack surface
Before a dApp moves your ERC-20 tokens it needs an allowance — a state change that writes allowance[you][spender] on the token contract. Many dApps default to approve(max), the unlimited option. Convenient, and catastrophic if the contract is exploited or upgraded by a compromised multisig.
Permit2, Uniswap's universal approval router, raises the stakes. You grant Permit2 unlimited allowance once, then sign off-chain messages to authorize specific sub-approvals. The messages are gasless and expirable, which is lovely ergonomics until you sign a malicious one on a homograph domain. A single bad signature can drain every token Permit2 holds approval for.
The canonical audit tool is revoke.cash — a web app and browser extension that lists every outstanding ERC-20 allowance and Permit2 sub-approval across chains, with one-click revocation. Make it a quarterly habit. Set a calendar reminder, open revoke.cash, and clear anything you do not actively use.
Two rules that pay for themselves: never sign a Permit2 message on a site you did not reach by typing the URL, and remember that when a drainer fires, your ETH balance is safe. What leaves is the specific token you approved. Limiting approvals to what you are spending, not max, contains the blast radius.
Address poisoning and other hygiene
Address poisoning weaponizes copy-paste. An attacker generates a vanity address whose first and last characters match a counterparty you transact with often, then pushes a tiny transfer to your wallet so the fake appears next to the real one in history. The next time you copy from transaction history instead of from a trusted address book, you send to the wrong address.
Defense is simple and disciplined. Never copy from transaction history. Copy from your Zelcore address book, a signed message, or a known-good source, and verify the full string — not just the first and last four characters. Clipboard malware works the same family of tricks at the paste step, silently swapping a 0x you copied for the attacker's. Always eyeball the destination after pasting.
For any poisoning dust that lands in your wallet, do not interact with it — hide the token in Zelcore and move on. Touching a suspicious token or NFT is usually what triggers the exploit.
When to reach for an L2
A useful rule of thumb: if the transaction cost is more than about 3% of the amount you are moving on L1, move it to an L2. Zelcore ships native support for several EVM chains — Polygon, BNB, Avalanche, and Base — and for any EVM chain it does not list natively, WalletConnect v2 lets the same keys drive a dApp's own interface without exposing them.
Picking an L2 is mostly about where liquidity lives, which is the full subject of the optimistic-vs-ZK rollup comparison in Part 5. Base, Arbitrum, and Optimism carry the deepest DeFi pools; zkSync Era and Starknet appeal to advanced users who want validity proofs over fraud proofs. Bridge via canonical bridges where you can, and respect the ~7-day challenge window on optimistic rollup withdrawals unless you are paying a fast-bridge operator to front the funds.
One subtle point that catches beginners: ETH on mainnet is not the same asset as ETH on Arbitrum. Same 0x address, different ledgers. Confirm which chain Zelcore is pointed at before you paste.
Staking, Pectra, and Fusaka
The full staking trade-off matrix from Part 4 lays out the four branches. In capsule form:
- Solo (32+ ETH, operational control, all yield and slashing risk)
- SaaS or pool (delegate keys, 5–15% fees)
- LST like stETH or rETH (tokenized, DeFi-useable claim, smart-contract and peg risk)
- Just hold (zero yield, zero protocol-layer risk, simplest)
Pectra activated on May 7, 2025, and it changed staking mechanics materially. EIP-7251 raised the validator cap from 32 to 2048 ETH, so large operators consolidate into fewer, bigger validators. EIP-7002 lets withdrawal credentials trigger exits without needing the validator key online — useful when a staking service fails and you still want your ETH back. And EIP-7702 lets an EOA temporarily delegate execution to contract code via a delegation indicator of the form 0xef0100 || address. That last one unlocks gasless transactions, batching, and session keys in ordinary wallets. Treat 7702 delegations like approvals: only sign from trusted pages, and revoke when you are done.
Fusaka followed on December 3, 2025. Its headline is EIP-7594, PeerDAS, where nodes sample about one-eighth of blob data instead of storing all of it. In practice: L2 fees drop again, and they keep dropping as subsequent Blob Parameter Only forks lift blob capacity. Full Danksharding — 64 blobs per block — is still several years out, but the road is now clearly paved.
Key takeaways
- One 0x address covers ETH, ERC-20s, NFTs, and dApps — but one address also means one public history. Verify on receipt, then treat your address book as the only trusted source.
- Read EIP-1559 fees as base plus tip times gas units. Size the tip to what you need; check an L2 before L1 under a couple of hundred dollars.
- Audit approvals on revoke.cash quarterly. Avoid
approve(max), and never sign a Permit2 message on a site you did not type into the bar. - Never copy destinations from transaction history. Always verify the full string.
- Pectra delivered 2048-ETH validators, execution-layer exits, and EIP-7702 smart-account delegation. Fusaka delivered PeerDAS and cheaper rollup data. Both are live now.
That is the full arc: from why ETH has no hard cap to where your coins should actually live. The chain changes every year — Pectra last spring, Fusaka last winter, BPO forks and eventually full Danksharding ahead. The reasoning in these six parts should compound.
