Blog

Protect Against Token Approval Risks

Written by Yaar Hahn | Jan 9, 2023 4:52:09 PM

A token approval is a crucial smart contract signature request in DeFi. Understanding the consequences of a token approval request is essential for every crypto user in order to safely transact in DeFi. Today we’ll be breaking down token approvals and how investors can protect themselves from attacks like the $120M Badger DAO hack – which was tied directly to unauthorized token spending.

In the first article of our DeFi transaction series, we introduce the concept of transacting with smart contracts and their role in every interaction we make with a dApp. We recommend reading it before diving into this blog post, as it outlines some key facts on smart contracts and their privileges.

Token Approval and Token Allowance Basics

To carry out a dApp transaction, users must allow a smart contract to access their wallet and spend funds on their behalf, known as a token approval. Users approve the dApp allowance through a token approval smart contract signature request. Once signed, users allow the contract to access their funds and spend on their behalf, also known as a token allowance.

Approval Request

The most straightforward token approval is an approval request, which allows the smart contract to spend a specific amount of tokens on the user’s behalf as part of a specific interaction. For example, a regular swap transaction on Uniswap will ask the user to access their wallet to spend a specified amount of USDC in exchange for ETH.

Increase Allowance Request

A more advanced version of an approval request is an increase allowance request, which essentially gives the contract permission to access more assets, beyond what a regular approval request allows. This request can introduce more risk if misinterpreted, as happened in the Badger DAO hack.

Infinite Approval Request 

To skip signing approval requests as this may become inundating if you’re transacting frequently in DeFi, and paying the resulting gas fees for every single dApp interaction, users can approve token spending once and grant dApps unlimited access to the entirety of their wallet. This infinite approval gives the smart contract access to all token holdings inside a wallet for an unlimited amount of transactions or time. In the event of an attack on the dApp or dApp’s contract, all users can be affected, as the compromised dApp has access to their wallet.

Infinite approvals invite the risk of loss of funds and thus may be considered the most consequential signatures one can provide during a DeFi transaction. Today’s wallets try to mitigate such risks by displaying warning messages for simple spend approvals, but do not provide full coverage against increase allowances or infinite approvals, which can be more consequential.

Spend Approvals with Multiple Key Holders

In an institutional setting, decision-makers are involved in every transaction to ensure appropriate permissions are given and losses are avoided. This means managing the token approvals workflow becomes more challenging. In the past year, we’ve seen hacks that could have been avoided by having proper multi-approval wallets or simply being able to verify a request’s validity.

Badger DAO Case Study

One example of a hack that succeeded through malicious token approval requests is the Badger DAO hack. In this instance, a hacker exploited the dApps front end, requesting users to sign token approvals, that allowed the hacker’s contract to access users’ funds instead of Badger DAO’s smart contract. This resulted in over $120 million of users’ funds being drained in a matter of minutes.

The hack was caused by a bug that allowed the hacker to take over BadgerDAO’s website. The hacker directed victims to sign on a malicious allowance transaction, allowing the hacker to drain the victims’ funds. The hacker waited patiently until a significant amount of allowances were given to them before proceeding to steal the funds - the first victim was a whale holding $50 million worth of tokens in their wallet. They then quickly proceeded to steal another $70 million in assets for a total of $120 million in stolen funds, all sent directly to the hacker’s wallet address instead of BadgerDAO’s smart contracts.

This case highlights the severe incompetence of existing wallet providers in identifying malicious behavior, as well as the fact that many DeFi users aren’t educated enough to understand the consequences of token approval requests. The hack manifested at multiple stages as the hacker implemented an approval request and later changed it to the more nuanced increase allowance request. That change targeted a central vulnerability of most crypto wallets: unlike approval requests, increase allowance requests do not send a message warning users of their consequences, largely because of lacking UI standards. Ultimately, this attack resulted from a combination of a code bug and social engineering that relied on poor security practices for web3 wallets and their users’ education.

Staying Safe in DeFi with Fordefi

At Fordefi, our wallet and security platform helps institutions understand the consequences of each signature and ensures a healthy token approval practice for their organizations. We recently announced our newest DeFi security feature, our native Allowance Manager, enabling institutions with the ability to control their own token approval workflows. 

Fordefi’s Allowance Manager Key Features
  • Ability to set token allowance limits at time of transaction on Fordefi’s browser extension

  • Ability to revoke token allowances on Fordefi’s dashboard

  • Ability to edit and manage all token allowances on Fordefi’s dashboard

  • Ability to set approval workflows for token allowances in Fordefi’s policy engine

  • Ability to set trading workflows for token allowances in Fordefi’s policy engine

Read more about Allowance Manager in our recent blog announcement

Upgrading Your Wallet’s Security

Operating at the forefront of DeFi demands tight security and permission management. The takeaway is clear - institutions and retail users alike, still need new DeFi specific tools in order to safely transact. Crypto wallets should empower users to keep up with the growth of DeFi while keeping their assets safe. That is the reality Fordefi is enabling today, with the first MPC wallet and security platform purpose-built for DeFi. 

In future articles, we’ll continue to dive into other topics that can help organizations run secure crypto operations at the forefront of DeFi. In the meantime, if you’d like to upgrade your DeFi security with Fodefi, contact sales@fordefi.com to book your demo.

---

This article was co-written with support from Yanay Prop, a fintech writer and consultant.