DeFi Slate

Share this post
Master It Monday: How to avoid scams & account drains by canceling infinite approvals
defislate.substack.com

Master It Monday: How to avoid scams & account drains by canceling infinite approvals

Using a dope tool approved.zone to make sure you're staying safe

DeFi Slate šŸ“ˆ
Oct 12, 2020
Comment
Share

Take one step closer to sovereignty every single week, join the DeFi Slate community below:

DeFi Slate Fam:

There have been more rugpulls and scammy ish going on in the DeFi space than ever before. Really, its quite unfortunate, but its also been easier than ever to avoid the scams.

Taking the necessary security measures and steps using the new apps within the non-custodial world of DeFi eliminate a lot of the security risks that CEXs bring.

Really, it should be more difficult to get hacked than ever.

*Knock on wood*

In this piece, we’ll show you how to make sure you don’t get rekt by infinite approvals, a sometimes scary smart contract function!

Happy Monday, lets send it.

- Andy


šŸ“ˆ Shoutout To Our Partner: MCDEX— trade the first ever decentralized ETH & LINK perp swap contracts on MCDEX.šŸ‘ØšŸ½ā€šŸŒ¾


Image

šŸ™Big Ups To Our Great Sponsor Aave: Earn Interest & Leverage Your Assets with Aave, a non-custodial money market protocol leading the #DeFi charge. 

ALPHA LEAK: Deposit LINK tokens into Aave to get aLINK, then head over to Yearn to put your aLINK into the yaLINK vault for extra yield. It all starts here with Aave!


Master It Monday: How to avoid scams & account drains by canceling infinite approvals

Unfortunately not many people really understand what infinite approval is, nor how it can really have harsh ramifications if not taken care of & addressed. Frankly, I just learned about it a few weeks ago after using metamask all the time, interacting with more smart contracts than iPhone apps in the last few months.

Seriously, though. It was only until a few weeks ago I realized the power of smart contracts & why they can be revolutionary for the financial system. They are fookin’ trustworthy man. You can place your trust in the audited code.

Twitter avatar for @spencernoonSpencer Noon @spencernoon
There is no such thing as a 100% safe smart contract Bugs can always be found, even in code that has been looked at thousands of times Because of this most users will only store funds in protocols built by world class developers This is what the ā€œfork out the feesā€ people miss

October 12th 2020

15 Retweets126 Likes
This is why we advocate for platforms like Aave, Compound, Synthetix, Yearn, Uniswap…still risky, but they have world class teams & several audits.

However, you have to count on the teams + auditing companies to do their job properly, and there’s human error there. Always room for issues, that’s why we stress this stuff being so new that its very risky.

If you’ve never used smart contracts or MetaMask before, that’s totally cool. But if you have, you certainly know that in order to operate transactions on Uniswap, Aave, etc etc you have to ā€˜Approve’ the transaction before it goes through.

When you confirm this transaction, you are approving the smart contract behind Uniswap to spend the give amount of ONLY your CHI tokens. In this example, there were like 35 tokens in the wallet so therefore Uniswap can only spend 35 CHI tokens that are in the wallet. No other tokens in the wallet, nor any other amount of CHI tokens if more were to deposited at a later date, for example.

So, then what is infinite approval?

From the CoinMarketCap Glossary (People still use this site? Sheeesh):

ā€œInfinite approval is a smart contract programming practice, often considered to be problematic. This programming feature sees a given smart contract require authorization to access an unlimited number of tokens from the user’s wallet instead of only the number that is actually needed.ā€

This happened to Bancor in the early days of their DEX, more here:

ā€œAn infamous example of a smart contract that was programmed this way is one employed by decentralized exchange Bancor. When a user first used the system, he had to give the smart contract an authorization to withdraw an unlimited number of tokens from his wallet.

Bancor’s smart contracts also contained a vulnerability that could have allowed a hacker to steal all the units of the token that the user authorized the contract to manage by leveraging this vulnerability. Fortunately, Bancor’s programmers noticed before malicious actors could steal the tokens and later modified their systems to only ask for approval for the needed number of tokens. The developers preemptively ā€œstoleā€ user funds to return them later to avoid a hack.ā€

There a few instances in which you could have approved infinite transactions in the past, one of the most prominent is on 1inch where they have the ā€˜Infinity Unlock’ as seen below.

Got it. How do I protect myself?

Gotcha. So there’s a really cool website approved.zone where you can see all the approvals you’ve ever given to any smart contract. Whether its a token swap on uniswap, using Aave, or a sketchy yield farming project they are all there.

And here’s where the fun starts.

First, connect your metamask to see all the approvals that you’ve ever approved. And then scroll down and browse all the ones with the āˆž symbol, meaning infinite approval.

So for these two contracts, you can see there is infinite approval for DAI, WBTC, & two UNI-V2 LP tokens. Meaning, if the devs of this contract ever ~wanted to~ they could quickly alter the code and drain all of those tokens from this wallet. Now most smart contracts have timelocks so you’d be able to cancel / move funds before the changes took place, but still, sketchy.

In order to cancel this ability, we have to press ā€˜Decline for contract’ on the left and remove the full ability to spend. You’ll have to approve the approved zone spending (kinda ironic, eh?) in order to go through with it.

Once you’ve done this, the next step is to refresh the page & make sure that the pair has been removed from the list! Once the transactions approve, you’re good to go.

Gotta stay safe degens!

Hope you enjoyed this one, and I've been doing this myself often recently. There’s no excuse to not stay safe, especially when gas is cheap šŸ‘ØšŸ½ā€šŸŒ¾

Liked this post? Share with a friend :)

Share

Subscribe to the DeFi Slate Newsletter & join thousands of other crypto enthusiasts:

🌐Check Us Out On Twitter!

šŸš€Join the community on Discord to get our freeV.1. yield farming guide!

šŸŽ¤Subscribe to our YouTube channel!

Check out some previous interviews:

  • DeFi Slate x Nate Hindman: AMMs & Bancor V2

  • DeFi Slate x TheEther: A social governance experience for Ethereum

  • DeFi Slate x Jeff Jihoz: Web 3.0 Gaming Axie Infinity

  • DeFi Slate x Nick Fett: Oracles, Tellor, and the future of DeFi

Last week in review:

  • Tap In Tuesday: Using Baller Netlify App To Calculate Impermanent Loss

  • Wiretap Wednesday: Alpha Homora Leveraged Yield Farming (NEW)

  • Full Send Friday: Week In Review

Recent tweets:

Twitter avatar for @defislateDeFi Slate @defislate
DeFi For Dummies #25: How can I take out a loan on Aave?
defislate.substack.com/p/master-it-mo… #DeFiForDummiesMaster It Monday: Using Aave to leverage your assets & earn interest3-7% stablecoin APY, lend and borrow, your decentralized savings account in Aavedefislate.substack.com

October 9th 2020

2 Likes
Twitter avatar for @defislateDeFi Slate @defislate
Money doesn't make you 'better' than others It just makes life easier for you than others No matter how much you make, always keep your head on straight Remember where you came from At the end of the day, what matters most? Your friends and loved ones Can't buy those

September 16th 2020

4 Retweets14 Likes
Twitter avatar for @defislateDeFi Slate @defislate
With new #DeFi protocols popping up left & right, we must remember: You CANNOT just rely on great marketing, awareness, & hype The underlying project, tokenomics, core team & community must be better than the marketing makes it seem Real quality > hype Stay woke degens

October 11th 2020

7 Likes
Twitter avatar for @defislateDeFi Slate @defislate
The team at @AlphaFinanceLab are building some very, very interesting yield farming tools Get the quick 'n dirty nowšŸ‘‡šŸ¼
defislate.substack.com/p/wiretap-wedn…Wiretap Wednesday: Alpha Homora Leveraged Yield Farming (NEW)New token launch $ALPHA and up to 3x yield farmingdefislate.substack.com

October 12th 2020

1 Like
Twitter avatar for @defislateDeFi Slate @defislate
Building on Ethereum is creating a business on something that has significantly less users than other web 2.0 platforms You are taking a relatively large risk because of the small industry size Therefore there is only one solution FULL SEND ITšŸš€

October 12th 2020

4 Likes
Twitter avatar for @defislateDeFi Slate @defislate
DeFi For Dummies #20: How do I find info on uniswap liquidity pools/ROI? You can use:
uniswap.info/home to see volume, liquidity & trades for all pools Also, pools.fyi is great tool to evaluate the ROI of being an LP #DeFiForDummiesPools.fyi | Find the best liquidity poolsReview historical returns for Uniswap liquidity providers and transparent trading activity.pools.fyi

September 30th 2020

1 Retweet1 Like
Twitter avatar for @defislateDeFi Slate @defislate
DeFi For Dummies #23: How do I chart uniswap coins? Use
chartex.pro for any coins that aren't on gecko - they are a tradingview like tool! #DeFiForDummiesHomechartex.pro

October 5th 2020

1 Like
Twitter avatar for @defislateDeFi Slate @defislate
So... if no one is buying $CRV where's the yield coming from?
Image

October 6th 2020

1 Retweet3 Likes

CommentComment
ShareShare

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

Ā© 2022 DeFi Slate šŸ“ˆ
Privacy āˆ™ Terms āˆ™ Collection notice
Publish on Substack Get the app
SubstackĀ is the home for great writing