BlocksInform
On the back of the worst year for crypto hacks and exploits, the crypto community has given some advice to newbie investors going into 2023 — check your smart contract approvals and revoke access regularly.
Reddit user 4cademy posted their advice to the r/CryptoCurrency subreddit on Jan. 1, noting that they had approved a slew of smart contracts over a two-year period and “thought it was time to check my approved smart contracts.”
They found that "almost all" of their approvals involved "unlimited amounts", prompting them to cancel approvals for all smart deals in their portfolio as it was "prevention is better than cure", and it was recommended:
"At a minimum, you should verify your approvals and perhaps revoke them."
The reason to do this, the user said, is that some users of Decentralized Finance (DeFi) or nonfungible token (NFT) protocols could have mistakenly approved malicious smart contracts from phishing attempts that could be lying in wait to steal user funds.
Such ice phishing scams have been successful in the past, with one such elaborate month-long scam involving an offering from a fake film studio leading to 14 Bored Ape Yacht Club (BAYC) NFTs stolen from a single wallet.
Even known contracts of "good conduct" should be revoked because hackers might find feats to steal connected portfolio funds.
The 10 largest exploits in 2022 saw around $2.1 billion stolen mostly from DeFi protocols and cross-chain bridges where attackers found vulnerabilities in existing smart contracts to carry out their heists.
Related: Developers need to stop crypto hackers or face regulation in 2023
The user provided additional guidance by saying "use different portfolios for different purposes" such as having a portfolio that only interacts with smart contracts and having one that doesn't just hold funds.
Users who commented on the publication also suggested that a recurring time period could be planned to revoke all smart contract approvals, for example, the first day of each month or even the beginning of each week.
Others suggested that third-party services could audit and revoke smart deal approvals in a number of channels, including binary (bsc), ethereum, and polygon smart chain.
One user said the "best" tip was to interact with as Not many intelligent contracts as can say "Revoking authorizations is a good practice, but not giving authorizations in the first place is better."
