ViaWalletViaWallet Academy|What Is Zero-knowledge Proof?
Zero-knowledge proof is a general-purpose technique for enabling private transactions and data compression, and is one of the most common cryptographic schemes in the blockchain space. Dating as far back as the 1980s, zero-knowledge proof allows an individual to prove possession of a specific piece of information without revealing it, thereby verifying the information without compromising privacy. We can explain zero-knowledge proof with a classic example: If Alice wants to prove to Bob that ...
ViaWalletViaWallet Academy|SocialFi: All-New Social Networking in Web3
Web3 is often referred to as the next generation of the Internet, and crypto wallets are considered the gateway to the world of Web3. To fully prepare you for a Web3 adventure, ViaWallet has introduced a series of Web3 know-how articles, illustrating the current status and future development of the Web3 industry. In the Web2 era, social networking is one of the greatest demands of Internet users. According to Statista, as of January 2023, a total of 5.16 billion people around the world are us...
ViaWalletViaWallet Academy|Reflecting on Friend.Tech: A New Stage of SocialFi
Web3 is often referred to as the next generation of the Internet, and crypto wallets are considered the gateway to the world of Web3. To fully prepare you for a Web3 adventure, ViaWallet has introduced a series of Web3 know-how articles, illustrating the current status and future development of the Web3 industry. In our previous article, SocialFi: All-New Social Networking in Web3, we discussed the emergence of SocialFi and the problems it aims to address. As Friend.Tech, a social application...
A Crypto Wallet with Multi-chain Support
ViaWalletViaWallet Academy|What Is Zero-knowledge Proof?
Zero-knowledge proof is a general-purpose technique for enabling private transactions and data compression, and is one of the most common cryptographic schemes in the blockchain space. Dating as far back as the 1980s, zero-knowledge proof allows an individual to prove possession of a specific piece of information without revealing it, thereby verifying the information without compromising privacy. We can explain zero-knowledge proof with a classic example: If Alice wants to prove to Bob that ...
ViaWalletViaWallet Academy|SocialFi: All-New Social Networking in Web3
Web3 is often referred to as the next generation of the Internet, and crypto wallets are considered the gateway to the world of Web3. To fully prepare you for a Web3 adventure, ViaWallet has introduced a series of Web3 know-how articles, illustrating the current status and future development of the Web3 industry. In the Web2 era, social networking is one of the greatest demands of Internet users. According to Statista, as of January 2023, a total of 5.16 billion people around the world are us...
ViaWalletViaWallet Academy|Reflecting on Friend.Tech: A New Stage of SocialFi
Web3 is often referred to as the next generation of the Internet, and crypto wallets are considered the gateway to the world of Web3. To fully prepare you for a Web3 adventure, ViaWallet has introduced a series of Web3 know-how articles, illustrating the current status and future development of the Web3 industry. In our previous article, SocialFi: All-New Social Networking in Web3, we discussed the emergence of SocialFi and the problems it aims to address. As Friend.Tech, a social application...
A Crypto Wallet with Multi-chain Support
Subscribe to ViaWallet
Subscribe to ViaWallet
<100 subscribers
<100 subscribers
Share Dialog
Share Dialog
DeFi has been regarded as one of the biggest crypto innovations ever since its birth. According to DefiLlama, the Total Value Locked (TVL) of DeFi peaked at $180 billion in December 2021, and the figure is still well above $40 billion despite the current crypto bear. That said, as DeFi went viral, it has suffered frequent security scandals. In particular, the excessive authorization of contracts is the most frequently mentioned security risk.
Users of NFT marketplace Opensea received phishing emails in February 2022, which led to the hacking of mainstream NFTs worth over $4 million; this October, Transit Swap, a fast swap platform was hacked, resulting in a loss of $28.9 million in funds. Both incidents are related to contract authorization.
Contract authorization is an essential requirement of most DApps, and the contract will not be able to call the relevant assets if no authorization is given, which means that the DApp cannot help you swap or stake your tokens.
Although many users believe that their authorization is granted only for a single transaction, developers tend to set the default authorized amount to “Unlimited” in order to avoid repeated authorizations, saving both Gas and time. However, that default setting raises security concerns: If there’s a malicious developer, or if a vulnerability of the contract is exploited, the attacker would be able to transfer users’ tokens without having to get any consent.
ViaWallet now allows users to customize the spend limit of DApps to help users protect their assets and prevent large asset losses, and users can adjust the authorized amount when granting authorizations to third parties.
For instance, when swapping USDC into USDT in PancakeSwap, we first need to grant USDC authorization to PancakeSwap’s contract before the swap, and the authorization window will pop up once we click on “Enable USDC”.
At this point, if you are using ViaWallet, you’ll notice a clear sign reminding you that the authorization will allow the contract to transfer USDC from your wallet, and you’ll be advised to examine if the link is trustworthy to prevent asset theft through malicious contracts.
On the Request Permissions page, we can tell that the spend limit is “Unlimited USDC”. For security concerns, the token amount authorized should be minimized. More specifically, we can click on Spend Limit and change the figure to the exact amount required for the transaction.
Apart from setting a small spend limit, we also advise users to withdraw their authorizations regularly to keep their assets secure. Below are some of the common blockchain explorers that allow users to revoke their authorizations. After connecting your wallet with one of these explorers, you can check your authorizations like spend limits and revoke them as needed.
Revoke authorization on ETH: https://etherscan.io/tokenapprovalchecker
Revoke authorization on BSC: https://bscscan.com/tokenapprovalchecker
Revoke authorization on Polygon: https://polygonscan.com/tokenapprovalchecker
Revoke authorization on AVAX: https://snowtrace.io/tokenapprovalchecker
Revoke authorization on HECO: https://www.hecoinfo.com/en-us/tokenapprovalchecker
When using products such as crypto wallets and exchanges, asset security is the No.1 concern. Going forward, ViaWallet will continue to enhance its security performance, build multiple shields, and help users manage their cryptos in a secure manner.
Follow ViaWallet for the latest news:
Website: https://viawallet.com/ Twitter: https://twitter.com/ViaWallet Medium: https://medium.com/@ViaWallet Blog: https://viawallet.com/blog Mirror: https://mirror.xyz/0x3C8D834f1B8C066796EA63Fa0F9DC72378bfCc22
DeFi has been regarded as one of the biggest crypto innovations ever since its birth. According to DefiLlama, the Total Value Locked (TVL) of DeFi peaked at $180 billion in December 2021, and the figure is still well above $40 billion despite the current crypto bear. That said, as DeFi went viral, it has suffered frequent security scandals. In particular, the excessive authorization of contracts is the most frequently mentioned security risk.
Users of NFT marketplace Opensea received phishing emails in February 2022, which led to the hacking of mainstream NFTs worth over $4 million; this October, Transit Swap, a fast swap platform was hacked, resulting in a loss of $28.9 million in funds. Both incidents are related to contract authorization.
Contract authorization is an essential requirement of most DApps, and the contract will not be able to call the relevant assets if no authorization is given, which means that the DApp cannot help you swap or stake your tokens.
Although many users believe that their authorization is granted only for a single transaction, developers tend to set the default authorized amount to “Unlimited” in order to avoid repeated authorizations, saving both Gas and time. However, that default setting raises security concerns: If there’s a malicious developer, or if a vulnerability of the contract is exploited, the attacker would be able to transfer users’ tokens without having to get any consent.
ViaWallet now allows users to customize the spend limit of DApps to help users protect their assets and prevent large asset losses, and users can adjust the authorized amount when granting authorizations to third parties.
For instance, when swapping USDC into USDT in PancakeSwap, we first need to grant USDC authorization to PancakeSwap’s contract before the swap, and the authorization window will pop up once we click on “Enable USDC”.
At this point, if you are using ViaWallet, you’ll notice a clear sign reminding you that the authorization will allow the contract to transfer USDC from your wallet, and you’ll be advised to examine if the link is trustworthy to prevent asset theft through malicious contracts.
On the Request Permissions page, we can tell that the spend limit is “Unlimited USDC”. For security concerns, the token amount authorized should be minimized. More specifically, we can click on Spend Limit and change the figure to the exact amount required for the transaction.
Apart from setting a small spend limit, we also advise users to withdraw their authorizations regularly to keep their assets secure. Below are some of the common blockchain explorers that allow users to revoke their authorizations. After connecting your wallet with one of these explorers, you can check your authorizations like spend limits and revoke them as needed.
Revoke authorization on ETH: https://etherscan.io/tokenapprovalchecker
Revoke authorization on BSC: https://bscscan.com/tokenapprovalchecker
Revoke authorization on Polygon: https://polygonscan.com/tokenapprovalchecker
Revoke authorization on AVAX: https://snowtrace.io/tokenapprovalchecker
Revoke authorization on HECO: https://www.hecoinfo.com/en-us/tokenapprovalchecker
When using products such as crypto wallets and exchanges, asset security is the No.1 concern. Going forward, ViaWallet will continue to enhance its security performance, build multiple shields, and help users manage their cryptos in a secure manner.
Follow ViaWallet for the latest news:
Website: https://viawallet.com/ Twitter: https://twitter.com/ViaWallet Medium: https://medium.com/@ViaWallet Blog: https://viawallet.com/blog Mirror: https://mirror.xyz/0x3C8D834f1B8C066796EA63Fa0F9DC72378bfCc22
No activity yet