At the end of the worst year for crypto hacks and exploits, the crypto community has given some advice to novice investors to 2023 – check the agreement of smart contracts and withdraw regular access.
Reddit user 4cademy posted a suggestion to the r/CryptoCurrency subreddit on January 1st, noting that he has approved smart contracts for two years and “thought it was time to review the approved smart contracts.”
He found “almost all” of these approvals were for an “infinite amount,” which led him to withdraw approval for all smart contracts in his wallet because “better safe than sorry,” and suggested:
“You should also review your agreement and possibly revoke it.”
The reason for doing this, the user said, is that some users of the decentralized finance (DeFi) protocol or nonfungible tokens (NFTs) may wrongly approve malicious smart contracts from phishing attempts that can wait to steal user funds.
Such ice phishing scams have been successful in the past, with one elaborate scam of the month involving an offer from a fake movie studio resulting in 14 Bosen Ape Yacht Club (BAYC) NFTs being stolen from one wallet.
Even known “good” contracts should be revoked because hackers can find exploits to take funds from connected wallets.
The 10 biggest exploits in 2022 recorded around $2.1 billion stolen mostly from DeFi protocols and cross-chain bridges where attackers found vulnerabilities in existing smart contracts to carry out heists.
related: Developers must stop crypto hackers or face regulation in 2023
The user gave further advice, saying “use different wallets for different purposes” such as having a wallet that only interacts with smart contracts and another that is not used for the purpose of holding funds.
Users who commented on the post also suggested that they could schedule more intervals to cancel all smart contract agreements, such as the 1st of every month or even at the beginning of every week.
Others suggest there are third-party services that can check and cancel smart contract approvals on several chains, including BNB Smart Chain, Ethereum and Polygon.
One user responded that the “best” advice is to interact with some smart contract, saying “revoking permission is a good practice but not giving permission in the first place is better.”