Research Summary - Penny Wise and Pound Foolish: Quantifying the Risk of Unlimited Approval of ERC20 Tokens on Ethereum

TLDR

• Unlimited approval of ERC20 token delegates the unrestricted privilege of spending users’ tokens to DApps. Our research reveals that 60% of collected approval transactions belong to unlimited approval transactions, and a majority of unique users (2.9m/4.9m) have participated in unlimited approval transactions.
• All investigated DApps adopted unlimited approval on their UIs. However, only 10% of DApps and wallets provide explanatory information for the approval mechanism, and only 16% of UIs enable users to adjust approval amounts.
• We take a further step to characterize the user behavior into five modes and formalize the good practice, i.e., on-demand approval and timely spending, towards securely spending approved tokens. However, the evaluation result suggests that only 0.2% (2,475/1,496,886) of investigated users mitigate risk by following best practices.

Core Research Question

Although unlimited approval can help users save money (gas fee) from repeatedly sending approval transactions, several security incidents in recent years suggest this mechanism has been widely abused. As such, there is an urgent need to understand the impact of this threat and propose possible solutions to mitigate it.

Citation

Wang, Dabao, Hang Feng, Siwei Wu, Yajin Zhou, Lei Wu, and Xingliang Yuan. “Penny Wise and Pound Foolish: Quantifying the Risk of Unlimited Approval of ERC20 Tokens on Ethereum.” arXiv preprint arXiv:2207.01790 (2022).

Background

Decentralized Applications: A decentralized application (DApp) is an application running in the Ethereum system with accessible and transparent smart contract(s).

ERC20 Tokens (T) : Apart from Ether (the native token on Ethereum), the ERC20 token standard allows users to use tokens in other contracts.ERC20 tokens are deployed smart contracts which are responsible for performing users’ requests (i.e., approving and transferring) and recording the correlated information (e.g., T.balanceOf, T.allowance).

Approval Mechanism: The approval mechanism is used to delegate the privilege of spending users’ tokens to DApps. By doing so, the DApps can transfer these tokens to arbitrary receivers on behalf of the users. Constructing an approval transaction (A) requires the specification of Sender (U), Spender (S), Token (T), and the approval amount. Based on the approval amount, we can further categorize approval transactions into three types:

• Unlimited approval (UA) indicates that the approval amount of A reaches the maximum value (i.e., uint256 - 1) or the total supply of token T.
• Zero approval (ZA) is the approval transaction with zero approval amount. ZA indicates that approval senders (Us) try to revoke their permission for their approved tokens.
• Other Approval (OA) represents the rest of the approval transactions.

Wallet (W) : The wallet is normally used by front-end users to manage their accounts and digital assets. It also plays an important role in helping users connect to DApps and construct transactions and send it to the blockchain network for confirmation.

Summary

Although unlimited approval can help users save money in the form of gas fees by limiting the number of approval transactions, it can also be abused to steal users’ tokens. For example, malicious DApps may elaborately trick the users into granting the token approvals and surreptitiously transfer those approved tokens (e.g., through backdoor functions). As a result, there is an urgent need to understand the risk of unlimited approval and mitigate attacks against the approval mechanism. To reveal the usage of unlimited approval and gain a better understanding of the risk of abusing unlimited approval, we conduct three types of analysis: transaction-based analysis, interaction-oriented analysis, and user behavior analysis.

• Although the usage and risk of unlimited approval have been loosely mentioned in the public (e.g., the social media), the scale of unlimited approval remains unknown and there is a lack of quantification analysis for the risk of approved tokens. Therefore, we conduct a transaction-based analysis to investigate that “What is the usage of unlimited approval in the ecosystem and to what extent are the potential risks taken by users?”

• Front-end users construct approval transactions through directly interacting UIs provided by both DApps and wallets. It is critical to understand how the UIs of DApps and wallets guide users in constructing their approval transactions. Therefore, we conduct an interaction-oriented investigation to answer “What security issues are involved in interacting with DApps and wallets to prepare approval transactions?”

• Analyzing the user behavior regarding the approval mechanism may help determine the good practice for users to mitigate the risks. By doing so, we provide guidelines for users to use approval transactions securely. We conduct a user behavior analysis to answer “What is the current status of user behaviors and how do users achieve good practice to spend approved tokens towards mitigating the risks?”.

Finally, we provide some suggestions for front-end users, DApps, and wallets regarding unlimited approval.

Method

Transaction-based Analysis: In this analysis, we first apply a fully-automatic approach to detect approval transactions on Ethereum. After that, we conduct a comprehensive measurement for identified approval transactions to gain a more detailed view of the approval’s usage in the ecosystem. Finally, we further reveal the risk of users’ approved tokens in terms of RiskAmount and RiskLevel.

eq_rl725×258 17.5 KB

Interaction-based Analysis: To fully understand the abuse of unlimited approval, we aim to reveal the security issues involved in interacting with the UIs of DApps and wallets by conducting an interaction-oriented investigation.
Specifically, we first demonstrate the process of constructing an approval transaction from the front-end user’s perspective (as shown in Figure 7). Then, we investigate the Interpretability and Flexibility of UIs provided by 22 DApps and 14 wallets, respectively.

User Behavior Analysis: Moreover, we seek to explore the good practice of spending approved tokens without risks. Specifically, we first detect and sort the user behavior in temporal order (as shown in Figure 9). After that, we characterize the user behavior into five modes and formalize the good practice mitigating the risk of approved tokens (as shown in Table 6). Lastly, we quantify the user behavior based on those modes and the good practice.

tbl_behavior1324×468 57.4 KB

Results

Transaction-based Analysis: Unlimited approval is widely used (60% of all approval transactions) in the Ethereum ecosystem and a great percentage of unique users (60%, 2.9M/4.9M) have participated in the unlimited approval transactions. Specifically, the number of unlimited approval transactions is extremely concentrated in Uniswap V2, which involves 35% of approval transactions and 94% of them are unlimited approval. For the top three tokens (i.e., USDT, USDC, and DAI), most users (97%) are threatened by token stealing and 22% of them are at high-level risk.

tbl_txnSta1327×359 79.2 KB

Interaction-oriented Analysis: The investigation result suggests that most DApps and wallets do not provide comprehensive understanding and flexibility for users to mitigate the risk of unlimited approval. Specifically, the result reveals that unlimited approval is adopted by all (22) DApps on their UIs. However, only 10% DApps and wallets (i.e., 9% (2/22) and 11% (1/9), respectively) provide explanatory information on the approval mechanism.
Moreover, only 16% (5/31) of UIs enable users to adjust the approval amounts.

tbl_dapps1201×865 177 KB

tbl_wallets1195×427 58.3 KB

Surprisingly, we also discover two special DApps, i.e., Curve.fi and Yearn.Finance, mislead users into sending unlimited approval transactions.

fig_cur_yfi1321×569 361 KB

User Behavior Analysis: The analysis result suggests that 76% of user behaviors comply with modes 1 and 2, and 99% of their user behaviors are using unlimited approval. Theoretically, modes 1, 2, and 5 may lead to safe practice. To this end, users spend out approved tokens by either granting limited approval on demand or revoking the approved tokens after the last execution transaction. However, the result reveals that only 0.2% of user behaviors follow the good practice of spending the ERC20 tokens and mitigating the risk of token theft.

tbl_behavior_result1331×506 101 KB

fig_behavior1303×530 94.8 KB

Discussion and Key Takeaways

Unlimited approval of the ERC20 token brings convenience for users to save money (gas fee) from repeatedly sending approval transactions, but it can also become the fuse for severe attacks (e.g., Badger Incident and Furucombo Incident). The paper discovers that unlimited approval is prevalent in the Ethereum ecosystem and 22\% of users have a high risk of their approved token for stealing. Moreover, the paper reveals the worrisome fact that all investigated DApps request unlimited approval from the front-end users. Only 10\% of UIs provide explanatory information and only 16\% of UIs allow users to modify their approval amounts. Lastly, through characterizing and analyzing the user behavior, our paper suggests that only 0.2\% of users follow the good practice to mitigate the risk.

ERC20 token users should be aware of the approval setting designed by DApps and wallets they interact with before approving their tokens. Moreover, users should develop a security mindset when interacting DApps. For example, for a given DApp, are smart contracts verified by some reputable platforms (e.g., Etherscan), or are they officially audited by trustworthy security companies? To protect approved tokens, we suggest users only approve the customized amount of tokens needed for further execution to minimize the risk of theft. If necessary, we also suggest users actively monitor their approved tokens and timely revoke redundant approved tokens via some platforms (e.g., approved.zone and revoke.cash).

Unlimited approval is often designed as the default setting on DApp’s and wallet’s web user interface (UI) to improve their user experience. However, it may mislead novice users without comprehensive explanatory information. DApps and wallets also need to enable a feature that allows users to customize their approval amounts to avoid constructing unlimited approval. DApps and wallets should also consider developing a revoking functionality on their UIs so that users can quickly withdraw their approvals.

Implications and Follow-ups

The security of token trading remains an emerging topic in decentralized finance. Literature regarding the security of token trading in the ecosystem is limited (including multiple withdrawal issues, the prevalence of counterfeit cryptocurrencies, and analysis of scam tokens). None of them focus on the impact of unlimited approval.
In this paper, we present the first systematic study to quantify the risk of unlimited approval of ERC20 tokens on Ethereum.

Moreover, there are some existing solutions (e.g., EIP777, EIP2612) attempting to address the trade-off between the convenience and security of unlimited approval. In this paper, we did not dive into those published proposals, but, it is definitely worth exploring the security issues of those proposals due to their increasing adoption (e.g., DAI and UNI tokens adopt EIP2612) in the ecosystem.

Lastly, the research regarding secure token design and secure token trading strategy remains vital and necessary in both academic and industry fields.

Applicability

The paper sheds light on the risk of unlimited approval and provides suggestions for front-end users, DApps, and wallets to mitigate risk. There is a tradeoff between convenience and security for unlimited approval of ERC20 tokens.

Therefore, we suggest that the front-end users should actively monitor their approved tokens and revoke redundant approved tokens via approved.zone and revoke.cash.

We also strongly suggest that the designers of DApps and wallets need to understand and address the security concerning unlimited approval of the ERC20 token on Ethereum.

Thank you so much for contributing this @dabaow - I’m curious, how much technical difficulty is involved in modulating the amount of spend when creating a smart contract or dApp? Are we asking too much from developers to add this feature?

Hey @jmcgirk , thank you for your question.
I think the developers of the smart contract or DApp do not need to adjust anything for their smart contracts but embed the functionality on their website for users to send an approval transaction (which increases or decreases the approval amount for spending).

Thanks @dabaow for the nice summary done.

It is already known that Numerous decentralized programs rely on allowances to work, however given them unrestricted allowances are often bad for security.
ERC20 allowances have been the target of multiple exploits over the last two years, and people are considerably more aware of the problem now than they were last 3 years thanks to the numerous awareness being created by different security experts in the field.
I believe that both DApp developers and DApp users can take a few actions as users and developers to reduce the dangers mentioned.

For DApp developers, according to Paul berg In his talk held at Devcon 5, Paul berg mentioned several possible solutions to the unlimited allowance problem, which all have different strengths and drawbacks. The most practical of those solutions is using the approve-spend pattern. In this pattern you only request the user to approve the exact amount that they want to use at that moment, rather than an unlimited amount.
Adopting EIP2612 is also an alternate method to reduce transaction costs (permit).

Users can now establish their allowance which is free by signing a message rather than sending a transaction thanks to this standard.

Btw, EIP2612 has a small but rapidly expanding developer community, and projects like Uniswap use it for their lending provider tokens.

Then for the average DApp user, When utilizing a DApp, you should try to think about whether you’ll use it regularly and have faith in the project ie unlimited allowance or if you’ll use it seldom or have doubts about the project ie smaller allowances. In any scenario, it’s a good idea to frequently evaluate your outstanding allowances like once a month and cancel any that you aren’t utilizing right away.

Thank you @Cashkid18 for your detailed response.
You have all the critical points, which have been highlighted in this summary and my paper.

Even though unlimited approval has been loosely mentioned numerous times in the public, it is still necessary to give a comprehensive view of the risk of unlimited approval in different aspects (i.e., transaction-based, interaction-oriented, and user behavior-based).

I hope this work can raise the concern of unlimited approval for ERC20 token users and DApp developers again.

For users, customizing their approval amount by following the spend-approve pattern should be a good practice to reduce the theft risk. Moreover, users should monitor their approved tokens and preserve their vulnerable ERC20 assets by revoking their approved tokens with some existing tools (e.g., approved.zone and revoke.cash).

For developers, providing a detailed explanation of unlimited approval and a customization feature for approval amount on their web UI could be good practices.

As for EIP2612, it is a good practice to solve the trade-off of the convenience and security of unlimited approval. However, to support tokens with EIP2612 to existing applications, developers should carefully consider the adoption issues (e.g., Multichain Incident).

I believe security should always be one of the top focus in the DeFi ecosystem.