"Not your keys, not your crypto" is actually not the full truth in Ethereum ecosystem

Would you give someone access to part of your capital? I would not. Then why do we do it in Ethereum ecosystem and considering it a standard?

To use ERC-20 tokens in DeFi protocols such as Sushiswap you must approve DApp to spend tokens on your behalf - known as an allowance.

Some time ago smart contract developers come up with tiny additional standard to ERC-20 that allows DApps to ask for unlimited allowance for your tokens.

People tend to say "funds in a wallet", that's wrong. Funds are on-chain and your wallet is the key to do stuff on-chain.

"Not your keys, not your crypto" is actually not the full truth in EVM ecosystem. ERC-20 allowance means you share crypto with an approved contract – known as a spender.

Recent bug in Sushi swap new v2 smart contract led to an exploit and users were asked to revoke allowances to secure their crypto

[tweet link] https://twitter.com/jaredgrey/status/1644914375151550464

If you think hardware wallets can help, they don't. With an allowance an approved spender can use tokens associated with your address without your keys anytime they want to.

There are some solutions like approve-spend patterns, which result in more fees. This creates another problem because gas is not cheap in Ethereum ecosystem even in L2.

Gasless spend approval ERC-2612 is another solution to the allowance problem but you have to sign an additional transaction. Uniswap recently came up with Permit2 solution when you need to approve just once for any token in their app.

Newer ERC-1155 standard only amplify the problem. ERC-1155 contracts may have more than one asset in a single contract and do have a function to delegate right to transfer all assets without any limits.

ERC-20 allowance mechanism cannot be the future of DeFi and especially the future of finance. We need better technology but while we build it use the amazing Revoke.cash tool to check your current allowance and check if you have any allowance in hacked smart contracts https://dmitryshvetsov.com/apps/is-my-crypto-wallet-safe/

You can help/contribute

By reporting hacked smart contracts to me on twitter or submitting a pull request to the hacked-smart-contracts repository

[github link] https://github.com/dmshvetsov/hacked-smart-contracts

submitted by /u/DmitryShvetsov
[link] [comments]

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.

Bitcoin.com

	The Riveting World of Bombay Club
	SOCIAL GOOD 100$ free sign up bonus + 100% Cashback on daily purchases
	Ethereum Expected to Thrive in 2023
	How To Get Started On Cryptocurrency Gaming
	5 Important Features of White Label NFT Marketplace
	How to get started with crypto gambling
	Best 7 Web3 Apps That Pay You Crypto
	6 Must-Have Tools For Crypto Traders
	Can Ethereum 2.0 Be Converted to Cash?
	Cryptocurrency in Gambling: Features and Benefits
	What are the Core Facets of a Successful Cryptocurrency?
	Cost to Develop Your Own Cryptocurrency Website
	EgldRush - The best Elrond NFT project Farming, Staking, Rewarding
	Choosing a Safe Cryptocurrency Exchange 2022
	Let's Talk About Security in Crypto

"Not your keys, not your crypto" is actually not the full truth in Ethereum ecosystem

Comments

Categories

Tags

Subscribe

Related Posts

Comments