Following the worst year for cryptocurrency thefts and attacks, the crypto sphere has guided novice investors heading into 2023. Constantly verifying one’s smart contract permissions and withdrawing access is crucial amid these developments. Through a Reddit post, the user advised the community to routinely withdraw permissions in light of the possible risks associated with uncontrolled smart contracts.
4cademy: NFT and DeFi users should watch out for harmful smart contracts
On January 1, the Reddit user 4cademy offered to advise the community of crypto users in the r/CryptoCurrency forum, stating that they had authorized many smart contracts during the previous two years and decided it was time to review their approved ones.
They discovered that “almost all” of their permissions were for “unlimited quantities,” prompting them to withdraw approvals for every smart contract in their wallet since it was “better safe than sorry.”
The user cited the possibility that certain holders of nonfungible tokens (NFTs) or decentralized finance (DeFi) protocols may have unintentionally authorized harmful smart contracts from phishing attempts. They may be waiting to steal user cash as the rationale for doing this.
These types of ice phishing schemes have been influential in the past. One particularly complex month-long hoax involving a proposal from a fictitious film company resulted in the theft of 14 Bored Ape Yacht Club (BAYC) NFTs from a single wallet. Even well-known “good-behaving” contracts should be canceled since hackers may discover ways to steal money from linked wallets.
How to minimize risk working with smart contracts
Around $2.1 billion was taken in total by the top 10 exploits in 2022, primarily via DeFi protocols and cross-chain bridges where thieves used flaws in already-existing smart contracts to do their crimes.
Additional advice from the user included the recommendation to “use separate wallets for different reasons,” for as having a wallet that only interacts with contracts and another that doesn’t and is used for nothing more than storing money.
Another suggestion made by users who left comments on the page was to set up a recurring interval, on the first of every month or even at the beginning of every week, to cancel all competent contract approvals.
Some people said that third-party services, like those from BNB Smart Chain, ethereum, and polygon, could verify and rescind smart contract approvals.
According to another user, the best suggestion was to deal with as few smart contracts as possible. They said that withdrawing rights is good practice, and not granting them in the first place is preferable.