Crypto Wallet Lesson--Revoke Permissions(5)
I'm Lucio
0x1030
May 14th, 2022

Earlier we talked about how to use different wallets and how to access Dapp. For people who frequently access Dapps and use DeFi applications, ''Token Permission'' is a recurring step in order to use tokens on DeFi protocols.

What is token permission?

Most of the Dapps on the Ethereum chain, EVM chain (BSC/HECO/OKExChain/Polygon, etc.), and TRON chain involve smart contracts, and permission means that the smart contract is allowed to withdraw the user's tokens. Dapps need access to tokens in order to operate on them. For example, if you want to sell WBTC on uniswap, you need ''Approve'' Uniswap's smart contract to access the WBTC in your wallet, and then you can convert WBTC into other tokens through the second transaction. On the wallet, you can see the permission. In order to improve the user experience and reduce the number of permissions, Dapp will require unlimited permission, that is, the smart contract has the right to transfer unlimitedly for a certain token in the wallet.

For reliable and famous platforms, such as uniswap, there will be no malicious operations to transfer users' wallet assets. If the Dapp is malicious, the wallet has a big security risk for all the coins that have authorized the platform. Even mature projects may have vulnerabilities that can be exploited by attackers. So once the user authorizes the Dapp, the token in the wallet will be at risk.

Although hardware wallets can protect private keys, no one can cross hardware wallets to steal private keys. But there is no way to prevent security risks on 'Approve'.

How to prevent permission risks

The most important thing is not to authorize smart contracts on unreliable Dapp platforms, some platforms may operate the users’ tokens within a few hours after authorization.

Second, the user needs to periodically clear the permissions, because even a mature and reliable project may be exploited by attackers. In order to ensure the security of the tokens in the wallet, it is necessary to periodically revoke permissions.

How to revoke permissions

  • Visit the ETH allowance website: https://ethallowance.com/

  • Access the ETH allowance, connect to the Metamask, and the list of authorized smart contracts will be displayed on it

  • Select the platform/contract to cancel the authorization, and click Revoke, if you want to cancel all authorization, click revoke all above

  • Confirm the revoking transaction in the wallet. After the transaction is confirmed, the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk of permissions.

For friends who like to use Debank, it is also very fast to revoke permissions through Debank. Debank official website: https://debank.com/

  • After entering Debank, link the wallet and switch to the corresponding network

  • Click on the profile, then click on management, and you can see the Dapps or smart contracts that are still providing permissions.

  • For the smart contract that wants to revoke permission, click decline. After the transaction is confirmed, the permission of the smart contract will be canceled, and the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk.

These are the steps for revoking permissions. Users should always ensure the safety of funds and avoid risks as much as possible.

Written by: Lucio Lyu

Twitter: @imLucio_eth

Subscribe to I'm Lucio
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
29fr-WuMbmR0Hd1…ccBeGCF_vR6u_xw
Author Address
0x1030d507941eEAE…3eadCDE8A88ca99
Content Digest
0KVpPXhLytC3iHq…J_d8HmYYpFuNiwM
More from I'm Lucio
View All

Skeleton

Skeleton

Skeleton