Blue Buttons of Death

Authors: twitter.com/ortomichDevtwitter.com/officer_cia

Today we will deal with what we in our arthouse understanding of the web3 security is called the “blue button of death” and then Ortem will talk about this type of attack using the signature function, which uses EIP-712 — in our subjective opinion, very underestimated danger!

❗️ Please report scam here:

First, I would like you to study these 2 sources to get an understanding of the issue before reading article:

Do not confuse it with allowance approve scam (to prevent which you can use revoke.cash / unrekt.net) which targets ERC20 tokens, but not Ethers. (1234).


I - Approve Button

A lot of tokens on Ethereum use the ERC/EIP20 standard. This is a standard interface for the token contract that details the contract properties, functions, function arguments, and function return types.

One of these standard functions is function approve(address _spender, uint256 _value) public returns (bool success). This allows a third-party to send tokens from your account on your behalf. You’ll recognize this pattern if you’ve ever done a swap through an AMM (like Uniswap) as you’ll have to approve the AMM to spend your tokens before you swap.

Bad actors have learned how to exploit this function, as it’s harder for unsuspecting users to avoid when they’re only expecting scams that outright ask for their private keys. Exploiting token approvals is a clever approach because users generally think: “If they don’t have my key, then they can’t sign a transaction, so they cannot steal my assets.” Whilst generally accurate, this is not true when we talk about ERC20 tokens and other token standards.

If you or someone you know may have approved unnecessary amounts of tokens on any product, fix it now with revoke.cash or app.unrekt.net !


II - EIP-712: PoC

First, a little preface. This EIP allows you to approve tokens by signing, that is, if you are already used to all approves being given as a separate transaction, you won’t believe it, you can also approve with a simple signature, which will save you some gas.

An example of this signature on UniSwap when you swap $UNI to $WETH
An example of this signature on UniSwap when you swap $UNI to $WETH

This EIP is implemented in some ERC20 tokens, among them $USDC, $UNI and others. Everybody got used to the fact that the signature does not carry any danger, but then we showed you how you can steal all the money from your wallet with eth_sign function:

But that method had one special feature — a big red warning sign from the MetaMask that warned you about the risks. In this case, if an attacker forges a signature for EIP-712, the MetaMask will not warn you in any way and you will not even know that you have been scammed!

To understand the next paragraph, you need to learn for yourself how signatures work and have an idea of the structure of a smart contract.

Next, we need to make that very signature. The EIP-712 type can differ from token to token, so ideally you should look for a different signature approach for each token.

We got this signature for $DAI on Rinkeby test-net
We got this signature for $DAI on Rinkeby test-net

Then we have to take v, r, and s from our signature and pass them and a few other parameters to the permit function on the token contract we want to access.

As we can see, at the very end of the function, after all the checks have been passed, we see a call to the allowance function, which is responsible for approving.

Also check out:

If it’s a signed approval (ERC-2612), the chain id is embedded so it only works on a specific chain, and there’s a nonce to prevent replays! But you cannot unsign a eip712 scam sign, so signed once = lost an address!

With all said, a malicious signed approval can be blocked if you front-run the attacker calling permit with your own same-nonce signed approval. But not all eip712 implementations include a nonce. It isn't part of the 712 standard but of the permit standards like ERC-2612!

All information is presented for strictly introductory purposes! Do not commit crimes! ❗️

You must keep in mind that DAI actually predates the 2612 standard but does include nonce!

For those who want to understand the work of this mechanism in details — we’ve prepared a concept scam site, here is a link to it, all set to work with $DAI on Rinkeby:


III - Fantastic Beasts and How to Protect from Them

First of all, I want to say that you can meet this scam anywhere - you can get such a site with a spam token, accidentally get into such an attack if they hack into a legitimate Web3 resource that you use or deliver it to you in some other way, but the whole point is the same - to make you click on a link and do something.

If in the case of approving you can save by using revoke.cash or cointool.app and follow approve hygiene - when you have to cancel all approves every time, in the case of signing, I advise you to use the basic tips from my Guide, use the separation of devices and never do what you do not understand!

Follow the 25 rules in this set, the first 10 rules relate to personal security, and the rest to corporate security, also keep an eye on the latest trends in crypto OpSec, that always makes sense. Don’t be afraid of links, you don’t need all of them but you should be able to pick up which will interest you the most for your own Pathway.

Use extensive measures when working with files and always keep an eye on the latest security trends even if your area is far from it. Take this subreddit and this awesome old & trusted resource as the first step. In our dangerous world anyone can become a target, especially in crypto.

The worst is that due to Eip712 (eth_sign and transfer_from), you will never revoke the signature!

How to avoid it?

First, use delegate.cash, simulate transactions before signing them, never accept suspicious offers on NFT marketplaces!

So we can either:

1 - Use an «AI+ML» tool like blowfishxyz or _joinfire !

2 - or simulate transactions via smth like TenderlyApp with impersonator.xyz or alchemy.com/blog/transaction-simulation

3 - or use delegate.cash + multi-sig like safe !

Forewarned is forearmed! Stay safe!

That said, it doesn’t really matter what industry you’re in. If you have any sensitive, proprietary information at all, then you could very well be a target. This is a good thing to always keep in mind.

Learn the latest attack techniqueswhite-hat cheatsheets and defense methods, join hacker communities - because only with knowledge can we defeat the knowledge of hackers. In this intellectual battle the most prepared will win and I believe that it will be you, Anon. It sounds scary but it is possible, the main thing is to always think ahead.

Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!

If you want to support my work, you can send me a donation to the address:

Thank you!

Subscribe to Officer's Blog
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.