Since many people have been surprised by this - a short thread on token allowance - what they are, why they are used, and what hidden danger they create:
1/ First of all it is important to understand how tokens work. Each token has its own smart contract. This contract holds basically a list with all owners of the token. You do not really hold tokens in your wallet - there is just somewhere a token contract that has ...
2/ and entry in it, that associates your address with a balance. Your address is now allowed to call the token contract and transfer the tokens which just means increase the balance of another account in the token contract.
3/ So if you want to trade on a DEX you would think that as a first step you send tokens to the DEX contract and then the DEX sends you other tokens back. However - sending tokens to the DEX would be an interaction that would happen ONLY in the token contact.
4/ Your tx would increase the balance of the DEX but the DEX would not notice. The DEX contract could only at a later point see that its own balance is now higher, but it would not even know from whom the tokens came. So, how it works instead is that in a first tx you...
5/ "prepare" the token and you message it saying "the DEX contract is allowed to take x of my tokens". In another tx you call the DEX and say: "I want to sell x tokens for e.g. ETH". Now the DEX will call the token contract and request x tokens and if this request is approved...
6/ the DEX will send you finally e.g. ETH. A proper DEX contract will only ever request your token from the token contact if you ask it to do it. In that sense it *can* be safe to give allowance to contracts. Since it is a UX annoyance to do 2 transactions for something like...
7/ trading on a DEX many developers have chosen to give a contract UNLIMITED allowance. This means if you do e.g. a second trade here you only have to do one tx. - since you already gave allowance. Again - theocratically this can be safe.
8/ However - many #DEFI project decided to design their contract that the logic can be changed. @0xProject, @compoundfinance, @synthetix_io are just a few larger projects from the top of my head that either still have or used to have "upgrade mechanisms". This means worst case...
9/ that you interacted with such a protocol just once e.g. a year ago and tomorrow their upgrade key get compromised. A hacker could then replace the code of e.g. the DEX with a contract that simply sweeps all the token balance of all accounts that interacted with the contract.
10/ In addition to the upgrade mechanism the contract can also simply have a bug or unexpected behaviour that will make it take your tokens even when you did not ask it to do it.
11/ What are the conclusions?
First - you can protect yourself by checking allowances you gave here: tac.dappstar.io You can remove them. Or, simply move your tokens to a new account - that might be easier/ gas cheaper.
First - you can protect yourself by checking allowances you gave here: tac.dappstar.io You can remove them. Or, simply move your tokens to a new account - that might be easier/ gas cheaper.
12/ Long term this practice needs to change. There have been attempts to create other token standards like ERC777 that offer different interactions that don't necessarily need the extra allowance tx. However - ETC20 network effects are hard to overcome.
13/ An alternative are smart contract wallets (account abstraction) because SC wallets can call multiple different contracts in 1 transaction. This removes the UX argument for setting unlimited allowance. Instead you would only allow what you are planing to spend in this tx.
FIN
FIN
Extra:
1/2 If you are a dapp developer consider using the github.com/gnosis/contrac…
It allows to create a canonical 1/1 @gnosisSafe for an EOA and provides tooling for "batched transactions".
1/2 If you are a dapp developer consider using the github.com/gnosis/contrac…
It allows to create a canonical 1/1 @gnosisSafe for an EOA and provides tooling for "batched transactions".
2/2 This proxy design can also act as a sluice. Tokens are held in the wallet. The wallet gives allowance to the trusted proxy and this gives allowance to a less-/un-trusted e.g. contract. The proxy only held tokens during a transaction to be taken from the target contract.
@0xProject @compoundfinance @synthetix_io check this sheet for more examples:
docs.google.com/spreadsheets/d…
docs.google.com/spreadsheets/d…
