So how do you protect yourself to the utmost while experiencing a variety of new DeFi applications? This article will tell you a way to cancel token authorization.
Goal: Learn how to revoke the Ethereum wallet authorization
Skill complexity: simple
Time: 5 minutes
ROI: priceless (you can protect your tokens)
You may have participated in dozens of DeFi applications and authorized these applications to access your Ethereum wallet funds without your knowledge.
guess what? Unless you can turn off these authorizations, these apps are capable of doing so!
What if one of the contracts is used? Or has this DeFi application turned into a scam? This means that the game is over and you will lose your funds.
But as long as you master some skills, you can protect yourself.
For example, use a new address, or check contract authorization frequently, and remove application contract authorizations that you no longer use or don’t trust.
Good dental hygiene can prevent tooth decay, and good encryption hygiene can help you protect your property.
UniCats stealing user funds
Last month, a liquid mining project called UniCats was launched, and this so-called DeFi project turned out to be a fraudulent project. The deployer used the “unlimited token authorization” permission to steal users’ funds.
When traders deposit funds into this project in pursuit of new revenue opportunities, UniCat developers have obtained more and more token authorization rights until they choose to close the network and start stealing users’ token funds.
As shown in an insightful tweet by researcher Alex Manuskin last month, a UniCat user lost $140,000 worth of Uniswap tokens for authorizing the UniCats contract.
This is a terrible event, and this example is to emphasize: as an Ethereum user, why should you value smart contract permissions.
Therefore, let us learn how to manage your wallet permissions.
How to revoke the Ethereum wallet authorization
Fortunately, the Ethereum community has some very respectable open source contributors who often release some amazing tools, including AlphaWallet’s James Sangalli, who released an open source ETH Allowance tool earlier this year .
We can use this solution to easily revoke token authorization, the process is as follows:
1. Use Etherscan to find the contract you want to cancel.
Suppose you recently interacted with a malicious or inferior project similar to UniCat, and now you want to revoke the authorization, you need to determine the contract address of the project and copy it. Use Etherscan’s “clipboard” button to make this work easy.
2. Visit the ETH Allowance website and you will see the page shown below.
3. Connect your Ethereum wallet (usually, we use the popular MetaMask browser wallet). Once you perform this operation, a list of approved smart contracts will pop up as shown below:
4. Use the “Find” function in your browser to paste and search for the contract address you want to remove. For simplicity, I will simply remove the first address described above, which is associated with OmiseGo’s OMG token. When I click “Cancel”, the system will prompt me to send a cancellation transaction, as shown below:
5. Confirm the transaction. Once the transaction is confirmed, your wallet can avoid the risk of this contract address.
to sum up
Not every token smart contract authorization is flawed. There are many dapps that have passed the test of the market (such as Uniswap) at this point, and authorizing these applications helps us make full use of them.
But in the decentralized ecosystem we live in, we cannot grant this trust to projects that have not been proven or have not been properly audited. This is why we have to deal with the problem ourselves, regularly manage our smart contract permissions, and remove the token authorization that we no longer use or trust.