web互联网时代打造了信息高速公路,逐渐接管各个行业,成为我们日常生活无法离开的虚拟世界,然而传统互联网却没有创建好价值传输的高速公路,相反是被各个巨头在各自领域垄断流量,在价值创造者和终端消费者之间筑起高墙,web3正在带着我们即将冲破枷锁,夺回属于我们的数据权利。
但是目前还早,早期的极客和小白们涌入web3的丛林世界,却没有带好装备,在FOMO以及撸羊毛的情绪带动下,大家热情的参与空投airdrop和铸造mint,殊不知这里有个巨大的风险,一不小心就被黑客无情的收割,这篇文章就是给大家提供装备,避免不必要的损失。
Web3 gives you ownership of your digital assets in an unprecedented way. For example, say you're playing a web2 game. If you purchase an in-game item, it is tied directly to your account. If the game creators delete your account, you will lose these items.
Driven by the FOMO mode, a lot of people participate in airdrops or delegates without safety mindset, prone to lose all the moeny in malicious Dapps interactions, it's time to gear up.
security-centric projects: Fire, Wallet Guard, Pocket Universe, and Webacy. OpSec, short for Operational Security, involves procedures and actions taken to protect sensitive information.
One of the most common threats, phishing attempts to trick you into sharing sensitive info. Always double-check URLs and be skeptical of unsolicited communications
# 防御准备:三个钱包 Three Wallets For Success & Safety
也许你见过一些漂亮的流程图表建议使用 5到7 个以上的钱包, 实际上三个钱包是足够合理的。
You'll see some beautiful flow charts and infographics that suggest 5 or even 7+ wallets. However, we think the risks mitigated with these models are too few to justify their cognitive expense. You're more likely to get confused and have “transaction anxiety” than feel any safer with 7 wallets! So let's keep it simple, where should we start? I should start off by saying that all of these wallet addresses can, and probably should, be from the same hardware wallet.
"铸造"钱包地址 这个钱包里面放最少的钱,并且不要放任何有价值的NFT,当你访问一些“不受信任的网站”比如一些非主流的网站或者某个新项目的空投时就用这个钱包,一旦这个钱包中的某些资产变得有价值,您就可以将其发送到下面两种钱包之中安全保存!
The Mint Wallet Address This is a wallet address where you go to “untrusted sites” with. Got a new degen mint coming up? Use the Mint Wallet. A friend suggest you mint a new project? Use the Mint Wallet. So what is it? A wallet that you only use on untrusted sites that keeps a very low amount of money in it, and nothing valuable. The second the assets in the minting wallet become valuable, you then send it to one of the other two wallet types (described below) for selling or safe keeping!
The idea here is that you have low-trust operations being done from the wallet with the least amount of assets to lose. You can be a little bit more reckless with a wallet that only has 0.1ETH in it, than a wallet that has everything you own!
出售钱包/书签钱包地址 这个钱包用来访问一些“主流”网站如: Opensea、Looksrare、x2y2、Foundation 或您信任的任何其他已经存在很长时间的网站,通常我们会将这些网站放到书签bookmark中,所以也可以将这个钱包称为“书签钱包”,换言之,这个钱包你平时就只访问书签中保存的网站。
The Sell Wallet/Bookmark Address Sites that are tried and true, like Opensea, Looksrare, x2y2, Foundation, or any other sites that have been around a long time that you trust, are usually where this wallet sticks to. I like to refer to this wallet as the “Bookmarks wallet”, as all the sites that you go to with this, should be bookmarked!
In This wallet you should:
- Only make Approvals to trusted platforms
- Only make Signatures on trusted platforms (unless they are simply identity signatures as described here).
And You should never: Make any transactions on non-bookmarked and trusted sites.
保险箱钱包地址 保险箱钱包是一个简单的概念:将您不打算出售的高价值资产(但可能仍想安全地验证您的所有权)保留在这里。 此外,您应该限制在此钱包上进行的交易类型(尽量不要进行任何智能合约的交互)。
- 比特币,尽量使用冷钱包,隔绝互联网,我之前的文章讲过冷热钱包的交互方法。
- 以太坊,跟比特币相比还有一个特别的办法,就是钱包中可以不放ETH只存放NFT,这样没有gas费就无法进行任何交易了(不过也不是绝对的,前面提到的第二种签名方式下可以授权其他合约进行操作,这种情况下只要refuel一下也能盗取)
The Vault Wallet Address The Vault Wallet is a simple concept: Keep your high value assets that you don't plan on selling (but may still want to verify your ownership safely) here. Also, you should limit the transaction types that you do on this wallet. The idea is to make this wallet do only two things.
You should only:
- Do Gasless signatures
- Transfer/Send/Receive ETH/Tokens (although, the safest vault is the one that has no ETH in it because you can't accidentally make any bad approvals this way!)
You should not: Make Approvals of any kind Do Any Smart Contract Interactions (especially on untrusted sites!)
# 第一层危险:授权无上限 Approve security concern
首先如果你是体验过web3的产品,那么大概率你使用过approval功能,如果没有approval功能,web3应用很难实现(当然现在有类似的permit功能), Approvals 让智能合约能够与你的代币(ERC-20、NFT 等)进行交互: 可以根据智能合约中设置的参数随意使用你的相应代币。 如果没有这个功能那么为了进行复杂的交易你不得不将代币转入某个中心化的平台上失去所有控制权,而不是像现在可以任意的在多个不同的去中心化平台来去自如并保持自己的大部分控制权。
Approvals give smart contracts the ability to interact with your tokens (ERC-20, NFTs, etc). They can pull them at will, based on parameters set in the smart contract. But quite honestly, web3 would be hardly possible at all without them. If you have ever made a sale on an NFT platform, or made an offer on an NFT collection, you are already harnessing the power of approvals.
This allows you to do other things with the asset (like prove ownership) and list on other marketplaces as well. If approvals didn't exist, you'd need a platform that had either full custody of payment assets, NFT assets, or both. In that case, you wouldn't be able to list on multiple marketplaces and have all the benefits of holding the asset!
通常ERC-1155、ERC-721或ERC-721a这些标准中的NFT代币都有以两种 approval机制:
全部批准 Set Approval For All:将给定钱包地址中NFT集合的所有资产授权给到某个地址(通常是合约/NFT 市场,也可能是骗子。。。)
批准 Approval:将给定钱包地址中的NFT集合单个资产授权到单个地址(NFT中不常用)。
When it comes to NFT Collections in the ERC-1155, ERC-721 or ERC-721a standards, all have the following mechanism for approval. These standards usually have both an Approval and Set Approval for All (SAFA) method.
Set Approval For All: Approves all assets in a given wallet address for an entire NFT collection to a single address (usually a contract/NFT marketplace)
Approval: Approves a single asset in a given wallet address from an NFT collection to a single address (not used often in NFTs).
让我们拿 Apecoin为例看看Approval到底啥意思 https://etherscan.io/token/0x4d224452801aced8b2f0aebe155379bb5d594381#writeContract 对应代码就是:
function approve(address usr, uint wad) external returns (bool)
{
allowance[msg.sender][usr] = wad;
…
}
所以意思很明显,每次你做一次approve授权的时候,你实际上是在添加另一个spender钱包地址到你自己钱包的资产上,从而这个spender就可以在约定条件下使用你授权的一定额度的资产。
注意:我发现很多合约都会默认把额度写的很高,最好大家手动改成自己允许的比较小的数值或者按照我在防御准备中提到的永远不用保险箱钱包进行交互。
Let's take a look at the Apecoin contract to help visualize what is happening:
Every time you make an approval, really all you are doing is adding another authorized spender to the assets that exist in your wallet.
扩展一下,不同的代币对应的智能合约标准不同,不同的标准中使用的approve方法也略有不同:
ERC-721 (Profile Picture/Unique Collection NFT):
- Function: Approve Spender: 你授权给的花费者地址(比如 Opensea)The spender you are giving access to (like Opensea or a Marketplace) Token/TokenID: 你授权的tokenID 比如BAYC #4014 Which tokenID you are giving access to. Example: BAYC #4014
- Function: SetApprovalForAll Operator: 你授权给的运营商/花费者地址(比如 Opensea)This is the same as Spender, who will have access to your tokens Approved: 这是一个简单的真/假值, 如果获得授权,运营商/花费者将有权访问该集合中的每个代币(因此,如果您有多个 BAYC,则代表所有BAYC)。This is a simple true/false. If approved the Operator/Spender will have access to every token in that collection (so if you have multiple BAYCs, all of them). Examples: BAYC, Azuki, Doodles
ERC-1155 (Semi-Fungible NFT)
- Function: SetApprovalForAll Operator: 你授权给的运营商/花费者地址(比如 Opensea)This is the same as Spender, who will have access to your tokens Approved: 这是一个简单的真/假值, 如果获得授权,运营商/花费者将有权访问该集合中的每个代币(因此,如果您有多个 BAYC,则代表所有BAYC)This is a simple true/false. If approved the Operator/Spender will have access to every token in that collection (so if you have multiple BAYCs, all of them). 注意:ERC-1155标准中没有Approve方法,这意味着当您批准 ERC-1155 合约时,您就批准了该代币集合的所有。 Note: There is no approval method in the ERC-1155 standard. This means that when you make an approval on an ERC-1155 contract, you are approving it for ALL of that token. To me this seems like an oversight, but I understand it.
Examples: Boring Security, Adidas: Into The Metaverse
ERC-20 (Fungible Tokens)
- Function: Approve Spender: 你授权给的花费者地址(比如 Opensea) The spender you are giving access to (like Opensea or a Marketplace) Amount: 你允许合约使用多少代币,该金额保持活跃状态,并且可以随着时间的推移可以被用完。 How much of the token you are allowing the contract to use. The amount stays active and can be “used up” over time. Dookey Dash addicts might recall an 800 $ape approval being set, and maybe at some point in their journey they had to do another approval!
- Function: IncreaseAllowance (Not all ERC-20 Tokens have this). Spender: 你授权给的花费者地址(比如 Opensea) The spender you are giving access to (like Opensea or a Marketplace) Amount: 你允许增加的额度 The amount you are increasing your allowance by. 注意:当花费者的地址没有设置授权时,通常会调用该方法增加额度,从而使其起到等同于授权的作用,所以也要小心! Note: Increase Allowance can often times be called when there is no approval set to the spender's address, allowing it to function as an approval. Watch out for this one!
Examples: Apecoin, Wrapped Ethereum, AAVE (Proxy)
# 防御装备一:插件实时提醒 Protect by Fire extension
虽然说metamask这种钱包也提供了一些提醒,但是专业的事情还是交给更专业的产品,所以此时必须上第一个装备: 安装Fire-防火预警 (opens new window), 然后还可以铸造Fire NFT (opens new window)
Fire 是一款让 Web3 变得简单的工具,它以人类可读的格式向你展示智能合约级别发生的情况,Fire相信每个人在签署智能合约之前都应该知道自己正在同意什么,但很可惜实际上很少有人这样做。 在现实生活中,如果不先了解合同,我们永远不会签署合同。 然而,许多用户转移了数十万美元,却并不知道他们实际上同意了什么。
Fire is a tool that makes Web3 simple, by showing you what happens at the smart contract level in a human-readable format. At Fire, we believe everyone should know what they're agreeing to BEFORE they sign a smart contract - yet very few actually do. We’d never sign a contract in real life without understanding it first. Yet, so many users transfer hundreds of thousands of $$ without any idea of what they’re actually agreeing to.
# 第二层危险:冷钱包链接web3 - wallet delegation
一般来说冷钱包或者前面提到的“保险箱钱包”中保存的都是比较贵重的数量多的有价值的资产,有时候达到条件我们忍不住想参与一些web3活动(空投或任何其他类型的声明或资产证明)怎么办?如果直接用冷钱包/保险箱钱包连接web3应用进行授权,根据我们前面的分析,显然这么做有着巨大的风险,在这种场景下即使有了装备fire也是不足够的,此时我们的想法是,一旦您进行了这些委托,怎样才能不用冒着宝贵资产的风险来进行这些活动呢? 证明所有权永远不应该拿所有权本身来冒险。
The idea is that once you've made these delegations, you won't need to risk your valuable assets to do future events, merch drops, airdrops, or any other type of claim or asset attestation. The future of attesting ownership should never risk ownership.
解决方案就是所谓的“冷钱包/保险箱钱包委托”,目前主要有两个产品: The solutions is cold wallet delegation, there are two major players in this space, Delegate Cash and Warm.
- Warm.xyz
- Delegate.Cash
钱包委托依靠“冷钱包”通过链上交易来允许另一个受委托的钱包来证明某个资产的所有权, 这样不会让受委托的钱包控制、移动、批准或影响原始冷钱包/合约或资产。这一点很重要,因为这意味着你通过进行这种委派不会引入任何漏洞或攻击媒介。
Wallet Delegations rely on an on-chain transaction by the ‘cold wallet’ to allow another wallet attest ownership of an asset. What it does NOT do is allow the delegated wallet to control, move, approve, or affect listings on the original wallet/contract or asset. This is important to understand because that means that you are not introducing any vulnerability or attack vector by making these delegations.
工作原理(Delegate.Cash): how it work(Delegate.Cash):
背后的代码片段
/**
* @notice For example, bored ape holders minting their mutant apes
* @param originalTokenIds The ids of tokens being used to mint something new
*/
function tokengatedMint(uint256[] calldata originalTokenIds) external {
for (uint256 i = 0; i < originalTokenIds.length; ++i) {
uint256 tokenId = originalTokenIds[i];
address tokenOwner = ORIGINAL_CONTRACT.ownerOf(tokenId);
// Mint if tokenOwner is msg.sender or tokenOwner delegated to msg.sender
if (msg.sender == tokenOwner ||
IDelegateRegistry(DELEGATE_REGISTRY).checkDelegateForERC721(
msg.sender,
tokenOwner,
address(ORIGINAL_CONTRACT),
tokenId,
""
)
) {
// Can mint to either the vaulted wallet or msg.sender, project's choice
// Can also use an `address recipient` function parameter for flexibility
_mint(tokenOwner, tokenId);
}
}
}
# 防御装备二:Delegate.Cash
我这里推荐 Delegate.Cash (opens new window) 而不是 warm的原因是 warm采用了proxy contract,懂得人都懂 proxy contract存在风险,他们也许会更新proxy背后的合约,这对于很多web3世界的人是无法接受的,因为我们永远不知道哪一天他们更新了什么。
Warm is deployed on a Proxy contract, which means that it can be upgraded or changed. This isn't a huuuge deal, but not something you'd typically want to see in a trustless public good. This means you have to worry about the deployer of the contract potentially getting hacked or attacked with a $5 wrench attack, turning his contract methods into something more sinister! It also only supports whole wallet delegation (you can't delegate 1 contract, asset, or NFT) and the documentation is lacking from a dev and user perspective comparatively.
# 第三层危险:签名的误解 signature misconception
如果说前面讲的approval仍然会让大部分人有所警觉,是因为approval毕竟会发起一个交易,用户自然会冷静的想一想,而下面这种签名的方式则是非常危险的,因为签名的时候不会发生交易,用户误以为没什么!(因为骗子并不知道你的钱包中有哪些有价值的代币,所以骗子们会首先尝试让你警惕最低点签名的方式,如果不行就再采用前面的approval方式)
这是因为人们对签名存在很多误解,接下来我来介绍四种类型的消息签名,以帮助用户了解与在以太坊或其他 EVM 兼容区块链上签署消息(有时也称为免费签名)相关的风险。 There are a lot of misconceptions about signatures. In this article I want to go over four types of message signatures to help users understand the risks associated with signing messages (also sometimes referred to as gasless signatures) on Ethereum or other EVM compatible blockchains.
签名的四种类型 这些签名类型对于 web3 中的所有以太人来说绝对是至关重要的。 The Four Types of Signatures These signature types are absolutely critical for all Ethereans in web3 to understand.
类型1 - 身份证明(放心使用) 这是 web3 中签名的主要用途。 尽管这些内容没有统一的标准,常见于同意服务条款,证明你是该钱包地址的拥有者,有时还包括防止重放攻击的challenge:随机数或字符串。
Type #1 - The Identity Proof (Safe) This is mainly what signatures in web3 are used for. Although there is no unifying standard on what these look like, some common things include a Terms of Service, your Wallet address, and sometimes a nonce to prevent replay attacks, and potentially a short string to ensure the message you are signing on the software wallet is the same on the hardware wallet.
类型2 - 作为输入参数的签名[智能合约交互](谨慎使用) 有时候智能合约的某些部分依赖链下签名才能工作,合约可以拿着这个签名清空你的钱包!因为不需要付gas费用,简简单单的一个签名,所以很容易让用户产生大意, 即使你准确地知道这个签名对应的交互正在做什么,也需要非常小心判断这类签名请求的发起者是信誉良好的服务提供商。 底层的本质是: ERC-2612: Permit Extension for EIP-20 Signed Approvals EIP-20 approvals via EIP-712 secp256k1 signatures (opens new window)
function permit( address holder, address spender, uint256 nonce, uint256 expiry, bool allowed, uint8 v, bytes32 r, bytes32 ) external { … allowance[holder][spender] = wad; … }
Type #2 - The Typed Signature [Smart Contract Interaction] (Use Caution) Often some part of smart contracts rely on signatures off-chain to make things happen. These types of signatures will break down all the inputs that will be part of the contract interaction. Quite handy, but this is where if you have open approvals you need to be careful. Although you can tell exactly what they are doing in this example, you need to ensure the source in which is surfacing these kinds of signature requests is reputable.
类型3 - 混淆的十六进制签名(请格外小心!) 虽然不符合 EIP-712 标准并不等同于就是骗局,然而,这确实意味着你将要无条件的信任交易对手让你签署的任何类型的消息,本质上你是在“盲签”消息。 查看我们如何撤销批准,看看您在该钱包地址上打开了哪些批准!
Type #3 - The Obfuscated Hex Signature (Use Extreme Caution!) Now just because something doesn't have a beautifully typed signature in accordance with the EIP-712 standard above, doesn't mean its a scam. However, it does mean that you are trusting the counterparty with whatever kind of message you may be signing, as you are essentially “Blind Signing” a message. Although we are not seeing these leveraged on Opensea these days due to upgrades in the Seaport contract, I would still give pause before signing these types of messages, particularly if you are on a wallet address with open approvals. Not sure? Check out our how to revoke approvals and see what approvals you have open on that wallet address!
类型4 - ETH_Sign - 过时了而且有点吓人(危险!) 这是一种非常危险的签名类型,基本上是以太坊的“空白支票”。 请求者可以通过它用你的私钥签署任何交易。 好消息是,如果有请求,Metamask 会显示一个大红色警告。 它有效地允许某人,如果他们能够制作出有效的签名,就能够进行“重放”交易,例如向自己发送 ETH。 这跟其他被盗的 wETH、NFT这些依赖于approval批准的不同,是唯一存在这种风险的签名类型,我们应不惜一切代价避免,正常的服务很少会合法使用它!
update:ETH_SIGN 现在在 Metamask 中默认禁用(但可以在高级设置中启用它),这是该领域的一个巨大的 UI/UX 胜利,因此为了完整起见,我们将其保留在这里!
Type #4 - ETH_Sign - Outdated & Well, A Little Bit Scary (Dangerous!) This is a very dangerous signature type, basically the “blank check” of Ethereum. The requester can use it sign any transaction with your private key. The good news is that Metamask shows a big red warning if it is ever requested. It effectively allows someone, if they properly craft the signature payload, to be able to “replay” a transaction to their own benefit, such as sending themselves ETH. This does not rely on approvals as stolen wETH, NFTs and other tokens do. This is the only signature type that runs this kind of risk, and should generally be avoided at all costs, as it is rare for services to use this legitimately! UPDATE: Based on our feedback and others in the community, ETH_SIGN is now disabled by default in Metamask (but you can enable it in the advanced settings), so we are leaving this here for completeness! We view this as a huge UI/UX win in the space and simplifies our messaging regarding signatures.
# 防御装备三:定时自我审计并撤销授权,revoke.cash
撤销许可是取消授权额度的过程,因此,如果你撤销提供给 OpenSea 的你的某个代币的许可,那么 Opensea 将无法再代表你出售这些代币。 同样,如果您撤销了不小心授权给骗子的许可,他们将无法再拿走你的代币。
如果发生诈骗,骗子很可能第一时间在你授权之后就立即拿走了你的一些 NFT,但即使在这种情况下,撤销也存在意义,因为可以阻止他们将来窃取更多你的资产。 但是请注意,大多数此类诈骗都依赖于自动程序,如果你行动足够快,也许能够在诈骗者的自动化程序从你的钱包中提取资产之前撤销错误的授权! 既然我们了解了撤销授权的重要性和原因,如何操作呢?
主流方法: Revoke.cash (opens new window) 和 Etherscan(以及 PolygonScan 和 BscScan 等相关浏览器),其中Revoke.cash 提供了一个支持多种不同区块链的平台,而 Etherscan 则为不同的链提供单独的平台。
这里有个诈骗演示站点,大家可以玩一下就知道如何使用reovke了,try out Scam Demo (opens new window)
Revoking allowances is the process by which allowances are cancelled. So if you revoke an allowance that you gave to OpenSea for your Bored Apes, then Opensea will not be able to sell those apes on your behalf any more. And similarly, if you revoke an allowance that you gave to a scammer for your Cool Cats, they will not be able to take them any more.
In case of scams, chances are that they already took some of your NFTs immediately after you approved the allowance, but even in those cases it is important to revoke those allowances so that they cannot steal more in the future. However, do note that most of these scams rely on bots, and if you act quick enough, you may be able to revoke a bad approval before the scammer's automated system has a chance to pull your assets out of your wallet! In some cases it can take bots up to 5 minutes or more to pull assets you've approved. If you realize it fast enough, and have the below sites bookmarked, you might be able to save yourself as well!
So now that we understand the why of revoking allowances, we can get into the how. Multiple platforms exist to assist with revoking allowances, most importantly those are Revoke.cash and Etherscan (+ related explorers like PolygonScan and BscScan). Revoke.cash offers one platform with support for many different blockchains, while Etherscan has separate platforms for separate chains.
Refers:
A wallet for every occasion (opens new window)
All About Approvals! (opens new window).
Safe signing 101 (opens new window)
Revoke your allowances (opens new window)
Wallet delegations explained (opens new window)
Need help on how EIP 712 works and where are signatures stored (opens new window)