**This article is written by; Beosin; special invited independent researcher Spinach Spinach! (twitter@wzxznl) Co-authored post with; Beosin; security researcher; Sivan; *
Hackers, this is an existence that scares everyone in the Web3 ecosystem. For the project side, when hackers all over the world may stare at you, the open source nature of the code makes the project side afraid of writing a wrong line of code when developing Leaving loopholes, once a security incident occurs, the consequences will be difficult to bear.
**For individuals, if you don't understand what you are doing, every on-chain interaction or signature you make has the potential to have your assets stolen. ** Therefore, security issues have always been one of the most troublesome issues in the encryption world, and due to the characteristics of the blockchain, once assets are stolen, there is almost no way to recover them, so it is especially important to have security knowledge in the encryption world.
Just recently, **Beosin;'s good friend Spinach discovered a new phishing method that has been active in the past two months, as long as the signature is stolen, the method is extremely hidden and difficult to prevent, and used;Uniswap; All interactive addresses may be exposed to risks. This article; Beosin; and independent researcher Pincai jointly conduct popular science on this signature phishing technique, and try to avoid more asset losses for everyone. **
The following is a retelling of spinach's personal experience:
process
Recently, a friend (tentatively called Xiao;A) found Spinach after the assets in his wallet were stolen. Unlike the usual way of theft, Xiao;A; did not disclose the private key nor interact with the contract of the phishing website. So Spinach began to investigate the asset theft.
In the block chain browser, you can see that the small ;A; wallet stolen; USDT; is transferred through the ;Transfer From; Token; When transferring funds, the "Transfer" function of the "Token" smart contract is actually called. ;Transfer From; means that a third party transfers the ;Token; in an address to another address. **This also means that the stolen asset was transferred from another address; Token; rather than leaking the private key of the wallet.
By querying the transaction details, we can find some key clues:
The address with tail number;f;d5;1; transfers the assets of small;A; to the address with tail number;a;0;c;8;
This operation interacts with the;Permit;2;contract of;Uniswap;
So here comes the doubt, how did the address ending in ;f;d5;1; get the permission of this asset? Why is it related to "Uniswap"?
First of all, we need to know that in order to successfully call the "Transfer From;" function, the premise is that the caller needs to have the "Token" quota authority, that is, "approve". I believe everyone who has operated on the chain must be familiar with it. When we When using some "Dapp", once the transfer of assets is involved, we need to perform an authorization (approve) operation first, so that the "Dapp" contract has the right to transfer our assets.
To solve this puzzle, we need to continue digging, and the answer is in the interaction record of the address ending in ;f;d5;1;, at this address, ;Transfer From;transfer small;A; Before the asset, you can see that the address has also performed a "Permit" operation, and the interaction objects of these two operations are "Uniswap;'s "Permit;2" contract, then this "Permit" function and "Uniswap Permit" ;2;What's the situation?
The Uniswap Permit;2; contract is; Uniswap; at the end of; 2022; the new smart contract launched, according to the official statement, this is a token approval contract that allows token authorization to be shared and managed in different applications, Create a more unified, cost-effective, and secure user experience.
And in the future, as more and more projects integrate with Permit; 2, Permit; 2; can be standardized in all applications; Token; approved. Permit;2 will improve user experience by reducing transaction costs while increasing the security of smart contracts.
Let's first understand why "Uniswap" wants to launch "Permit;2;, let's assume a scenario, when we want to "Swap" on a certain "Dex", the traditional interaction method is that we need to authorize (approve) Give this "Dex, and then "Swap", which usually costs us two "Gas" fees, and the friction cost is too high for users. I believe everyone has had such an experience.
Image Source:
The launch of "Permit; 2" may change the entire "Dapp" ecological game rules. Simply put, the traditional method is that you need to authorize every time you interact with a "Dapp" for asset transfer, and; Permit; 2; This step can be omitted, which can effectively reduce the user's interaction cost and bring a better user experience.
The solution is;Permit;2;as the middleman between the user and the;Dapp;, the user only needs to authorize the permission of the;Token;to the;Permit;2;contract, all integrated;Permit;2;contract;Dapp; This authorized amount can be shared. For users, it reduces interaction costs and improves user experience. For "Dapp", the improvement of user experience brings more users and funds. This is a win-win situation, but At the same time, this can also be a double-edged sword, and the problem lies in the way ;Permit;2; interacts.
In the traditional interaction mode, whether it is authorization or transfer of funds, it is an interaction on the chain for the user of the operation. And ;Permit;2; turns the user's operation into an off-chain signature, and all operations on the chain are done by intermediate roles (such as;Permit;2;contracts and project parties that integrate ;Permit;2;, etc.) , the benefit brought by this scheme is that because the role of interaction on the chain is transferred from the user to the intermediate role, even if the user does not have "ETH" in the wallet, he can use other "Token" to pay the "Gas" fee or be completely reimbursed by the intermediate role. It depends on the choice of intermediate roles.
Image Source:
Although the emergence of "Permit;2" may change the future "Dapp" game rules, it can be seen that this is a strong double-edged sword. For users, off-chain signatures are the easiest way to put down their defenses Links, such as when we log in to some "Dapp" with a wallet, we need a signature to connect, and most people don't check the content of the signature carefully and don't understand the content of the signature, and this is the scariest place.
Understood;Permit;2;Contract, back to the small;A; event, we understand why assets are stolen and interact with;Permit;2;Contract, then let Spinach reproduce this;Permit; 2. Signature phishing method, first of all, a crucial prerequisite is that the wallet being phished needs to have the "Token" authorized to "Uniswap"; the "Permit;2; ;Dapp; or ;Swap; on Uniswap;, all need to be authorized to the ;Permit;2; contract (the spinach in the picture below uses a security plug-in).
Another scary point is that no matter what amount you want to "Swap", Uniswap;'s "Permit;2" contract will allow you to authorize the "Token" by default, although the "MetaMask" will allow you to Define the input amount, but I believe that most people will directly click on the maximum or default value, and the default value of ;Permit;2; is unlimited amount....
This also means that as long as you have interacted with "Uniswap" and authorized the amount to the "Permit; 2" contract after 2023, you will be exposed to the risk of this phishing scam.
Because the focus is on the ;Permit; function that interacted with the ;Permit;2; contract in the address ending in ;f;d5;1;, this function simply uses your wallet to authorize you to ;Permit; 2; The "Token" of the contract is transferred to another address, that is to say, as long as you get your signature, the hacker can get the "Token" authority in your wallet and transfer your assets away.
Event detailed analysis
permit; Function:
You can think of the "Permit" function as a way to sign contracts online. This function allows you (PermitSingle) to pre-sign a "contract" that allows someone else (spender) to spend some of your tokens at some point in the future.
At the same time, you also need to provide a signature (signature), just like signing a paper contract, to prove that this "contract" is really signed by you.
So how does this function work?
First, it will check whether the current time exceeds the validity period of your signature (sigDeadline). Just like the contract you signed has an expiration date, if the current time exceeds the expiration date, then this "contract" can no longer be used, and the program will stop directly.
Next, it checks that your signature is really yours. The program will use a special method (signature.verify) to check the signature to ensure that the signature is really signed by you and has not been forged by others.
Finally, if the checks pass, the program will update the record to note that you have allowed others to use some of your tokens.
The focus is mainly on the ;verify; function and the _updateApproval; function.
verify; function:
It can be seen that the verify; function will obtain the three data; v, r, s; from the signature information parameter, v, r, s; is the value of the transaction signature, and they can be used to restore the address of the transaction signature, as shown in the figure above It can be seen from the code that after the contract restores the address of the transaction signature, it compares it with the incoming token owner address. If they are the same, the verification passes, and the call to the _updateApproval; function continues. If they are different, the transaction is rolled back.
_updateApproval; Function:
When the signature verification is passed, the _updateApproval; function will be called to update the authorization value, which means that your permissions have been transferred. At this time, it is convenient to call the ;transferfrom; function to transfer the token to the specified address after being authorized, as shown in the code below.
Ok, after explaining the "permit" function, let's take a look at the real transaction on the chain. We can find out the details of this interaction:
owner; is small;A;'s wallet address (tail number;308;a)
Details; you can see the authorized; Token; contract address (USDT) and amount and other information
Spender; is the hacker address with tail number;f;d5;1;
sigDeadline; is the effective time of the signature, and;signature; is the signature information of small;A;
And looking back at the interaction records of xiao;A; we will find that **xiao;A; used the "Uniswap" before and clicked the default authorization amount, which is almost unlimited. **
A simple review is that ** is small; A; was authorized to "Uniswap Permit" in the process of using "Uniswap" before; 2; unlimited; USDT; amount, but small; A; accidentally when performing wallet operations Falling into the ;Permit;2; signature phishing trap designed by hackers, the hacker got the signature of small;A; and used the signature of small;A; in the;Permit;2;contract;Permit;and;Transfer From; The two operations transferred the small;A;'s assets away,** and what Spinach has observed is that the;Permit;2;contract of "Uniswap; Only became active a few months ago.
source:
And in the interaction records, it can be found that almost most of them are marked phishing addresses (Fake_Phishing), and people are constantly being fooled.
source:;
How to prevent?
Considering that the "Uniswap Permit; 2" contract may become more popular in the future, and there will be more project integration "Permit; 2;" contracts for authorization and sharing, we can think of effective prevention methods as follows:
1 Understand and recognize signature content:
Permit;'s signature format usually includes;Owner, Spender, value, nonce; and; Format. (Downloading a security plugin is a good option)
We recommend the following "Beosin" anti-phishing plug-in to all readers and friends, which can identify most phishing websites in the Web3 field and protect everyone's wallet and asset security.
Anti-phishing plug-in download:
2 The asset wallet and the interactive wallet are used separately:
If you have a large amount of assets, it is recommended to put all assets in a cold wallet, and put a small amount of funds in the interactive wallet on the chain, which can greatly reduce the loss in case of phishing scams.
3 Do not authorize too much amount to;Permit;2;Contract or cancel authorization:
When you "Swap" on "Uniswap", you only authorize the amount you want to interact with, so that although each interaction requires re-authorization, there will be some interaction costs, but you can avoid suffering from "Permit;2; Sign Fishing. If you have already authorized the quota, you can find the corresponding security plug-in to cancel the authorization.
**4 Identify the nature of the token, whether it supports; permit; function: **
In the future, more and more "ERC;20" tokens may use this extension protocol to realize the "permit" function. For you, you need to pay attention to whether the token you hold supports this function. If so, then for the token Be extra careful in transactions or manipulations, and strictly check whether each unknown signature is the signature of the "permit" function.
5 If there are tokens stored on other platforms after being cheated, it is necessary to formulate a comprehensive rescue plan:
When you find that you have been defrauded and your tokens have been transferred out by hackers, but you still have tokens stored on other platforms through methods such as pledge, etc., you need to withdraw them and transfer them to a safe address. At this time, you need to know that hackers may monitor you all the time The token balance of the address, because he has your signature, as long as the token appears on your stolen address, the hacker can transfer it directly. At this time, it is necessary to formulate a complete token rescue process. The two processes of extracting tokens and transferring tokens need to be executed together. Hacker transactions cannot be inserted into it. You can use "MEV" transfer, which requires some blockchain knowledge and code skills. , You can also look for a professional security company such as; Beosin; team to use the transaction preemptive script to achieve.
I believe that there will be more and more phishing based on "Permit;2;" in the future, **this signature phishing method is extremely hidden and difficult to prevent, and with the wider application of "Permit;2; There will be more and more addresses under it. I hope that you in front of the screen can spread it to more people after reading this article, so as to avoid more people being stolen. **
Reference:
View Original
The content is for reference only, not a solicitation or offer. No investment, tax, or legal advice provided. See Disclaimer for more risks disclosure.
Signature stolen? Be wary of Uniswap Permit2 signature phishing
**This article is written by; Beosin; special invited independent researcher Spinach Spinach! (twitter@wzxznl) Co-authored post with; Beosin; security researcher; Sivan; *
Hackers, this is an existence that scares everyone in the Web3 ecosystem. For the project side, when hackers all over the world may stare at you, the open source nature of the code makes the project side afraid of writing a wrong line of code when developing Leaving loopholes, once a security incident occurs, the consequences will be difficult to bear.
**For individuals, if you don't understand what you are doing, every on-chain interaction or signature you make has the potential to have your assets stolen. ** Therefore, security issues have always been one of the most troublesome issues in the encryption world, and due to the characteristics of the blockchain, once assets are stolen, there is almost no way to recover them, so it is especially important to have security knowledge in the encryption world.
Just recently, **Beosin;'s good friend Spinach discovered a new phishing method that has been active in the past two months, as long as the signature is stolen, the method is extremely hidden and difficult to prevent, and used;Uniswap; All interactive addresses may be exposed to risks. This article; Beosin; and independent researcher Pincai jointly conduct popular science on this signature phishing technique, and try to avoid more asset losses for everyone. **
The following is a retelling of spinach's personal experience:
process
Recently, a friend (tentatively called Xiao;A) found Spinach after the assets in his wallet were stolen. Unlike the usual way of theft, Xiao;A; did not disclose the private key nor interact with the contract of the phishing website. So Spinach began to investigate the asset theft.
In the block chain browser, you can see that the small ;A; wallet stolen; USDT; is transferred through the ;Transfer From; Token; When transferring funds, the "Transfer" function of the "Token" smart contract is actually called. ;Transfer From; means that a third party transfers the ;Token; in an address to another address. **This also means that the stolen asset was transferred from another address; Token; rather than leaking the private key of the wallet.
By querying the transaction details, we can find some key clues:
The address with tail number;f;d5;1; transfers the assets of small;A; to the address with tail number;a;0;c;8;
This operation interacts with the;Permit;2;contract of;Uniswap;
So here comes the doubt, how did the address ending in ;f;d5;1; get the permission of this asset? Why is it related to "Uniswap"?
First of all, we need to know that in order to successfully call the "Transfer From;" function, the premise is that the caller needs to have the "Token" quota authority, that is, "approve". I believe everyone who has operated on the chain must be familiar with it. When we When using some "Dapp", once the transfer of assets is involved, we need to perform an authorization (approve) operation first, so that the "Dapp" contract has the right to transfer our assets.
To solve this puzzle, we need to continue digging, and the answer is in the interaction record of the address ending in ;f;d5;1;, at this address, ;Transfer From;transfer small;A; Before the asset, you can see that the address has also performed a "Permit" operation, and the interaction objects of these two operations are "Uniswap;'s "Permit;2" contract, then this "Permit" function and "Uniswap Permit" ;2;What's the situation?
The Uniswap Permit;2; contract is; Uniswap; at the end of; 2022; the new smart contract launched, according to the official statement, this is a token approval contract that allows token authorization to be shared and managed in different applications, Create a more unified, cost-effective, and secure user experience.
And in the future, as more and more projects integrate with Permit; 2, Permit; 2; can be standardized in all applications; Token; approved. Permit;2 will improve user experience by reducing transaction costs while increasing the security of smart contracts.
Let's first understand why "Uniswap" wants to launch "Permit;2;, let's assume a scenario, when we want to "Swap" on a certain "Dex", the traditional interaction method is that we need to authorize (approve) Give this "Dex, and then "Swap", which usually costs us two "Gas" fees, and the friction cost is too high for users. I believe everyone has had such an experience.
Image Source:
The launch of "Permit; 2" may change the entire "Dapp" ecological game rules. Simply put, the traditional method is that you need to authorize every time you interact with a "Dapp" for asset transfer, and; Permit; 2; This step can be omitted, which can effectively reduce the user's interaction cost and bring a better user experience.
The solution is;Permit;2;as the middleman between the user and the;Dapp;, the user only needs to authorize the permission of the;Token;to the;Permit;2;contract, all integrated;Permit;2;contract;Dapp; This authorized amount can be shared. For users, it reduces interaction costs and improves user experience. For "Dapp", the improvement of user experience brings more users and funds. This is a win-win situation, but At the same time, this can also be a double-edged sword, and the problem lies in the way ;Permit;2; interacts.
In the traditional interaction mode, whether it is authorization or transfer of funds, it is an interaction on the chain for the user of the operation. And ;Permit;2; turns the user's operation into an off-chain signature, and all operations on the chain are done by intermediate roles (such as;Permit;2;contracts and project parties that integrate ;Permit;2;, etc.) , the benefit brought by this scheme is that because the role of interaction on the chain is transferred from the user to the intermediate role, even if the user does not have "ETH" in the wallet, he can use other "Token" to pay the "Gas" fee or be completely reimbursed by the intermediate role. It depends on the choice of intermediate roles.
Image Source:
Although the emergence of "Permit;2" may change the future "Dapp" game rules, it can be seen that this is a strong double-edged sword. For users, off-chain signatures are the easiest way to put down their defenses Links, such as when we log in to some "Dapp" with a wallet, we need a signature to connect, and most people don't check the content of the signature carefully and don't understand the content of the signature, and this is the scariest place.
Understood;Permit;2;Contract, back to the small;A; event, we understand why assets are stolen and interact with;Permit;2;Contract, then let Spinach reproduce this;Permit; 2. Signature phishing method, first of all, a crucial prerequisite is that the wallet being phished needs to have the "Token" authorized to "Uniswap"; the "Permit;2; ;Dapp; or ;Swap; on Uniswap;, all need to be authorized to the ;Permit;2; contract (the spinach in the picture below uses a security plug-in).
Another scary point is that no matter what amount you want to "Swap", Uniswap;'s "Permit;2" contract will allow you to authorize the "Token" by default, although the "MetaMask" will allow you to Define the input amount, but I believe that most people will directly click on the maximum or default value, and the default value of ;Permit;2; is unlimited amount....
This also means that as long as you have interacted with "Uniswap" and authorized the amount to the "Permit; 2" contract after 2023, you will be exposed to the risk of this phishing scam.
Because the focus is on the ;Permit; function that interacted with the ;Permit;2; contract in the address ending in ;f;d5;1;, this function simply uses your wallet to authorize you to ;Permit; 2; The "Token" of the contract is transferred to another address, that is to say, as long as you get your signature, the hacker can get the "Token" authority in your wallet and transfer your assets away.
Event detailed analysis
permit; Function:
At the same time, you also need to provide a signature (signature), just like signing a paper contract, to prove that this "contract" is really signed by you.
So how does this function work?
The focus is mainly on the ;verify; function and the _updateApproval; function.
verify; function:
It can be seen that the verify; function will obtain the three data; v, r, s; from the signature information parameter, v, r, s; is the value of the transaction signature, and they can be used to restore the address of the transaction signature, as shown in the figure above It can be seen from the code that after the contract restores the address of the transaction signature, it compares it with the incoming token owner address. If they are the same, the verification passes, and the call to the _updateApproval; function continues. If they are different, the transaction is rolled back.
_updateApproval; Function:
When the signature verification is passed, the _updateApproval; function will be called to update the authorization value, which means that your permissions have been transferred. At this time, it is convenient to call the ;transferfrom; function to transfer the token to the specified address after being authorized, as shown in the code below.
Ok, after explaining the "permit" function, let's take a look at the real transaction on the chain. We can find out the details of this interaction:
owner; is small;A;'s wallet address (tail number;308;a)
Details; you can see the authorized; Token; contract address (USDT) and amount and other information
Spender; is the hacker address with tail number;f;d5;1;
sigDeadline; is the effective time of the signature, and;signature; is the signature information of small;A;
And looking back at the interaction records of xiao;A; we will find that **xiao;A; used the "Uniswap" before and clicked the default authorization amount, which is almost unlimited. **
A simple review is that ** is small; A; was authorized to "Uniswap Permit" in the process of using "Uniswap" before; 2; unlimited; USDT; amount, but small; A; accidentally when performing wallet operations Falling into the ;Permit;2; signature phishing trap designed by hackers, the hacker got the signature of small;A; and used the signature of small;A; in the;Permit;2;contract;Permit;and;Transfer From; The two operations transferred the small;A;'s assets away,** and what Spinach has observed is that the;Permit;2;contract of "Uniswap; Only became active a few months ago.
source:
And in the interaction records, it can be found that almost most of them are marked phishing addresses (Fake_Phishing), and people are constantly being fooled.
source:;
How to prevent?
Considering that the "Uniswap Permit; 2" contract may become more popular in the future, and there will be more project integration "Permit; 2;" contracts for authorization and sharing, we can think of effective prevention methods as follows:
1 Understand and recognize signature content:
Permit;'s signature format usually includes;Owner, Spender, value, nonce; and; Format. (Downloading a security plugin is a good option)
We recommend the following "Beosin" anti-phishing plug-in to all readers and friends, which can identify most phishing websites in the Web3 field and protect everyone's wallet and asset security.
Anti-phishing plug-in download:
2 The asset wallet and the interactive wallet are used separately:
If you have a large amount of assets, it is recommended to put all assets in a cold wallet, and put a small amount of funds in the interactive wallet on the chain, which can greatly reduce the loss in case of phishing scams.
3 Do not authorize too much amount to;Permit;2;Contract or cancel authorization:
When you "Swap" on "Uniswap", you only authorize the amount you want to interact with, so that although each interaction requires re-authorization, there will be some interaction costs, but you can avoid suffering from "Permit;2; Sign Fishing. If you have already authorized the quota, you can find the corresponding security plug-in to cancel the authorization.
**4 Identify the nature of the token, whether it supports; permit; function: **
In the future, more and more "ERC;20" tokens may use this extension protocol to realize the "permit" function. For you, you need to pay attention to whether the token you hold supports this function. If so, then for the token Be extra careful in transactions or manipulations, and strictly check whether each unknown signature is the signature of the "permit" function.
5 If there are tokens stored on other platforms after being cheated, it is necessary to formulate a comprehensive rescue plan:
When you find that you have been defrauded and your tokens have been transferred out by hackers, but you still have tokens stored on other platforms through methods such as pledge, etc., you need to withdraw them and transfer them to a safe address. At this time, you need to know that hackers may monitor you all the time The token balance of the address, because he has your signature, as long as the token appears on your stolen address, the hacker can transfer it directly. At this time, it is necessary to formulate a complete token rescue process. The two processes of extracting tokens and transferring tokens need to be executed together. Hacker transactions cannot be inserted into it. You can use "MEV" transfer, which requires some blockchain knowledge and code skills. , You can also look for a professional security company such as; Beosin; team to use the transaction preemptive script to achieve.
I believe that there will be more and more phishing based on "Permit;2;" in the future, **this signature phishing method is extremely hidden and difficult to prevent, and with the wider application of "Permit;2; There will be more and more addresses under it. I hope that you in front of the screen can spread it to more people after reading this article, so as to avoid more people being stolen. **
Reference: