The biggest thing happening in Ethereum now is Decentralized Finance (DeFi). The primary applications of DeFi are trading, lending, and staking ERC-20 tokens. To use ERC-20 tokens, you need to allow the app you’re using to spend the tokens on your behalf — this is commonly known as the ERC-20 allowance. These allowances help to make the smart contract interaction process easy by allowing users to send money to a contract while at the same time calling a state to reflect the deposit. Although the allowances are essential in the running DeFi space, they can bring unprecedented risks to users if left unchecked.
Is ERC-20 allowance necessary?
So, if malicious actors can take advantage of the ERC-20 to steal money from your account, do you really have to enroll for the ERC-20 tokens? To get more insight into this risk vector, we explain how ERC-20 allowances work and why it might be difficult to do away with it as a trader.
Upon your first interaction with a DeFi space, you will be required to permit the decentralized application to access your wallet and spend funds, mostly Ether or a stable coin such as the Tether.
Ordinarily, the permission is unlimited to enable traders to skip the approval step every time they execute a transaction. It is anticipated that the DeFi platform will only deduct the amount preset by the trader.
In some cases, though, abnormal activities can happen. In fact, they have happened several times in DeFi platforms. In such cases, you may end up losing funds from your wallet.
Real-world ERC-20 allowance risks
For the longest time, the risk of unlimited ERC-20 has been theoretical with no real-life examples to back the fears. But as more and more platforms started using unlimited allowances, people or systems that take advantage of the tokens were bound to appear.
Bug exploits
In June 2020, the Bancor network suffered a bug that exposed its users’ wallets. In this case, the function that executes the ERC-20 was mistakenly exposed to the public, which allowed any person to execute it and deduct users’ ERC-20 tokens.
Well, you definitely must consider the ability of your crypto platform to keep your funds secure and possibly white-hat hack hackers to contain any damage or loss of funds.
Malicious projects
Investors sometimes lose their funds because of engaging in scams or fraudulent projects. Often, people try to control possible losses by investing only small amounts, but the wallets are entirely at risk because of unlimited ERC20 allowances.
Oh, and there are instances where project developers themselves steal from their customers. A case in point is UniCats, where developers drained Uniswap tokens without express instructions from the customers.
A way forward?
First, you may consider reviewing existing unlimited ERC-20 allowances in your wallet. You can then opt-out/revoke or minimize the number of such allowances.
Second, in your first interaction with the DeFi project, go for custom spend limits where you will need to approve every transaction. Simply put, say no to unlimited ERC-20 tokens.
Times are changing. However, with the current de facto standards in use in the DeFi space, users have to find ways to safeguard their wallets and manage the dangers associated with this vulnerability.
Don’t lose your mind on this; of course, don’t risk losing your funds. The IFXI platform is built for you — helping you buy, swap, and trade crypto in a secure and most reliable way. Your Friendly Crypto Exchange makes it easier for you to walk the path towards financial freedom. Register on IXFI today.
Disclaimer: The content of this article is not investment advice and does not constitute an offer or solicitation to offer or recommendation of any investment product. It is for general purposes only and does not take into account your individual needs, investment objectives and specific financial and fiscal circumstances.
Although the material contained in this article was prepared based on information from public and private sources that IXFI believes to be reliable, no representation, warranty or undertaking, stated or implied, is given as to the accuracy of the information contained herein, and IXFI expressly disclaims any liability for the accuracy and completeness of the information contained in this article.
Investment involves risk; any ideas or strategies discussed herein should therefore not be undertaken by any individual without prior consultation with a financial professional for the purpose of assessing whether the ideas or strategies that are discussed are suitable to you based on your own personal financial and fiscal objectives, needs and risk tolerance. IXFI expressly disclaims any liability or loss incurred by any person who acts on the information, ideas or strategies discussed herein.