Crypto investor advises revoking smart contract approvals as soon as possible.
A Reddit user has warned of the potential dangers of unchecked smart contracts and has advised the crypto community to revoke approvals on a regular basis.
The user, 4cademy, posted their advice to the r/CryptoCurrency subreddit on Jan. 1, stating that they had approved a large number of smart contracts over a two-year period and decided to check their approvals. Upon doing so, they discovered that “nearly all” of their approvals were for “unlimited amounts,” which prompted them to revoke approvals for all smart contracts in their wallet.
The user explained that some users of decentralized finance (DeFi) protocols or non-fungible tokens (NFTs) could have mistakenly approved malicious smart contracts from phishing attempts that could be waiting to steal user funds. These “ice phishing” scams have been successful in the past, with one elaborate month-long scam involving a fake film studio leading to the theft of 14 Bored Ape Yacht Club (BAYC) NFTs from a single wallet.
Even known “good-behaving” contracts should be revoked, as hackers could potentially find exploits to pilfer funds from connected wallets. The 10 largest exploits in 2022 resulted in around $2.1 billion being stolen, primarily from DeFi protocols and cross-chain bridges where attackers found vulnerabilities in existing smart contracts.
The Reddit user offered further advice, stating that it is a good idea to “use different wallets for different purposes,” such as having a wallet that only interacts with smart contracts and another that is used solely for holding funds.
Other users commented on the post, suggesting that one could schedule a recurring interval to revoke all smart contract approvals, such as on the first of every month or even at the start of every week. There are also third-party services that can check and revoke smart contract approvals across multiple chains, including BNB Smart Chain, Ethereum, and Polygon.
One user even suggested that the “best” advice is to interact with as few smart contracts as possible, stating that “revoking permissions is good practice but not giving permissions in the first place is better.”