web互联网时代打造了信息高速公路,逐渐接管各个行业,成为我们日常生活无法离开的虚拟世界,然而传统互联网却没有创建好价值传输的高速公路,相反是被各个巨头在各自领域垄断流量,在价值创造者和终端消费者之间筑起高墙,web3正在带着我们即将冲破枷锁,夺回属于我们的数据权利。

但是目前还早,早期的极客和小白们涌入web3的丛林世界,却没有带好装备,在FOMO以及撸羊毛的情绪带动下,大家热情的参与空投airdrop和铸造mint,殊不知这里有个巨大的风险,一不小心就被黑客无情的收割,这篇文章就是给大家提供装备,避免不必要的损失。

Web3 gives you ownership of your digital assets in an unprecedented way. For example, say you’re playing a web2 game. If you purchase an in-game item, it is tied directly to your account. If the game creators delete your account, you will lose these items.

Driven by the FOMO mode, a lot of people participate in airdrops or delegates without safety mindset, prone to lose all the moeny in malicious Dapps interactions, it’s time to gear up.

security-centric projects: Fire, Wallet Guard, Pocket Universe, and Webacy. OpSec, short for Operational Security, involves procedures and actions taken to protect sensitive information.

One of the most common threats, phishing attempts to trick you into sharing sensitive info. Always double-check URLs and be skeptical of unsolicited communications

防御准备:三个钱包 Three Wallets For Success & Safety

也许你见过一些漂亮的流程图表建议使用 5到7 个以上的钱包, 实际上三个钱包是足够合理的。

You’ll see some beautiful flow charts and infographics that suggest 5 or even 7+ wallets. However, we think the risks mitigated with these models are too few to justify their cognitive expense. You’re more likely to get confused and have “transaction anxiety” than feel any safer with 7 wallets! So let’s keep it simple, where should we start? I should start off by saying that all of these wallet addresses can, and probably should, be from the same hardware wallet.

You should only:

You should not: Make Approvals of any kind Do Any Smart Contract Interactions (especially on untrusted sites!)

第一层危险:授权无上限 Approve security concern

首先如果你是体验过web3的产品,那么大概率你使用过approval功能,如果没有approval功能,web3应用很难实现(当然现在有类似的permit功能), Approvals 让智能合约能够与你的代币(ERC-20、NFT 等)进行交互: 可以根据智能合约中设置的参数随意使用你的相应代币。 如果没有这个功能那么为了进行复杂的交易你不得不将代币转入某个中心化的平台上失去所有控制权,而不是像现在可以任意的在多个不同的去中心化平台来去自如并保持自己的大部分控制权。

Approvals give smart contracts the ability to interact with your tokens (ERC-20, NFTs, etc). They can pull them at will, based on parameters set in the smart contract. But quite honestly, web3 would be hardly possible at all without them. If you have ever made a sale on an NFT platform, or made an offer on an NFT collection, you are already harnessing the power of approvals.

This allows you to do other things with the asset (like prove ownership) and list on other marketplaces as well. If approvals didn’t exist, you’d need a platform that had either full custody of payment assets, NFT assets, or both. In that case, you wouldn’t be able to list on multiple marketplaces and have all the benefits of holding the asset!

通常ERC-1155、ERC-721或ERC-721a这些标准中的NFT代币都有以两种 approval机制:

When it comes to NFT Collections in the ERC-1155, ERC-721 or ERC-721a standards, all have the following mechanism for approval. These standards usually have both an Approval and Set Approval for All (SAFA) method.

Set Approval For All: Approves all assets in a given wallet address for an entire NFT collection to a single address (usually a contract/NFT marketplace)

Approval: Approves a single asset in a given wallet address from an NFT collection to a single address (not used often in NFTs).

让我们拿 Apecoin为例看看Approval到底啥意思 https://etherscan.io/token/0x4d224452801aced8b2f0aebe155379bb5d594381#writeContract 对应代码就是:


function approve(address usr, uint wad) external returns (bool)
{
  allowance[msg.sender][usr] = wad;
  …
}

所以意思很明显,每次你做一次approve授权的时候,你实际上是在添加另一个spender钱包地址到你自己钱包的资产上,从而这个spender就可以在约定条件下使用你授权的一定额度的资产。

注意:我发现很多合约都会默认把额度写的很高,最好大家手动改成自己允许的比较小的数值或者按照我在防御准备中提到的永远不用保险箱钱包进行交互。

Let’s take a look at the Apecoin contract to help visualize what is happening:

Every time you make an approval, really all you are doing is adding another authorized spender to the assets that exist in your wallet.

扩展一下,不同的代币对应的智能合约标准不同,不同的标准中使用的approve方法也略有不同:

防御装备一:插件实时提醒 Protect by Fire extension

虽然说metamask这种钱包也提供了一些提醒,但是专业的事情还是交给更专业的产品,所以此时必须上第一个装备: 安装Fire-防火预警, 然后还可以铸造Fire NFT

Fire 是一款让 Web3 变得简单的工具,它以人类可读的格式向你展示智能合约级别发生的情况,Fire相信每个人在签署智能合约之前都应该知道自己正在同意什么,但很可惜实际上很少有人这样做。 在现实生活中,如果不先了解合同,我们永远不会签署合同。 然而,许多用户转移了数十万美元,却并不知道他们实际上同意了什么。

Fire is a tool that makes Web3 simple, by showing you what happens at the smart contract level in a human-readable format. At Fire, we believe everyone should know what they’re agreeing to BEFORE they sign a smart contract - yet very few actually do. We’d never sign a contract in real life without understanding it first. Yet, so many users transfer hundreds of thousands of $$ without any idea of what they’re actually agreeing to.

第二层危险:冷钱包链接web3 - wallet delegation

一般来说冷钱包或者前面提到的“保险箱钱包”中保存的都是比较贵重的数量多的有价值的资产,有时候达到条件我们忍不住想参与一些web3活动(空投或任何其他类型的声明或资产证明)怎么办?如果直接用冷钱包/保险箱钱包连接web3应用进行授权,根据我们前面的分析,显然这么做有着巨大的风险,在这种场景下即使有了装备fire也是不足够的,此时我们的想法是,一旦您进行了这些委托,怎样才能不用冒着宝贵资产的风险来进行这些活动呢? 证明所有权永远不应该拿所有权本身来冒险。

The idea is that once you’ve made these delegations, you won’t need to risk your valuable assets to do future events, merch drops, airdrops, or any other type of claim or asset attestation. The future of attesting ownership should never risk ownership.

解决方案就是所谓的“冷钱包/保险箱钱包委托”,目前主要有两个产品: The solutions is cold wallet delegation, there are two major players in this space, Delegate Cash and Warm.

钱包委托依靠“冷钱包”通过链上交易来允许另一个受委托的钱包来证明某个资产的所有权, 这样不会让受委托的钱包控制、移动、批准或影响原始冷钱包/合约或资产。这一点很重要,因为这意味着你通过进行这种委派不会引入任何漏洞或攻击媒介。

Wallet Delegations rely on an on-chain transaction by the ‘cold wallet’ to allow another wallet attest ownership of an asset. What it does NOT do is allow the delegated wallet to control, move, approve, or affect listings on the original wallet/contract or asset. This is important to understand because that means that you are not introducing any vulnerability or attack vector by making these delegations.

工作原理(Delegate.Cash): how it work(Delegate.Cash):

背后的代码片段

/** 
 * @notice For example, bored ape holders minting their mutant apes
 * @param originalTokenIds The ids of tokens being used to mint something new
 */
function tokengatedMint(uint256[] calldata originalTokenIds) external {
    for (uint256 i = 0; i < originalTokenIds.length; ++i) {
        uint256 tokenId = originalTokenIds[i];
        address tokenOwner = ORIGINAL_CONTRACT.ownerOf(tokenId);
        // Mint if tokenOwner is msg.sender or tokenOwner delegated to msg.sender
        if (msg.sender == tokenOwner ||
            IDelegateRegistry(DELEGATE_REGISTRY).checkDelegateForERC721(
                msg.sender,
                tokenOwner,
                address(ORIGINAL_CONTRACT),
                tokenId,
                ""
            )
        ) {
            // Can mint to either the vaulted wallet or msg.sender, project's choice
            // Can also use an `address recipient` function parameter for flexibility
            _mint(tokenOwner, tokenId);
        }
    }
}

防御装备二:Delegate.Cash

我这里推荐 Delegate.Cash 而不是 warm的原因是 warm采用了proxy contract,懂得人都懂 proxy contract存在风险,他们也许会更新proxy背后的合约,这对于很多web3世界的人是无法接受的,因为我们永远不知道哪一天他们更新了什么。

Warm is deployed on a Proxy contract, which means that it can be upgraded or changed. This isn’t a huuuge deal, but not something you’d typically want to see in a trustless public good. This means you have to worry about the deployer of the contract potentially getting hacked or attacked with a $5 wrench attack, turning his contract methods into something more sinister! It also only supports whole wallet delegation (you can’t delegate 1 contract, asset, or NFT) and the documentation is lacking from a dev and user perspective comparatively.

第三层危险:签名的误解 signature misconception

如果说前面讲的approval仍然会让大部分人有所警觉,是因为approval毕竟会发起一个交易,用户自然会冷静的想一想,而下面这种签名的方式则是非常危险的,因为签名的时候不会发生交易,用户误以为没什么!(因为骗子并不知道你的钱包中有哪些有价值的代币,所以骗子们会首先尝试让你警惕最低点签名的方式,如果不行就再采用前面的approval方式)

这是因为人们对签名存在很多误解,接下来我来介绍四种类型的消息签名,以帮助用户了解与在以太坊或其他 EVM 兼容区块链上签署消息(有时也称为免费签名)相关的风险。 There are a lot of misconceptions about signatures. In this article I want to go over four types of message signatures to help users understand the risks associated with signing messages (also sometimes referred to as gasless signatures) on Ethereum or other EVM compatible blockchains.

签名的四种类型 这些签名类型对于 web3 中的所有以太人来说绝对是至关重要的。 The Four Types of Signatures These signature types are absolutely critical for all Ethereans in web3 to understand.

防御装备三:定时自我审计并撤销授权,revoke.cash

撤销许可是取消授权额度的过程,因此,如果你撤销提供给 OpenSea 的你的某个代币的许可,那么 Opensea 将无法再代表你出售这些代币。 同样,如果您撤销了不小心授权给骗子的许可,他们将无法再拿走你的代币。

如果发生诈骗,骗子很可能第一时间在你授权之后就立即拿走了你的一些 NFT,但即使在这种情况下,撤销也存在意义,因为可以阻止他们将来窃取更多你的资产。 但是请注意,大多数此类诈骗都依赖于自动程序,如果你行动足够快,也许能够在诈骗者的自动化程序从你的钱包中提取资产之前撤销错误的授权! 既然我们了解了撤销授权的重要性和原因,如何操作呢?

主流方法: Revoke.cash 和 Etherscan(以及 PolygonScan 和 BscScan 等相关浏览器),其中Revoke.cash 提供了一个支持多种不同区块链的平台,而 Etherscan 则为不同的链提供单独的平台。

这里有个诈骗演示站点,大家可以玩一下就知道如何使用reovke了,try out Scam Demo

Revoking allowances is the process by which allowances are cancelled. So if you revoke an allowance that you gave to OpenSea for your Bored Apes, then Opensea will not be able to sell those apes on your behalf any more. And similarly, if you revoke an allowance that you gave to a scammer for your Cool Cats, they will not be able to take them any more.

In case of scams, chances are that they already took some of your NFTs immediately after you approved the allowance, but even in those cases it is important to revoke those allowances so that they cannot steal more in the future. However, do note that most of these scams rely on bots, and if you act quick enough, you may be able to revoke a bad approval before the scammer’s automated system has a chance to pull your assets out of your wallet! In some cases it can take bots up to 5 minutes or more to pull assets you’ve approved. If you realize it fast enough, and have the below sites bookmarked, you might be able to save yourself as well!

So now that we understand the why of revoking allowances, we can get into the how. Multiple platforms exist to assist with revoking allowances, most importantly those are Revoke.cash and Etherscan (+ related explorers like PolygonScan and BscScan). Revoke.cash offers one platform with support for many different blockchains, while Etherscan has separate platforms for separate chains.


Refers:

A wallet for every occasion

All About Approvals!.

Safe signing 101

Revoke your allowances

Wallet delegations explained

The Seal of Approval: Know What You’re Consenting To With Permissions and Approvals in MetaMask

Need help on how EIP 712 works and where are signatures stored