All Articles
All Articles

Presenting the new De.Fi Safe ‘Risky Contract Manager’ for revoking token allowances

Table of Contents

Which DeFi projects should you trust?

More specifically, how can you be sure that a project’s developers have not written their smart contracts in a way that will allow them to run off with your funds at a later date?

The obvious answer is to read the contracts, which are publicly available as open-source code, to find out for yourself. Unfortunately, the vast majority of DeFi users do not know Solidity, the language these contracts are written in, and therefore cannot check them to find vulnerabilities.

Until now.

De.Fi Safe’s new Risky Contract Manager is a totally unique and revolutionary solution that allows all DeFi users, whether you know Solidity or not, to identify smart contract issues and revoke token allowances from risky ones.

Table of Contents

  1. How revoking token allowances keeps you safe
    1. How to use the Risky Contract Manager
    2. Understanding the tool’s risk assessment metrics
    3. How colors are used in the tool to signify risk
    4. Access the tool and tell us what you think!

How revoking token allowances keeps you safe

We all know the disastrous effect that trusting the wrong smart contract can have, with scams, hacks and rug pulls causing DeFi users to lose millions.

One of the most common attacks that has been used by scammers involves exploiting users who had exposed themselves to unlimited token allowances. The issue occurs when users interact with a smart contract and are asked to confirm the amount of tokens they want to deposit. At this stage, many DeFi apps will request an unlimited allowance from the user.

Confirming unlimited allowances can make sense but only if you fully understand the project you are giving these permissions to and only if you have a clear understanding of the risks involved. It can make for a better user experience in some cases, because it means DeFi users do not have to approve each deposit they make to a smart contract they trust.

Unfortunately, lots of DeFi users simply confirm the request for unlimited allowances without proper scrutiny, which leaves them open to attack. This was the backstory to a number of well known attacks, including the famous Unicat ‘Meow’ that occurred in the DeFi summer of 2020.

Essentially, the Unicat project sought to build on the popularity of the Uniswap project, which is not affiliated to Unicat in any way. Unicat offered staking and liquidity provision rewards to yield farmers who deposited their UNI tokens in the project’s smart contracts. Unicat then decided to rug pull, draining UNI tokens from its staking and liquidity provider contracts. As some users had confirmed unlimited allowance for the Unicat smart contracts, they lost all their funds.

This type of problem, where a user has unknowingly confirmed unlimited allowances for certain smart contracts and left themselves open to losing funds, is exactly what the Risky Contract Manager helps you to avoid. It analyzes whether a smart contract is risky or not and then notifies you so you can quickly and easily revoke allowances.

How to use the Risky Contract Manager

Unfortunately, it’s still very common for users to trust popular projects way too much. They assume that a project built by a well-known team has a smaller chance of being hacked. The problem with this approach is that our security research has led us to realize that even well-known DeFi services may represent serious risks to user funds.

For this reason, all contracts must be verified carefully before depositing any large amounts into them. However, users don’t have the time or the skills to read smart contract code and find any potential vulnerabilities.

This is why we have developed the Risky Contract Manager, which is capable of analyzing approved smart contracts and providing in-depth information about any vulnerabilities within them. The tool can be used by anyone with MetaMask, Coinbase Wallet, WalletConnect, Authereum or Torus installed.

Below, you can see a screenshot of what you can see when you’ve connected a wallet.

All information related to approved contracts is shown on the dashboard, so a user can access all the critical details in one place.

The tool divides smart contracts into three distinct groups:

  1. High Risk (Red)
  2. Medium Risk (Orange)
  3. Low Risk (Green)

The number of contracts within each group is shown and you can easily cancel high risk and medium risk contracts by clicking on the blue ‘Decline Contracts’ button. All these details regarding risk groups and declining of contracts are shown in the image below.

You can also apply filters using the ‘Approved Contracts’ section. This allows you to easily find smart contracts by time period.

By triggering the ‘Include Zero Allowance’ button as a filter, you will see smart contracts that can withdraw 0 resources from your balance and are therefore not going to affect your assets.

It is important to mention that the dashboard provides security assessment information from external sources, like Certik. This allows you to get a better understanding of any and all underlying problems related to a particular contract.

All trust scores range from 1 to 100. The higher the trust score, the higher the smart contract’s security. An example of an individual smart contract’s ratings can be seen below.

Further down, in the middle and lower sections, you will see a more detailed overview of approved contracts associated with a set of specific services. It is here that you can manage or change Allowances and revoke permissions. This extra detail is shown in the image below.

To manage the Allowance of a particular contract, click on the arrow and, under the ‘Actions’ menu, choose the ‘Update’ button. This can be seen in the image below.

Then, in the pop up menu, simply enter the desired amount and choose ‘Update allowance’, as shown in the image below.

Understanding the tool’s risk assessment metrics

Our team has developed a set of specific checks that the algorithm pays attention to. Currently, there are 11 checks but there will be more as we develop the tool further in future.

In the table below, you can see the name of all the metrics with a short description of what each metric means in terms of smart contract analysis.

How colors are used in the tool to signify risk

Colors are used throughout the tool and its dashboard to give you a quick and easy way of assessing risks.

In the table below, you will see the colors used, the risk sentiment conveyed by each color and a short description of what this risk sentiment tells you about the underlying smart contract.

Access the tool and tell us what you think!

You can use the new De.Fi Risky Contract Manager by visiting de.fi/shield and connecting your wallet.

If you do, make sure to let us know what you think, either on social or within the De.Fi community on Telegram.

Check our guides:

Solana Network Ultimate Yield Farming Guide [Infographics]
Fantom Network Ultimate Yield Farming Guide [Infographics]
Huobi ECO Chain Ultimate Guide for Yield Farming
Polygon Network Ultimate Guide for Yield Farming
Binance Chain Ultimate Guide for Yield Farming

Check our latest announcements and articles!

And join us on twitter and telegram!

Good luck in farming!

More from De.Fi

CoinMarketCap Alternative: The De.Fi SuperApp

As cryptocurrency has continued to grow in popularity, so too has the need for strong tools that can effectively track market data, monitor portfolios, and keep individuals abreast of trends.

© De.Fi. All rights reserved.