MultiversX Tracker is Live!

The fact that a smart contract can pull all available funds from a wallet scares the living sh*t out of me

Etherum Reddit

More / Etherum Reddit 11 months ago 56 Views

Hello Ethereum community,

Each and every day we read about unfortunate people who get their life earnings stolen from them.

Scams in the crypto-space come in many shapes and forms, where some are obvious and some not so much.

One type of scam however, is accomplished by having the user interact with a malicious smart contract.

For people who are not that familiar with smart contract interactions, each time you want to interact with a smart contract you would need to approve the transaction to said contract. This involves payment of fees which the wallet provider alerts the user about. After 5 or 6 interactions with legit contracts clicking that 'approve' button quickly becomes a habit.

But the problem here is that you don't really know what you're actually agreeing to. Because (and this is so shocking to me), if the contract is malicious, it can simply drain your entire wallet.

Let that sink in... one moment you are sitting there thinking you are using a contract you have used may times before, and *poof*, it's all gone. The webpage was hacked and now linked to a different malicious contract.

The fact that there is no more security in place to protect the user from these kinds of attacks are beyond me. And I think in fact this is one of the points governments and regulatory agencies will use to come down on the crypto-space like the hammer of Thor.

And that is precisely my point. It can't be this way. There has to be a better way to do this, where the end users funds and interest are more protected that it is now.

As the title say, it scares the living sh*t out of me that this is even possible to do without any more interactions with the user.

Is this something the community is even working on addressing, and what would be possible solutions?

Maybe the wallet provider could simulate the contract in a sandbox and alert the user of the result?

Maybe on a more fundamental level contracts should be able to do this kind of operations at all? Or that we have special wallet addresses where this is possible?

I don't know, but would like to hear what people think about this issue.

submitted by /u/thegreatsaiby
[link] [comments]
Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Read more

Related Posts

Comments