Comment on page
Permit2 signature phishing
Permit2 is a token approval smart contract designed by Uniswap that enhances user experience by merging approval and contract interaction into one step. However, this also introduces a new attack type that could potentially steal your tokens with a single signature.
How does this scam happen? Let's dive into the basics to help you stay secure!
Signature phishing is a method where attackers trick users into providing an off-chain signature, which they later use to steal assets. Signatures are crucial for self-custody wallets, as they authenticate transactions. Any action in Web3 requires you to sign a message to prove that the transaction came from you.
While most signatures are on-chain and recorded on the blockchain, the evolution of Ethereum has enabled off-chain signing, which isn't broadcast to the network. This allows for scams where dApps collect off-chain signatures to use at their discretion.
The scam typically follows this pattern:
- The attacker creates a fake dApp and induce users to use it.
- The dApp asks users to sign off-chain messages. Given that transaction data is often unreadable by humans, users may believe they're signing to deposit tokens, as they would with other dApps. In reality, they're signing a message granting unlimited token approval.
- The attacker then uses this signature to steal the user's assets.
Understanding the basics of signature phishing, we can delve deeper into Permit2 scams. Permit2 enhances user experience by allowing token approvals to be shared and managed across various applications, intending to create a more unified and cost-efficient UX. However, it also introduces potential risks.
- The user calls approve() on an ERC20 to grant a spending allowance to a contract.
- The user calls an interaction function on the contract, which in turn calls transferFrom() on the ERC20 token contract, moving her tokens.
- The user calls approve() on an ERC20 to grant an infinite allowance to the Permit2 contract.
- The user signs an off-chain "Permit2" message that signals that the protocol contract is allowed to transfer tokens on her behalf.
- The user calls an interaction function on the protocol contract, passing in the signed Permit2 message as a parameter.
- The protocol contract calls permitTransferFrom() on the Permit2 contract, which in turn uses its allowance (granted in the first step) to call transferFrom() on the ERC20 contract, moving the tokens held by the user.
Permit2 eliminates the need for users to sign a token approval for each dApp, saving on gas fees. However, a few things make it hard for users to identify potential risks:
- Off-chain signature: As it's not recorded on-chain, it's difficult for users to investigate suspicious activities.
- Attacking time: A Permit2 signature remains valid until its expiration date. Attackers can choose to steal assets later, making it hard for users to identify the scam.
- Avoid opening unknown websites and signing messages instantly. Always read the message and do your research before signing.
- When using dApps, control the amount of tokens that can be spent by contracts.
- If you've signed a Permit2 message which could lead to possible attacks, consider transferring risky tokens to a different account.