Coinbase's Trust & Safety team has identified infinite token approvals as a rising threat in the Web3 ecosystem, for example the $11 million LI.FI protocol exploit. While infinite approvals offer convenience, they can pose significant security threats if not managed properly. This blog outlines risks and provides actionable steps to safeguard your assets.
Infinite token approvals allow a smart contract to spend an unlimited number of your tokens without requiring further authorization. This feature streamlines frequent interactions with decentralized applications (dApps), but can leave your assets vulnerable if the approved contract is compromised. Since 2020, over $405 million has been stolen through approval exploits (source: revoke.cash).
An attacker identifies a vulnerability in a smart contract that has been granted infinite approval by numerous users. By exploiting this vulnerability, the attacker can drain an unlimited number of tokens from affected users' wallets. Refer below for a high level flow of this exploit.
To mitigate the risks associated with infinite token approvals, we recommend the following best practices:
Regularly Review and Revoke Token Approvals: Periodically check your wallet for active token approvals and revoke any that are no longer necessary. Tools like Revoke.cash can help you manage and revoke approvals easily.
Use Transaction Previews: When available, use transaction preview features to view the outcome of your transactions before signing. This can help identify suspicious activities or unexpected changes in token balances.
Verify Contract Legitimacy: Verify the legitimacy of a contract or dApp before granting any approvals. Scanning tools like De.Fi can help you identify potential risks and gauge legitimacy. Be wary of unknown or untrusted contracts.
The convenience of infinite token approvals comes with significant risks. By following the steps outlined in this PSA, you can substantially reduce the risk of losing your tokens through compromised approvals. Remember, in the world of Defi, security should always take precedence over convenience.
TL;DR: Coinbase is partnering with Shopify to bring the future of commerce onchain. Beginning in June, consumers can pay with USDC on Base through Shopify Payments, bringing onchain payments to millions of storefronts.
