If you’re a regular DeFi user you’ve probably gone through this cumbersome process a million times. Every time you use a new decentralized application (DApp) you need to give the DApp an allowance for it to spend your tokens on your behalf.
How an allowance looks like on Metamask
To compare it to the traditional world, this process is somewhat similar to when you authorize your utility provider to set up a direct debit allowing it to charge your electricity bill from your bank account on a monthly basis.
However, unlike in crypto, in the traditional world direct debits are only issued to trusted companies that have little incentive to cheat their customers and in the rare occasions they do, customers can dispute the charge and their bank will act as a mediator. In crypto these tools don't exist. Some of the DApps are built by anonymous developers and there are no dispute mechanisms that cheated users can resort to. Once a payment is made on the blockchain it is irreversible.
What is a token allowance and how does it work?
Most tokens on the Ethereum Blockchain like USDC or DAI follow a standard called ERC20. ERC20 tokens are effectively smart contracts, containing different methods like
burn, which when called, allow applications to ‘do things’ with these tokens.
One such method is the
approve method. Any dapp that you want to use needs access to your ERC20 token in order to do something with it. If you want to deposit USDC in Aave for example, you need to first give the smart contract powering the Aave dapp access to your USDC before you can deposit it in a second transaction. This allowance appears in the user interface of your Ethereum wallet and while in theory the amount of the allowance is flexible, most dapps ask for an infinite number by default for the sake of simplifying the UX and minimizing the amount of transactions users have to make to use the application.
The security issue is that most users assume they only approve access for a specific transaction and a specific amount, whereas in most DApps users actually grant access to ALL of their holdings in that specific token for an indefinite amount of time. As a result, if the DApp is vulnerable to a security issue or is rogue to begin with, attackers can abuse these highly excessive privileges to steal ALL of the DApp’s users' holdings for the approved token without any further user consent. They can do so at any point in the future, even years after the DApp was used.
How to protect yourself? The good news is that you can protect yourself against these kinds of threats. In the next section we’ll explore how you can take your security in your own hands if you use a standard Ethereum wallet like Metamask and highlight some wallets that have implemented custom approaches to interact with DApps.
1. How to revoke access to your tokens manually
If you want to revoke your allowances manually, you can do so by using a tool like Token Allowance Checker. These tools allow you to connect your wallet and scan the entire blockchain for you to find all the DApp allowances associated with your Ethereum address. You can then edit the allowance: either set it to 0 to cancel it altogether or set it to a level you feel comfortable with. The change of approval is done by interacting with each ERC20 token contract respectively.
It’s good practice to go through this process periodically and cancel your allowances for DApps you don’t plan to use anymore. Although it will cost you a little bit, as every transaction needs to be settled on-chain, your wallet will thank you in the long-term!
2. How next-generation Ethereum wallets protect their users funds
You can also protect your funds from theft by using one of the many smart contract wallets that have launched. Smart contract wallets have much more flexibility to customize how they interact with other smart contracts. As a result, many of them have implemented custom approaches to handle allowances and improve UX and security.
Native integrations a la Argent
Argent for example is a mobile Ethereum wallet that has integrated a handful of core DeFi applications natively into its app - to let users borrow, earn and trade.
They integrate these DApps at smart contract level and ensure that only the amount requested is approved whenever a user interacts with them. This all happens automatically under the hood so Argent users don’t even know
approve transactions exist.
Argent x Wallet Connect
One drawback with native integrations as seen in Argent is that the approach doesn’t scale. It’s impossible for an app to natively integrate every DeFi protocol. For most users the ones that Argent has integrated are probably enough but more heavy DeFi users use dozens of different dApps on a daily basis and don’t want to be limited to a few.
These users are helped by a standard called WalletConnect which allows users to connect their mobile wallet to a desktop web app and securely sign transactions from their mobile. Argent has customized their WalletConnect integration to allow users to easily set allowances to the amount they want to spend ( and not infinitely more ). Moreover, Argent users can revoke their allowances in one tap in the Argent app when they change their mind about a DApp. Since WalletConnect is supported by most dApps, this feature allows Argent users to explore the full variety of DeFi while enjoying a high level of security.
Batched transactions & Dapp Keys a la Authereum
Another smart contract wallet that handles allowances beautifully is Authereum. Authereum is web based and it is supported by most Ethereum DApps. As a side note, Authereum uses a traditional Email and Password login so you can connect your wallet to a DApp in seconds with a UX that is similar to traditional applications without making any security tradeoffs.
When a user needs to interact with a DApp, Authereum generates a new temporary DApp key to be used for signing transactions in the scope of that particular DApp. The DApp key can only perform a limited number of functions and in addition Authereum performs some sanity checks. If, for example, a request originates from a different domain from where the dapp key was created Authereum can block the transaction or notify the user. Lastly, these DApp-specific keys can be removed at any time in the Authereum wallet.
There are a number of other advantages to batching many transactions into a single transaction. One advantage is that of efficiency — batched transactions save both costs and time. Each transaction on Ethereum costs 21,000 gas as a base fee. A total gas savings of 189,000 gas can be achieved if a user batches 10 transactions at once. Additionally, a user can save time when attempting to send sequential transactions.
The only issue with batched transactions is that DApps need to add some custom logic and UI flows to handle them appropriately. So far only a few DApps like 1nch or Erasure support this transaction pattern but we expect more DApps to follow suit.
Token allowances represent a huge security risk. It is clear that progress needs to be made in this area if we want to improve the user experience and security in the crypto space. Some wallets like Authereum and Argent show the way with their innovative approaches to make DApp interactions more secure. Unfortunately, in many cases these transaction patterns require extra work for DApp developers, which is why it will take time until users can enjoy them across the board.
Standard ethereum wallets which don’t have access to these methods should at the minimum implement a section where users have an overview of their DApp allowances and the possibility to edit them. Tools like Token Allowance Checker are handy but not every user is aware of their existence.