How To Protect Your Tokens From DeFi Attacks
If you’re a DeFi (decentralized finance) user, do you actually know who can access your tokens? Are you sure that the dapps (decentralized apps) and smart contracts you use can’t access an unlimited amount of your tokens? Most importantly, how can you check that?
Numerous dapps and their smart contracts require you to grant access to an unlimited amount of tokens. While it does help you to improve your user experience, one signature is enough for all future transactions.
This also means that buggy, untrustworthy, and exploitable contracts might drain your account at any time. At the same time, there is no such thing as expiring permission yet, one approval will leave your wallet open for good, and there is no easy way to remove it.
As a #Defi user you have given token allowances to plenty of contracts. Those contracts might have bugs or admin keys that can get compromised. In this case those contracts can drain tokens from your wallet at any time!— Martin Köppelmann (@koeppelmann) February 20, 2020
Check and clean your allowances herehttps://t.co/YKKgSmpuP8
Created by Ethereum developer Michael Bauer, Token Allowance Checker is a tool that checks your complete Ethereum transaction history and looks for ERC-20 approvals. Then, it collects all ERC-20 token contracts, as well as spender all addresses approved by you in the past.
Alternatively, you can use Approved.Zone, which does precisely the same.
By presenting all token approvals, these tools allow you to edit or delete the allowance amounts and thus protect you from malicious dapps that could spend tokens without your consent.
DeFi is still a nascent sector and there are many risks associated with smart contract exploits, bugs, and hacks, so be sure to be safe rather than sorry.