EOS is one of the most flexible blockchains for developers and users alike. While this is so critical for developing robust dApp user experiences, its relative complexity can also lead users to sign transactions they otherwise shouldn’t be signing. We’ve seen many people claim they were the victim of alleged phishing or malware attacks since the launch of the EOS blockchain. The result is usually the owner and active key pairs are changed on an account by the attacker and the user’s tokens are liquidated.
Permissions, Permissions, Permissions
Permissions management is one of the most robust features of the EOS blockchain. In EOS, the 12 character account name is the most important asset and is the thing to which tokens are tied to. This is unlike Bitcoin, where the public key essentially serves as one’s account. Essentially, this difference creates the ability to manipulate keypairs by creating, deleting, or modifying them without affecting token custody.
What one can end up with is a list of custom permissions with linked actions. This allows for very granular control over who can do what with any key pair. Let’s take a look at EOS New York permissions as an example:
Because we’ve organized our permissions this way we can interact with the EOS blockchain in many ways relatively risk-free.
Creating Custom Permissions is Not Good UX
Creating a custom permission is relatively easy to do and is a great way to keep your account secure. If the custom permission’s private key is compromised, the attacker can only do whatever it is that the permission itself is authorized to do. While the benefits are great for an organization, this is a pain for the normal user because they can no longer seamlessly switch between applications without switching permissions as well. Who would want to do this for every dApp they interact with? No one, because it breaks UX.
This is not to mention the fact that many dApps hardcode the Active permission as the required permission to use their dApp. So, even if one creates a custom permission, the dApp will only accept Active anyway.
With the creation of a single permission, you will make your account safer and exponentially more difficult to become a victim.
Your EOS Account in Safe Mode
WARNING: Before you begin please understand that modifying permissions on your EOS account can have irreversibly negative results if done incorrectly. Please pay attention, write down keys, double-check everything.
We now understand that creating a custom permission to whitelist every action you want to do is not a good UX. What if, instead of creating a new permission that whitelists, we create a new permission that blacklists instead?
In short, we are going to create a sibling permission to
Active using the
owner permission and call it
safemode. Then, we will
undelegatebw to this new permission. This will make it impossible for your Active key to unstake your EOS. So long as your Owner and Active keys are different, even if you were to give away your Active key to an attacker they will not be able to unstake your EOS tokens and liquidate them. You can continue to add actions to this permission that you wish to blacklist from your Active key. This permission should then be stored in the same way that your Owner permission is stored, safely offline.
- Ensure Active and Owner keys are different from one another
- Use Owner Permission to create new child permission called
- Reset Owner Permission and store offline (consider Owner key a single-use key for security reasons)
- Stake the amount of EOS you want “kept safe”, leaving some liquid in your account to enjoy as you see fit.
- Enjoy your new account in Safe Mode
Step 1: Ensure Active & Owner Keys Are Different
Please see this guide we created in order to safely manage your Owner and Active Keys. If your keys are already different then you’re all set to move on.
Step 2: Create Safemode Permission
- Generate a key pair for the new permission. We recommend EOS Key, but most wallets will have a keypair creation tool. Please note, you should write this key down and store it offline in a safe place. This key will be able to unstake your EOS.
- Log into Bloks.io via your Owner Key and go to Wallet → Permissions Manager
- In permission name write: “safemode”
- In parent write: “owner”
- In keys write: [YOUR KEY]
Step 3: linkauth undelegatebw to safemode Permission
- Open link/unlink auth in the List of Tools sidebar in your wallet on Bloks.
- In permission enter: “safemode”
- In contract name enter: “eosio”
- In contract action enter: “undelegatebw”
- Click Link Auth button.
Step 5: Stake The Amount of EOS You Want to Lockdown
You can use your Active key with your normal wallet to complete this function. Please note that you will not be able to unstake your EOS with your Active key and must use your Safemode key to do so. Your Safemode key cannot do anything else besides unstake.
Step 6: Change Your Owner Key After Using
This is not a required step but it is a best practice. Think of your Owner Key as a one-time use item. Once you use it, you should reset it and store it securely offline. Please see this guide for managing Owner and Active Keys
Step 7: Enjoy
If you try to unstake your EOS with your Active key then it will fail. If an attacker obtains your Active key he or she will not be able to take the EOS you’ve staked, only the EOS that remains liquid. To prevent this or any other action you can continue to add actions to the
safemode permission such as: specific dApp token transfers, selling REX, EOS token transfer, etc.
If you wish to remove this permission, it can be deleted by logging into Bloks with your Owner Permission and deleting
safemode from the Permissions Manager tab.
Please note: this method will not work for
canceldelay actions. These actions are treated specially in EOS and are linked to every permission by default.
Your account is now in Safe Mode! While you are more protected now than you were, please note that you should always be aware of what you’re signing. This does not give you a license to be careless, but it does give you extra security. For even more security, please visit https://eosmetro.io and enter in your e-mail to be notified when the EOS Metro, the easiest to use Hardware Key for EOSIO, is released.