Celo is one of the most popular alternative Layer 1 chains for DeFi. With over $140 million in TVL, there are yield farming, NFT, and social dapp opportunities for users to explore. However, while Celo is trusted as a best-in-class network, you must stay vigilant to avoid potential crypto rug pulls across the chain. Like any other permissionless blockchain, you’re only a few clicks away from a phishing scam or honeypot exploit.
One of the most important keys to reinforcing your safety on Celo is understanding the approvals and permissions granted by your DeFi wallet. If you’re auditing your Celo account activity and looking to find a way to remove potentially harmful permissions or token approvals, you’re in the right place.
In this blog, we’ll walk through what Celo token approvals are and how you can audit + revoke them using the free De.Fi Shield tool.
Celo token approvals can go by many names including token permissions, smart contract permissions, token allowances, etc. To be clear though, these are all referencing the same concept: settings within your wallet that allow for dapps to access and move Celo network crypto assets on your behalf.
Examples of this could include a DEX like Ubeswap or an NFT exchange like tofuNFT. When you are interacting with these platforms, the only way for them to fulfill their duties is for you to allow their underlying smart contract to interact with and extract the Celo network assets you wish to use. This is done by signing an approval with your wallet.
In the screenshot below, you can see the process of granting Ubeswap DEX permissions to interact with the UBE tokens on Celo stored within a MetaMask wallet. This token approval uses a specific custom spending cap as well which is a security best practice:
These permissions are incredibly powerful because they allow the smart contract you interact with to have control over your Celo wallet’s funds even if you do not approve a specific transaction. This can lead to a nightmare scenario of losing access to your funds under the following circumstances:
You grant approvals to an untrustworthy smart contract: Token approvals are the main attack vector for crypto phishing scams. If you’ve approved a malicious Celo smart contract to be an unlimited spender of a token, your entire balance will likely be wiped out nearly instantly after the approval is confirmed.
You grant approvals to a smart contract which is eventually compromised: If a contract that you’ve interacted with before has a vulnerability and is hacked, the hackers may find a way to transfer all tokens from users who have previously granted token approvals to the breached contract. An example of this was the infamous Multichain bridge hack:
Multichain, a cross-chain bridge, said that an important vulnerability affecting WETH, PERI, OMT, WBNB, MATIC, AVAX was discovered and fixed. If the user has authorized, remove any approvals of the 6 tokens asap. Otherwise the assets will be at risk. https://t.co/wGIVduM1WR
— Wu Blockchain (@WuBlockchain) January 17, 2022
This is especially dangerous because many dapps prefer to request these unlimited token approvals from users so that they don’t have to call approve() repeatedly. While this is gas efficient, doing so leaves users exposed to a high level of risk.
A common point of confusion for users who are looking to revoke Celo approvals is that they use the “Connected sites” functionality within their wallet instead of a proper revoke permissions tool:
The connected sites feature of web3 wallets like MetaMask is useful because it gives you a quick overview of what sites you’ve connected to in the past. However, it is NOT a replacement for revoking permissions from an app.
Disconnecting a site via these settings will simply limit that site’s ability to see your public address, token balances, and (depending on the specific permissions you granted) ability to initiate a transaction on your behalf (not execute the transaction). It will do nothing regarding limiting the underlying permissions that you’ve granted the app’s smart contract to the tokens within your wallet.
While most web3 wallets will let you manage your app connections, they usually will not let you revoke permissions from smart contracts from within the wallet itself. However, the De.Fi SuperApp has you covered.
As part of our De.Fi DeFi portfolio tracker SuperApp, we make it easy to efficiently monitor and revoke your Celo permissions to keep you safe from potential hacks and scams. Our De.Fi Shield revoke permissions tool is the perfect accessory for safety-conscious web3 users. In addition to Celo, it analyzes your wallet health across 13 of the most popular EVM blockchains.
Sample De.Fi Shield wallet analysis
To get started, simply navigate to https://de.fi/shield and connect your Celo wallet to the De.Fi app. Once connected, Shield automatically runs an analysis of 100+ security detectors for each contract, token, and NFT approval. It will then identify all high-risk tokens and smart contracts and provide a detailed description of potential risks. The whole process happens in only a few seconds.
Once high-risk contracts are identified, you have the opportunity to revoke them one by one or to revoke them all at once:
Choosing to revoke will trigger a pop-up that confirms the action and provides approximate gas fee data for the task:
Hitting “Revoke” once again will then trigger an approval process within your wallet:
After hitting “Approve” the transaction should confirm and you will see a success notification within the De.Fi app:
After that, you’re all set! De.Fi Shield will update with your new and improved wallet health score free of risky permissions:
Ready to get started auditing and securing your Celo wallet? Click the link below!
While it is critical to monitor and maintain your Celo wallet’s token allowances, we also recommend being vigilant and ensuring you don’t interact with risky contracts in the first place. With this in mind, we offer De.Fi Scanner, the most comprehensive free smart contract scanner in web3.
Celo Token Scanner Results for Celo Dollar
Celo DeFi users leverage Scanner to run automated audits on projects, tokens, NFTs, or even liquidity pool contract addresses. Simply enter the contract address you would like to analyze and Scanner will produce a security report in a matter of minutes highlighting any potential risk issues you should be aware of.
Users can also freely access a treasure trove of security analysis via our Audit Database. It’s web3’s largest database of DeFi project audits with over 9000 security reports from blockchain experts. If you’re considering interacting with a DeFi protocol, chances are you can find a security report within our database.
Looking to learn from previous missteps in the world of DeFi? You can also use our famous REKT Database to find the biggest hacks and scams in history. Quickly research and read comprehensive reports from security experts:
Finally, for the latest security news, don’t forget to follow our De.Fi Security X profile. We’ll keep you notified of any security incidents as they happen, giving you the time you need to respond appropriately. Educate yourself and stay safe with De.Fi!
February 23 • 7 minutes
In this blog, we'll walk through what Gnosis token approvals are and how you can audit + revoke them using the free De.Fi Shield tool.
April 19 • 7 minutes
During Q1 2024 ... total losses amounting to $414,875,820 across a range of exploits and security incidents.
April 1 • 10 minutes
Among the many options available, Phantom Wallet has emerged as a popular choice for those in the Solana ecosystem, sparking questions about its safety, legitimacy, and features.
March 22 • 17 minutes
A total of $148,690,165 was lost across various platforms and chains due to diverse exploits.
March 2 • 11 minutes
Celo token approvals can go by many names including token permissions, smart contract permissions, token allowances, etc.
February 23 • 7 minutes
The top three largest governance hacks resulted in $414M in losses over the years
February 12 • 5 minutes
© De.Fi. All rights reserved.
