PSA — Revoke old contract approvals in your wallet
Hey folks, this past week I saw in a discord someone make the statement of how much more it hurt to be hacked/exploited rather than have your $h!tcoin go down to $0. Having both been rugged, a victim of an exploit and having gotten scammed myself, I wholeheartedly agree. If I throw in money crossing my fingers for some low marketcap altcoin promoted by a random influencer to go to the moo but instead it loses -99% — I’m more OK with that than getting an account hacked/exploited. Ultimately I think the latter is by far more painful because it’s like waking up to find out that someone has broken into your house and opened your safe. Even if you did the proper OPSEC, research, and due diligence, it’s heartbreaking and terrifying when someone with enough gumption and resourcefulness still manages to find a way to get in.
Where contract approvals come in
If you’ve been following crypto news last week, there was a contract exploit on Sushiswap that drained more than $3.3 million in $ETH:
For anybody who had approved the contract address 0x044b75f554b886a065b9567891e45c79542d7357 via Sushiswap four days prior to the exploit (April 5th), their $ETH was potentially effected as there was essentially a bug in the contract that allowed the exploit to occur. Thankfully it sounds like some of the funds were able to be recovered, but this unfortunate incident serves as an important reminder that it’s an unnecessary risk to leave approval contracts open, and that your approvals should be routinely checked, if not closed.
How can I check/close my approvals?
There’s a lot of different places where you can check your wallet allowances, but here are perhaps some of the methods that are the most popular…
Revoke.cash
From what I’ve gathered, perhaps the most popular place to see your contract approvals is through revoke.cash:
By following the steps below, you should be able to see all of your wallet’s allowances and be able to revoke them, regardless of what chain:
Pros: Revoke.cash is extremely easy to use, and from what I can tell, it provides an extremely thorough list of whatever your wallet may have interacted with and exactly what type of allowances have been given.
Cons: I would say perhaps maybe the only drawback is that for an untrained eye, it might be difficult for a non-technical person to discern what is what.
De.Fi
Another solid option for assessing your wallet’s risk is De.Fi:
Described as a “Super App,” they have a couple of cool features including a contract/token scanner which can analyze a specific smart contract itself for potential issues, but my favorite (albeit perhaps the most depressing) feature is their REKT Database, which gives a chronological history and detailed description of exploits/hacks that have happened in the past across the entire cryptospace:
Note in the timeline above that starting with the TerraLuna collapse, the cumulative amount value of exploits has skyrocketed over the past year.
Pros: Regardless if you use them to change contract allowances, De.Fi has a lot of great tools and a lot of good information on how to protect yourself in the cryptospace. Furthermore, De.Fi can breakdown what kind of risk it may have identified, and why it may or may not be important to you.
Cons: From what I can tell, in terms of wallet/multi-chain thoroughness, De.Fi wasn’t able to track as many individual allowances as Revoke.cash. Therefore, I’d still be keen on using Revoke.cash to see what De.Fi may have missed.
Etherscan (or whatever chain) scanner
If you’re thinking to yourself that you don’t want to use any service or expose your wallet to any other 3rd party or websites, the last and final solution is probably to go to the source itself. In the case of Ethereum, the simplest way is to check https://etherscan.io/tokenapprovalchecker:
As you can see below, you can see what allowances are present per address, and then you can chose to revoke your allowances if you connect via your Web3 wallet.
In fact, most respective chains have their own Token approval checker such as: Avalanche (https://snowtrace.io/tokenapprovalchecker), Binance Smart Chain (https://bscscan.com/tokenapprovalchecker), Polygon (https://polygonscan.com/tokenapprovalchecker) and so forth, which all act in the same way.
Pros: I consider this to be one of the safest routes to go if you need to revoke a specific allowance, because you won’t have any exposure to any 3rd party websites.
Cons: If there’s a lot of different allowances you need to check on a lot of different chains, this can be quite tedious.
Conclusion
No matter how safe you think a platform/contract might be, it’s probably best to revoke your approvals and allowances if you’re not actively using them. The Sushiswap exploit occurred for those who had approved the contract just 4 days prior, and the Euler Finance exploit that occurred in March despite the fact that they had multiple multiple audits, both serve as a stern reminder of how risky this space really is.
As the world of crypto is ever expanding and reaching into frontiers unexplored, the best that we can do as users is to take every precaution we can in order to try to protect ourselves. Therefore, please go check your own wallets and if you see some approval you made last year on some dead project that you never intend on using again, please revoke!
Thanks for taking the time to read this and once again, be sure to follow me on twitter (https://twitter.com/CryptosWith) to get all my latest updates. Also, looking for a gift for your Crypto-loving/hating friend? Give them a REKT journal to cheer them up!
Disclaimer: None of this information is financial advice, and is just speculation from me, a random guy on the internet. Please consider this for purely educational and entertainment purposes. As always, please do your own research or contact a financial advisor to find what investments might be best for you.
