Caroline Lewis
A Reddit user has cautioned the community that unchecked smart contracts can be potentially hazardous and advised them to frequently revoke approvals.
Following the most challenging year for crypto hacks and exploits, the crypto community has offered guidance to fresh investors entering 2023 -- be vigilant about scrutinizing your smart contract approvals and regularly rescind access.
On Jan. 1, 4cademy, a redditor, posted their advice on the r/CryptoCurrency subreddit. They mentioned that they had been going through and approving smart contracts over the past two years, and were now taking the time to review their approvals.
After they discovered that almost all of their authorization approvals had no limits, they decided to get rid of all the smart contracts in their wallet. Knowing that it was better to be safe than sorry, they advised others to check their authorization approvals and potentially revoke them as well.
The user argued that some users of DeFi protocols or NFTs may have inadvertently authorized malicious smart contracts in the course of phishing attempts, which could put their funds at risk.
Past ice phishing scams have been effective; one long-lasting, sophisticated con from a phony movie studio enabled the purloining of 14 Bored Ape Yacht Club (BAYC) NFTs from a single wallet.
It is recommended that even contracts with a history of "good behavior" be canceled, as hackers have the potential to use the available exploits to steal money from related wallets.
In 2022, 10 of the largest exploits resulted in approximately $2.1 billion stolen, primarily from DeFi protocols and cross-chain bridges. Attackers identified security flaws existing in smart contracts in order to perpetrate their crimes.
The user gave further advice to utilize various wallets for different tasks, such as having one wallet that only deals with smart contracts, and another wallet that is designed only for the storage of funds.
Suggestions from those commenting on the post included setting up regular intervals for revoking all smart contract approvals, for example on the 1st of each month or at the beginning of each week.
Some claimed there were external services that might be utilized to review and revoke smart contract approvals on various chains, including BNB Smart Chain, Ethereum, and Polygon.
One user suggested that it would be best to minimize interactions with smart contracts and to refrain from granting permissions if it can be avoided, declaring that revoking permissions is a beneficial practice, but forbearance is even better.