Tradeoff Between Convenience and Security: Unlimited Approval in ERC20

Abstract

In Ethereum, the ERC20 token is widely utilized by companies or users to construct decentralized applications (DApps). Many ERC20 tokens obtain great value and circulate in the crypto market. Moreover, with the prosperous development of DeFi ecosystem, trading on ERC20 tokens becomes more frequent. Based on ERC20’s standard, the method approve() is invoked to give permission for DApps or other users to withdraw tokens. In reality, many DApps require unlimited approval from users and this design has brought a severe problem. A series of incidents happened and caused a vast loss for both users and DApps themselves.

0xffffff. Preface

As a topic having been discussed for a long time, “Unlimited Approval” pops up since the prosperous development of DeFi and some security incidents. With the inspiration of many security incidents, we are trying again to conduct a comprehensive investigation for “Unlimited Approval” in different aspects. At the same time, we are also invited to appear at the 29th Blockchain Village conference and talk about this issue. You can watch our talk by following the link: https://www.youtube.com/watch?v=ijgYfdOADVI.

Reading Recommendation:

• If you are Ethereum starters, we strongly suggest reading the whole blog.
• If you are the Ethereum expert and have some experience of unlimited approval, you can start reading from section 0x2.

0x0. Background

Before we get into the discussion of “What is the unlimited approval?”, I would like to recap you about “What is the approval in ERC20 token?”.

ERC20 Tokens

In Ethereum, except Ether, various tokens are circulating in the Crypto market with a great value. ERC20 is the most popular token standard. Based on our uncompleted statistics, over 5,600 and 44,000 ERC20 tokens have been recorded among CoinGecko (a website aggregating token’s price) and Uniswap (currently one of the most famous decentralized exchanges).

Approval Mechanism

The approving process mainly relates to three entities (sender, spender and token contract) as well as two functions (approve, transferFrom) and two variables (balanceOf, allowance) in the ERC20 standard(as shown in the figure below).

To understand the approving process, we present the figure below and explain that how the approve and transferFrom functions change the token contract's state.

1. (Step 1) As the initial status, the sender holds 100 tokens in the contract and the spender does not have any allowance approved by the sender.
2. (Step 2) The sender invokes approve function to grant permission of 100 tokens to the spender. Therefore, allowance[sender][spender] increase to 100 from 0 and there is no change applied to the sender's balanceOf.
3. (Step 3) Lastly, the spender invokes transferFrom to move 80 tokens from the sender to itself. As a result, balanceOf of both the sender and spender are
   updated (i.e., 20 and 80) as well as spender's allowance decreases to 20.

Three types of approval in reality

In the real world, we can classify all approvals into three types based on the approval amount.

• Zero Approval：The approval amount equals zero. This basically means that the user/sender tries to revoke its allowance from a certain platform/spender.
• Unlimited Approval：The approval amount equals the max value of uint256 (0xffff...ffff) or the total supply of the tokens.This type of approval is frequently used by many DeFi platforms (such as exchanges, lending platforms).
• Other Approval：This type of approval covers the rest.Users normally launch this approval based on the modification feature supported by platforms or wallets.

0x1. Real-world Incidents

There are also some real-world incidents related to the approval issue mentioned before. In our talk, we went through two (UniCat, Bancor Finance) of those stories with details. If you can learn more about those incidents, you can simply follow the links provided below:

• UniCat Incident： Link
• Bancor Finance Incident: Link
• Primitive Finance: Link1, Link2
• Furucombo: Link, Link (Chinese)
• DeFi Saver: Link, Link (Chinese)
• Degen Money: Twitter, Link

0x2. Some Measurements

In this section, we will present our detailed investigation from both off-chain and on-chain aspects. To better understand the current situation of “unlimited approval”, we take the role of frontend user to conduct our measurement.

Real-world Approving Process

The figure above shows that front-end users might take six steps to complete an approval transaction. There are four main entities (frontend users, wallets, platforms, token contracts). Now, let’s work through the flow step by step:

Step1,2： First, most front-end (mobile, website) users connect their wallets to the selected platform and send their service requests.

Step3： Then, from platforms to the user’s wallet, the platform constructs the approval transaction with required data (most importantly, the approval amount) and send it to the user’s wallet for confirmation.

Step4,5： After receiving the approval transaction, the wallet will display the corresponding information for the user and wait for the user’s confirmation.

Step6： Once the user confirms the transaction, the wallet will send the transaction to the network for validation. Furthermore, the validated transaction will modify the token contract’s state (Allowance[User][Platform]).

(In the coming section, we will first introduce our motivation for each type of measurements (off-chain and on-chain). Then, we will present our measurement results and findings with different aspects.)

Off-chain Investigation

Motivation

In the real-world approving process, we can easily discover that frontend users are directly interacting with the user interface of the wallet and platform. Therefore, we choose 15 well-known wallets and 24 DeFi (Decentralized Finance) platforms and conduct the off-chain investigation.

(The investigation results are summarized in two figures shown below.)

Moreover, we mainly consider their explanation and flexibility on approval:

• Explanation
• Wallet: 1)Whether the wallet displays sound information of approval transaction (including user, spender, token and approval amount); 2)Whether the wallet gives a special warning or notifies users about the “unlimited approval”
• Platform:（Criteria 1）Whether the platform provides a sound explanation for approval transactions on their web UI;（Criteria 2）Whether the platform notifies users of the approval transaction’s existence;（Criteria 3）Whether the platform notifies users that two transactions are sequentially executed
• Flexibility: No matter in wallets or platforms, whether the UI provides modification feature on approval amount

(In the coming section, we will show the result of how the above two aspects are performed in both wallets and platforms. We select two cases each for both the wallet and the platform.)

0x222. Wallets: Metamask & Coinbase

We will present our investigation result on the Coinbase wallet and Metamask (chrome extension) wallet. According to the information on Google Play Store (shown in the figure below), Coinbase and Metamask both have over 1M installs. Somehow, Coinbase gains more reviews from clients as well as has a higher score.

As for the investigation of two wallets, we use them to test the swapping function on the Compound platform. Note that the Compound platform defaults the unlimited approval for users.

Wallet 1: Metamask

As shown in the figure below, while users are reviewing the approval transaction constructed by Compound, they can basically see the completed information, including spender address, approve signature and approval amount (Step 2). Moreover, Metamask even allows users to modify their approval amount with the button “Edit” (Step 2, 3, 4).

Wallet 2: Coinbase

Compared to the Metamask wallet, the Coinbase wallet does not present any important information at all. Users can only look at more details after confirming the approval transaction (figure below). Note that steps 2, 3, 4 are only showed during or after the approval transaction is on pending or completed mode. Therefore, the Coinbase wallet hides the necessary information of the approval transaction and does not provide any modification feature for the approved amount.

0x223. Platforms: Bancor & Curve Finance

In this section, we are going to compare Bancor and Curve Finance. As shown in the figure below, based on the newest statistics (on 7th Aug 2021) of defipulse, Curve Finance and Bancor are the first and fifth DEX (decentralized exchange) in terms of the total locked value.

For the setting of our investigation on both platforms, we will use Metamask wallet to test the swapping feature provided by both platforms.

Platform 1: Bancor

While we are testing the swap feature on Bancor, it explains the need for the approval transaction (figure below) and even provides users with two options (unlimited/limited approval). Apart from unlimited approval, the limited approval in Bancor only requires the exact amount of allowance that users are trying to use for swapping.

Platform 2: Curve Finance

However, on Curve Finance, an ‘interesting’ thing happens. As shown in the figure below, while we request to swap, the UI of Curve Finance displays “Please approve 10 USDT for exchange” (figure below), but, Metamask receives an unlimited approval transaction. This is definitely misleading information to users.

Later, when we are trying to confirm the issue with Curve Finance, they acknowledged our concern and said that it is because “users didn’t like approving every time” (figure below).

Similar to Curve Finance, the UI of Yearn Finance has the same issue. (We also mention and show the evidence in our talk)

0x23. On-chain Investigation

0x231. Motivation

To further understand the situation of “unlimited approval” on the chain, we collect all transactions (until 30th April 2021) to continue our exploration. As the figure is shown below, the number of “unlimited approval” grows really fast nowadays. In our investigation, we find that the introduction of UniswapV2 seems the main factor stimulating the growth of “unlimited approval”. And, we will explain more on this point based on our measurement results.

At the same time, to explore “unlimited approval” on behalf of both token and platform (since they are the most related terms instead of users themselves), we will take our investigation on two aspects:

• The distribution of “Unlimited Approval”
• Risk Analysis

0x232. The Distribution of “Unlimited Approval”

To help understand the plots below, we will first explain each term mentioned in the figures:

• Y-axis (Max Approval Ratio): Larger Value -> The Higher percentage of “Unlimited Approval” among all approval transactions
• X-axis （Liveness）:Larger Value -> More active the platforms or tokens are. Value of liveness depends on the number of approval transactions and the time difference between the first and last approval transaction
• Dot Size: Larger Size -> More approval transactions are involved by the token or platform

(Two figures below only shows the top 1000 tokens/platforms most frequently involved in approval transactions)

（Platform）

（Token）

Platform: By looking at the platform’s plot, UniswapV2 is obviously dominating any other platforms in three terms. This is why we declaim that “the introduction of UniswapV2 seems the main factor stimulating the growth of ‘unlimited approval’”.

Token: As for the distribution, USDC, USDT and DAI have the best performance based on the three terms defined above. These tokens are all stable coins which make sense since stable coins are usually used to perform trading in the crypto market. As for other highlighted tokens (Top 10 tokens), they are quite similar in Max Approval Ratio.

0x233. Risk Analysis

According to previous results, we select USDC, USDT, DAI (top 3 tokens) and two platforms (Bancor, UniCat) to conduct our risk analysis. Meanwhile, we also define two terms (as shown in the figure below) to help demystify the risk of approved tokens.

Risk Amount

• For token, Risk Amount equals the total amount of tokens that could be transferred by invoking the function transferFrom
• For Platform，Risk Amount equals the total amount of a single token that could be transferred by invoking the function transferFrom

Risk Rate

• With a fixed token, Risk Rate represents the percentage of Risk Amount on the total supply of this fixed token

Token： As shown in the figure below, USDC and USDT are quite stable (their risk rate are around 10%) during the one and a half years. DAI experiences a dramatic drop in the middle of the year and finally gets stable (also around 10%, but more up and downs). This phenomenon might indicate some specific events or DAI’s working mechanism. Therefore, there is still some work to do for us to explore the cause.

Platform： About risk analysis on platforms, we are going to present a trend graph of risk amount (figure shown below) on both Bancor (with BNT token) and UniCat (with UNI token).

The trend plot of Bancor shows an instant growth and drop. This is actually a perfect explanation of how fast the team transfers their exploitable tokens from the buggy contract to a safe place.

As for the trend plot of UniCat, we confirm that some obvious drops are actually caused UniCat’s backdoor attacks.

0x3. Existing Solutions

As aforementioned, “Unlimited Approval” is a topic existing in the ecosystem for a long time. Through various discussions, some solutions are actually proposed to improve the approving process:

• ERC777
• EIP2612

Before getting into the solutions, we would like to remind you again about the root motivation of “unlimited approval”:

• Two transactions are required for both approve/transferFrom
• Customized approval focus users to approve each time before trading or depositing (which means more transaction fees to pay)
• Platforms want to maximize the user experience by asking unlimited approval for once

0x31. ERC777

As a token standard proposed in 2017, ERC777 has the following points used to improve the approval process of the ERC20 token:

• Users can “authorize” an operator (such as an exchange) to transfer their token with the wished amount
• Users do not have to submit transactions for approvals repeatedly
• Users do not have to worry about the risk of “unlimited approval”

In conclusion, with ERC777, users can achieve atomic purchases with any authorized operator.

However, the drawbacks of ERC777 are also obvious:

• High transaction fee, since the hooks applied in the standard (for more details).
• Users must select a trustful operator (This throws the question back to users again).

0x32. EIP2612

About EIP2612, in this proposal, the author indicates that users can use signed messages for the transaction validation so that the users do not need to pay any transaction fee to modify their allowance. More directly, approval transactions are becoming free with EIP2612. Moreover, this proposal is currently used by UniswapV3 for lending provider tokens.

0x4. Conclusion

In conclusion, “Unlimited Approval” really decreases users’ cost to execute multiple approval transactions. However, through our investigation, some platforms and wallets still pretend harmless in the battle of convenience and security. Much worst, some of them even try to mislead users by displaying wrong information. Therefore, instead of using “Unlimited Approval”, we suggest that platforms and wallets should really consider developing a more secure UI or protocol to protect users from the beginning. As a user of DeFi, building the security sense should not be the outcome of exploits but having awareness in the very beginning. We believe that building a secure and prosperous environment in Ethereum is not only the responsibility of the community but each one of us.

About us

https://www.blocksecteam.com

contact@blocksecteam.com

twitter: https://twitter.com/BlockSecTeam

Medium: https://blocksecteam.medium.com/