The Dangers Of Approving Token Usage Through Smart Contracts

Since the dawn of decentralized finance the ‘Approve’ function has been made into a typical transaction needed to utilize platforms.

Smart contracts cannot function without the approval of the wallet owner to use funds from an address. There are so many applications that require approval that it has become a normal thing for many users to do.

Many do not think twice about this transaction, but they should as it exposes them to many of the recent exploits and hacks.

In the early days, a smart contract would ask you to approve the usage of funds but would only approve the amount that was required for the transaction. As gas prices increased and approval transactions became expensive, many smart contracts switched and made the approval transactions unlimited.

Instead of approving only what was needed for a transaction, the smart contract would gain approval to all of a specific token in the wallet. Many crypto holders praised this switch as it reduced the need to send multiple transactions and made decentralized finance easier to use.

MultiChain (formerly AnySwap), BadgerDAO and others have recently made headlines due to hacks. What made these exploits special was the ability of the hacker to gain access to tokens outside of the smart contract. This was only possible because approval transactions granted access to all of a user's tokens.

With these approvals, a compromised smart contract had access to not only the funds locked on a smart contract but had the ability to withdraw funds from users wallets without their permission.

The days of approving any smart contract to have access to your wallet is gone. It is now necessary for users to revoke permissions once they have finished using a service. This will ensure the safety of a user's funds outside of a smart contract should the contract be compromised.

For those that have interacted with a large number of smart contracts, there are tools out there like Token Allowance Tracker (TAC) that can help you manage your allowances.

As of today, there have been more than $123m in digital assets stolen due to approvals. This will likely not be the end of this exploit as many new attackers attempt to gain control over larger decentralized finance platforms.

By simply keeping track and revoking token access, users can shield themselves against this type of attack.

 

Looking for your next crypto casino? Check out: Mega Dice or FortuneJack

Written by Tudor

Works as a developer and helps keeps the digital cogs turning. Leave them alone, they're busy.

Similar News

The Ledger: US election attracts $100m in bets

22/03/2024|17:45

Crypto prediction market Polymarket reported this week that it had seen as much as $100m worth of cryptocurrency wagered on...