Signature stolen? Be wary of Uniswap Permit2 signature phishing
*This article was sponsored by Beosin's guest independent researcher Spinach Spinach! (twitter@wzxznl) Co-authored post with Beosin security researcher Sivan.
Hackers, this is an existence that scares everyone in the Web3 ecosystem. For the project side, when hackers all over the world may stare at you, the open source nature of the code makes the project side afraid of writing a wrong line of code when developing Leaving loopholes, once a security incident occurs, the consequences will be difficult to bear.
Personally, every on-chain interaction or signature you make has the potential to have your assets stolen if you don’t understand what you’re doing.Therefore, security issues have always been one of the most troublesome issues in the encryption world, and due to the characteristics of the blockchain, once assets are stolen, there is almost no way to recover them, so it is especially important to have security knowledge in the encryption world.
just recently,Beosin's good friend Spinach discovered a new fishing method that has been active for nearly two months.As long as the signature is stolen, the method is extremely hidden and difficult to prevent.In addition, addresses that have interacted with Uniswap may be exposed to risks. In this article, Beosin and independent researcher Pincai will popularize this signature phishing technique to avoid more asset losses for everyone.
first level title
process
Recently, a friend (tentatively named Little A) found Spinach after the assets in his wallet were stolen. Unlike common theft methods, Little A did not reveal his private key and did not interact with the contract of the phishing website, so Spinach started The theft of assets was investigated.
In the blockchain browser, it can be seen that the USDT stolen from the small A wallet was transferred through the Transfer From function.Let’s popularize science here. When we transfer Token on Ethereum, we actually call the Transfer function of the Token smart contract. The difference between the two is simply that Transfer is the operation of the asset owner himself to transfer the Token to Other addresses, and Transfer From is a third party transfers the Token in the address to other addresses.This also means that the stolen asset was transferred from another address, rather than the private key of the wallet was leaked.
By querying the transaction details, we can find some key clues:
The address ending in f d5 1 transfers Little A’s assets to the address ending in a 0 c 8
This operation interacts with Uniswap's Permit 2 contract
So here comes the doubt, how did the address ending in f d5 1 get the permission of this asset? Why is it related to Uniswap?
First of all, we need to know that the prerequisite for successfully calling the Transfer From function is that the caller needs to have the quota authority of this Token, that is, approve. I believe everyone who has operated on the chain must be familiar with it. When we use some Dapp Sometimes, once the transfer of assets is involved, we need to perform an authorization (approve) operation first, so that the Dapp contract has the right to transfer our assets.
To solve this mystery, we need to keep digging,And the answer is in the interaction record of the address ending in f d5 1,Before the transfer from the address to transfer Little A’s assets, it can be seen that the address has also performed a Permit operation, and the interaction object of these two operations is Uniswap’s Permit 2 contract, then this Permit function and Uniswap Permit 2 What is the situation?
The Uniswap Permit 2 contract is a new smart contract launched by Uniswap at the end of 2022. According to the official statement, this is a token approval contract that allows token authorization to be shared and managed in different applications, creating a more unified and more Cost-effective, more secure user experience.
And in the future, as more and more projects integrate with Permit 2, Permit 2 can achieve standardized token approval in all applications. Permit 2 will improve the user experience by reducing transaction costs while increasing the security of smart contracts.
image description
Image source: https://github.com/dragonfly-xyz/useful-solidity-patterns/tree/main/patterns/permit 2
The launch of Permit 2 may change the game rules of the entire Dapp ecosystem. Simply put, the traditional method is that you need to authorize every time you interact with a Dapp for asset transfer, and Permit 2 can save this step. Go, this can very effectively reduce the user's interaction cost and bring a better user experience.
The solution is that Permit 2 acts as a middleman between the user and the Dapp. The user only needs to authorize the permission of the Token to the Permit 2 contract. All Dapps that integrate the Permit 2 contract can share this authorization amount. For users, the interaction cost is reduced. and improved user experience. For Dapp, the improvement of user experience brings more users and funds. This is a win-win situation, but at the same time it can also be a double-edged sword, and the problem lies in the 2 interactively.
image description
Image source: https://github.com/dragonfly-xyz/useful-solidity-patterns/tree/main/patterns/permit 2
Although the emergence of Permit 2 may change the rules of the Dapp game in the future, it can be seen that this is a strong double-edged sword. For users, off-chain signatures are the easiest link to put down their defenses. For example, when we When logging in to some Dapps with a wallet, a signature is required to connect, and most people do not carefully check the content of the signature and do not understand the content of the signature, and this is the scariest part.
After understanding the Permit 2 contract, we can understand why the stolen assets interact with the Permit 2 contract when we go back to the small A incident, so let Spinach reproduce this Permit 2 signature phishing method, the first one is very important The prerequisite is that the phished wallet needs to have Token authorized to Uniswap’s Permit 2 contract. Spinach found that as long as Swap is performed on the Dapp or Uniswap integrated with Permit 2, it needs to be authorized to the Permit 2 contract (pictured below Spinach A security plugin is used).
Another scary point is that no matter how much you want to Swap, Uniswap’s Permit 2 contract will allow you to authorize the entire balance of the Token by default. Although MetaMask will allow you to customize the input amount, I believe most people will directly click on the maximum or default value, and the default value of Permit 2 is unlimited quota....
This also means that as long as you have interacted with Uniswap and authorized the amount to the Permit 2 contract after 2023, you will be exposed to the risk of this phishing scam.
first level title
secondary title
permit function:
You can think of the Permit function as a way to sign a contract online. This function allows you (PermitSingle) to pre-sign a"contract", allowing others (spenders) to spend some of your tokens at some point in the future.
At the same time, you also need to provide a signature (signature), just like signing a paper contract, to prove this"contract"It's really you who signed it.
So how does this function work?
First, it checks whether the current time exceeds the expiration date of your signature (sigDeadline). Just like the contract you signed has an expiration date, if the current time exceeds the expiration date, then this"contract"It can no longer be used, and the program will stop directly.
Next, it checks that your signature is really yours. The program will use a special method (signature.verify) to check the signature to ensure that the signature is really signed by you and has not been forged by others.
Finally, if the checks pass, the program updates the record to note that you have allowed others to use some of your tokens.
secondary title
verify function:
secondary title
_updateApproval function:
When the signature verification is passed, the _updateApproval function will be called to update the authorization value, which means that your permissions have been transferred. At this time, it is convenient to call the transferfrom function to transfer tokens to the specified address after being authorized, as shown in the code below.
Well, after explaining the permit function, let’s take a look at the real transactions on the chain. We can find out the details of this interaction:
owner is Little A's wallet address (end number 308 a)
In Details, you can see the authorized Token contract address (USDT) and amount and other information
Spender is the hacker address with tail number f d5 1
sigDeadline is the effective time of the signature, and signature is the signature information of Little A
And looking back at the interaction record of Little A, we will find that,When little A used Uniswap before, he clicked on the default authorization limit, which is almost unlimited.
Just replay it,Little A authorized Uniswap Permit 2 unlimited USDT quota in the process of using Uniswap before, and Little A accidentally fell into the Permit 2 signature phishing trap designed by hackers when performing wallet operations, and the hacker got Little A’s signature Afterwards, the two operations of Permit and Transfer From were carried out in the Permit 2 contract using the signature of Little A to transfer Little A’s assets away.image description
Source: https://etherscan.io/address/0x000000000022d473030f116ddee9f6b43ac78ba3
image description
first level title
text
Considering that the Uniswap Permit 2 contract may become more popular in the future, and more projects will integrate the Permit 2 contract for authorization sharing, we can think of effective prevention methods as follows:
1 Understand and identify signature content:
The signature format of Permit usually includes the key formats of Owner, Spender, value, nonce, and deadline. If you want to enjoy the convenience and low cost of Permit 2, you must learn to recognize this signature format. (Downloading a security plugin is a good option)
We recommend the following Beosin Alert anti-phishing plug-in to readers and friends, which can identify most phishing websites in the Web3 field and protect your wallet and asset security.
Anti-phishing plug-in download:
https://chrome.google.com/webstore/detail/beosin-alert/lgbhcpagiobjacpmcgckfgodjeogceji? hl=en
2 The asset wallet and the interactive wallet are used separately:
If you have a large amount of assets, it is recommended to put all assets in a cold wallet, and put a small amount of funds in the interactive wallet on the chain, which can greatly reduce the loss in case of phishing scams.
3 Do not authorize too much amount to the Permit 2 contract or cancel the authorization:
When you perform Swap on Uniswap, you only authorize the amount you want to interact with, so that although each interaction requires re-authorization, there will be some interaction costs, but it can avoid the signature phishing of Permit 2. If you have already authorized the quota, you can find the corresponding security plug-in to cancel the authorization.
4 Identify the nature of the token and whether it supports the permit function:
In the future, more and more ERC 20 tokens may use this extension protocol to realize the permit function. For you, you need to pay attention to whether the token you hold supports this function. If it supports it, then the transaction or manipulation of the token must be Be extra careful, and strictly check whether each unknown signature is a signature of the permit function.
5 If there are tokens stored on other platforms after being cheated, a comprehensive rescue plan needs to be formulated:
When you find that you have been defrauded and your tokens have been transferred out by hackers, but you still have tokens stored on other platforms through methods such as pledge, etc., you need to withdraw them and transfer them to a safe address. At this time, you need to know that hackers may monitor you all the time The token balance of the address, because he has your signature, as long as the token appears on your stolen address, the hacker can transfer it directly. At this time, it is necessary to formulate a complete token rescue process. The two processes of extracting tokens and transferring tokens need to be executed together. Hacker transactions cannot be inserted into it. MEV transfers can be used, which requires some blockchain knowledge and code skills. You can find a professional security company such as the Beosin team to use the transaction preemption script to achieve it.
I believe there will be more and more fishing based on Permit 2 in the future,secondary title
Reference:
https://t.co/G9Mnq8eUle
https://github.com/dragonfly-xyz/useful-solidity-patterns/tree/main/patterns/permit2
