Yesterday’s Socket hack, which saw $3.3 million drained from users with active token allowances for the cross-chain bridge, stands as another painful reminder that security and wallet hygiene are critical elements of navigating Web3.
To use any decentralized app, token allowances must be issued and approved — a process where the user grants permission to the dapp they are interacting with to essentially spend tokens on their behalf. For example, when swapping USDC for UNI, I set a token allowance to permit Uniswap to spend my USDC to buy UNI. The ‘approve’ function sets this spending limit, while the ‘allowance’ function reveals how much a dapp can use from your wallet.
Once you grant these permissions, they will remain active until the line is cut, potentially acting as a backdoor for hackers if they gain access to a faulty smart contract. To be safe, it is wise to revoke these permissions once done using the dapp — a process that can be done through tools like Revoke Cash.
Revoke Cash is a simple-to-use tool, with support across 60+ networks, designed to manage and revoke these token approvals.
To use Revoke Cash, simply:
1️⃣ Go to https://revoke.cash/
Once here, enter your wallet address or ENS name into the site’s search bar or connect your wallet directly to begin managing your token allowances.
2️⃣ Select Your Network
After connecting your wallet, choose the network for which you want to review token approvals. Revoke Cash will default to Ethereum.
3️⃣ Review Your Token Approvals
Once you select a network, all token approvals linked to your wallet on that network will be displayed. If you’re concerned about a recent approval, sort them from ‘Newest to Oldest’ to quickly spot shady ones. You can also search by the approved spender’s address if you know what you are looking for. In the case of Socket, this would be: 0x3a23f943181408eac424116af7b7790c94cb97a5
4️⃣ Revoke or Adjust Approvals
Identify any suspicious approvals and click ‘Revoke’ to cut them off. If you want to just limit access, click the pencil icon to adjust the approved amount.
This is the frontier, and sadly, we should be prepared for these exploits to continue to happen.
That being said, using tools like Revoke Cash to practice good wallet hygiene and being careful about what dapps you interact with (i.e. Are they vetted or not) are essential practices to avoid these pitfalls wherever possible.
Stay vigilant out there! 🫡
Read More: www.bankless.com