Why use Token Approval Protection
What is token approval ?
If you ever performed a sell transaction on a Decentralized Exchange, you know that you need to perform an approval transaction first. This is required because the DEX smart contract needs to be able to retrieve the tokens you are selling from your balance, hence you “approving” the DEX to spend X amount of tokens from your balance.
Token approval is not only used in conjunction with Decentralized Exchanges but also with a diversified set of other applications that require to “manage” your funds: custodian solutions, staking smart contracts, lending protocols, just to name a few.
Why do I need protection for token approval ?
Scammers and hackers are frequently using phishing tactics to deceive the users into thinking they are approving the correct spender where in fact they are giving control of their funds to malicious actors that have only one objective – to steal their funds.
Apart from general phishing attacks and spear-phishing where attackers have in-depth knowledge about your intention to use a specific platform (i.e an upcoming IDO you may be interested in), there is always an inherent risk of legit platforms being hacked. For example, the source code of reputable platforms can be poisoned with malicious spender addresses, and even if you are double checking the URL etc., the malicious code will trigger your wallet into approving the hacker’s address, thus giving them complete control over your funds.
How risky is it?
The consequences of being a token approval attack victim are pretty high – if you don’t move the funds or if you don’t disapprove a malicious address right away after noticing you’ve been hacked, there are high chances you’ll lose all your funds.
If you want to evaluate your previous approvals you can use Etherscan’s online tool to cross check if there are any suspicious approvals. The tool also offers a quick way of disapproving any spender address.
How can I protect myself?
OMNIA RPC has integrated real-time checks that are performed for every transaction that flows through its systems, thus is able to detect in real-time if you are approving a malicious address. In case this happens, it will drop the transaction to pre
Go to dashboard app.omniatech.io and generate your private endpoint for the chain & network you want. At the subscription customization step, check the Token Approval Protection checkbox.
Apart from that, our general recommendation is to avoid approving addresses with the MAX value as you’re exposing yourself to third-party risk if those platforms will ever be hacked. The best practice is to approve exactly what is going to be used in the next transaction.
We are aware that there is always a trade-off between user experience and security, therefore if you are performing multiple operations in a short period of time it’s better to approve an estimated spending cap for the next few operations.