Since smart contract hacks are incredibly common these days, it is important that you set up your own line of defense to minimize risk.
The first thing you can do is limit smart contract approval.
If you have participated in a DeFi protocol then you have already given smart contracts access to spend your wallet’s funds.
By default, the approval is set to unlimited for convenience’s purposes.
This is not a great idea because malignant smart contracts may exploit the default setting to drain your wallet dry.
Page Contents
Smart Contract Hacks in 2021
1. Furucombo
On 27 February 2021, a hacker used a fake smart contract and tricked Furucombo into thinking that Aave v2 had a new implementation.
This caused large wallets with the default setting (unlimited tokens approval) to be drained completely.
This attack resulted in close to $15 million lost for Furucombo users.
2. Cream Finance
2021 is not a good year for the lending protocol, Cream Finance. They were attacked multiple times but it all started when Cream Finance made the mistake of having unlimited approvals in their smart contract.
This tiny error caused the treasury $1.1 million in the first exploit which could easily be prevented with a few clicks on a button.
Why You Should Change the Default Setting on Your Wallet
Manually changing the approved amount for each transaction can cause you an additional transaction fee but doing so will prevent your wallets from being drained in case of a smart contract exploit.
In a nutshell, this limits DeFi protocols’ spending permission so, in cases of attack, your wallet will not be targeted at best… and if an attack does happen, your wallet will not be wiped out entirely.
For more reasons, check out these articles:
To manually change the default setting, follow the step-by-step guide below.
Step-by-step Guide on How to Limit Smart Contracts Approval
One of the most common instances that require smart contract approvals is swapping. In the example below, we will be approving Uniswap token on our Metamask wallet.
Step 1:
- The first time you trade a token on a DeFi project, you will see something similar to the image above
- Click “Approve”
Step 2:
- Click on “View full transaction details”
- Click on “Edit” under Permission
- Simply choose “Custom Spend Limit”
- Enter only the amount you want to trade
Step 3:
- Click “Confirm” and pay the transaction fee.
2 Ways to Limit Approvals from Smart contracts
If you have already given DeFi protocols unlimited spending approvals, there are two options for you.
1. Create a New Wallet
The most straightforward option is to move all your funds to a new wallet address.
Doing so will give you a fresh restart without all the risks accociated with your previous wallet.
2. Use DeFi Portfolio Tracking App
If moving funds out of your existing wallet is not possible then consider using platform such as Zapper.
The platform allows you to track all your DeFi portfolio in one place and more importantly, it allows you to set smart contracts approvals with just a few clicks of your button.
Here is how you revoke unlimited approvals on your Zapper dashboard:
- Click on Settings in the left menu -> Manage under Allowances or go directly here
- Look for any highlighted UNLIMITED allowances and then click the green Revoke button on the right
- Every time you click Revoke the spending limit for that smart contract is set to Zero to protect your wallet and tokens
Credit: How to Revoke Token Allowances on Zapper
2 Tips to Further Protect Your Tokens
1. Use a Hardware Wallet
Hardware wallets such as Ledger and Trezor are made to secure your cryptocurrencies by having private keys that are separated from internet-connected devices.
The private keys are maintained in a secured offline environment so even if your computer is infected with malware, your hardware wallets will not be compromised.
A hardware wallet is a physical device that can be stolen but it is not accessible to the thief if he/she does not have your password.
In the unfortunate case that your hardware wallet is stolen or damaged, you will still be able to recover your tokens if you had created a secret backup code.
2. Use a Separate Browser Profile
If you accidentally installed a malicious extension on your browser, your browser wallets such as Metamask, Yoroi, and Nami may be compromised.
To further improve your security, be sure to create a separate profile on your Google chrome.
Alternatively, you can also use an entirely different browser, such as Brave, solely for blockchain and crypto trading purposes.
Doing so will reduce your risk of a malicious browser extension hack.
Conclusion
The DeFi space is still in its infant stage so be sure to do your research before using any DeFi protocols… especially those that are not battle-tested.
Once your funds are lost in the DeFi ecosystem, it will be close to impossible to recover them.
Stay secure. Stay safe. Always.