 Hello, um, this is double one. Um, I'm so glad that I have a chance to give a presentation in Def Con blockchain village 29. And the presentation I will give today is titled towards understanding the unlimited approval in theory. So let's get started. Again, I'm double one and I'm currently a PhD student at the Monarch University. And also, I am a team member and block stack team as a security researcher on my research interests on our blockchain security and defy security. And also, Hongfeng is another main contributor in this project. He is a master's student at Jojian University and also a team member of block stack team. Yeah, Jinzhou and Lei Wu supervised us in this project. They are professor and assistant assistant professor at Jojian University, as well as the co funders of block stack team. The outline of this presentation consists of four sections. First of all, we will mainly explain what is unlimited approval in theorem blockchain system. And follow up, we will present some real war incidents related to unlimited approval issues. As third section of this presentation, I will show some measurement results about unlimited approval. Finally, I will elaborate on the impacts of project that you can take away. So what is the unlimited approval in theory. Some of you might heard unlimited approval or unlimited allowance or maybe infinite approval before, and some may not. For those who are not familiar with the term unlimited approval. May I ask a question here are like, what is approval actually what is approval in ERC 20 tokens. Of all about ERC 20 tokens, many famous tokens like die, LRC, USDT, USDC are all ERC 20 tokens. And of course, there are many more in the Ethereum blockchain. So, according to my investigation, I find coin Gecko, which is a crypto price platform aggregating price data for own chain tokens. It records over 5600 tokens following ERC 20 standard. And also Uniswap, which is an own chain exchange records over 44,000 ERC 20 token for users to trade on. So, before we get details into the approval process. I'm going to mention a few important variables and functions built in the ERC 20 token standard here. Balance of is a mapping variable to record the number of tokens owned by users. As an example, balance of a equals to the number of token owned by a. Now allowance is a nested mapping variable. Also, for example, allowance AB equals to the number of tokens that can be transferred from a by B. As for functions approved and transfer from we will show more details in the next slide. As the pro as the approval process in the ERC token standard. There are three main entities sender, which is also known as user token token contract and spender, which is platforms such as exchange landing platforms. The service provided by spender contracts, such as exchanging tokens in change. The sender needs to grant permission by invoking the approval function. With the permission approved by sender, the spender will then transfer the sender's token to launch the requested service. The function will apply the change to variable allowance. And as well, the change of function transfer will be applied to the variable balance off. Now, let's take a step further to see more details in an example. Let's talk about if a user wants to exchange 80 US DT in your unit swap. What are the process of change in both variable looks like. As you can see from the table called the state changing the user and unit swap have 100 and zero tokens stored in the US DT contract. Well, because, because of course you as the unit swap platform might have millions of us DT in reality. And the unit swap has no allowance to transfer any tokens from the user. So, the second step. Well user are calling the approval function. The balance of both users and unit swap will still remain the same, which is zero. So for user will be 100 for the unit swap will remain the remain the same as zero, but you need swap will now have 100 allowance, which allows you need to spend 100 US DT from user conceptually. Finally, come to the third step. Well, you need swap will transfer 80 US DT from the user by calling transfer from function. Ideally, you need swap unit source balance of us DT will increase up to 80 US DT and at the same time, it's allowance will decrease. However, from the front end users view in my looks a bit more complicated in the real world situation. Now I notice that most user will connect their crypto wallets to perform an action in the Ethereum blockchain. Now, we will go through the real world process of making an approval transaction. First of all, the user will connect the wallet to platforms and then select the service with customized setting as wish. The second step the platforms will send approval transaction to the wallet for confirmation. So after receiving the transaction constructed by platforms, the wallet will present information to users to wait for users confirmation. Next, if you if user agree with the information displayed on the transaction, then the user can confirm the transaction and and click the confirm button in the wallet. Lastly, the wallet will send the transaction to the network and the transaction will be validated in the network as well. And the after the transaction is up to the chain on the the transaction will modify users allowance in the token contract. So let's go back to the question. What is the unlimited approval. Actually, there are three types of approval based on the approval amount. Zero approval, as you can tell actually is the approval with value zero users send zero approval transaction is mainly for revoking the extra allowance proved approved to the platforms. So after sending zero approval transaction, the you the allowance of user to the platform well turns to zero unlimited approval is the offset way of the zero approval. The approval transaction will send with maximum amount of value for the total supply of the chosen token. Actually, they are quite similar. Both are the maximum value. As you might notice the maximum amount could be could be the max you in value here. As for other as for others approvals. It's either because of users customization or broke protocols default setting. Yeah. So understanding the basic knowledge of approval mechanism and knowing what is the unlimited approval. I'm going to show you some like fun story or past incidents affected by the unlimited approval. So let's talk about the Unicat and Banker Finance. Actually, Unicat is a farming protocol where users gain profits, which is now token through depositing Unit tokens to Unicat. However, Unicat is a fishing platform badly, and it is there, and it installs that door was stealing. So here is Banker Finance Banker Finance is a trading platform launched launched in 2020. However, it also has a has an access control problem for their transfer from function. So first, some of you might heard the Unicat platform before it is actually quite well know incidents. Unicat actually was released right after the announcement of Unit token. It is a farming project that users gain profits, which is now token by depositing the Unit tokens into Unicat. Unicat is a totally unordinated, it's not audited at all. It even set a like backdoor backdoor function in their contract and intend to steal users deposit or approved tokens. In 2016, September 2020, the Uniswap introduced their protocol token Uni and sent to all users who participate their service before. Therefore, actually many users gain lots of Unit tokens for free. With a very short time, like four days, a farming platform called Unicat came out. Like some other farming platform, Unicat again takes users Unit token and promises to give them profits back. The first mission of Unicat is of course to a check user to deposit their Unit tokens. However, Unicat is a evil cat. It's not like it's not cute as it looks like. And the interesting thing is Unicat is totally an unordited project. Based on that, a lot of users choose to trust Unicat and approve their tokens since everybody gets the Unit token for free at that time. Therefore, the rough decision actually direct users to lose their Unit tokens because of pre-installed backdoor of Unicat. But once again, how? What's the backdoor? So what is the backdoor here? In Unicat, as mentioned before, there is an interesting function called set governance. This function actually can only be called by the owners, which is Unicat itself. To still use this Unit token, Unicat only needs to set governance as Unit token address and set up data as transfer or transfer from function with corresponding parameters. If you cannot get the point, how about this? Unicat actually can easily steal all users approved Unit tokens based on the approved amount, no matter how much the user actually deposit. If users use unlimited approval at the beginning, users actually can lose all her or his Unit tokens. How about like Banker Finance? On 17 June 2020, the Banker Finance is announced. The incidence of Banker Finance is more straightforward. The thing is Banker Finance accidentally set their transfer from function. Here they call the, they replicate with a function called a safe transfer from, but it still is transfer from function. They just accidentally set the transfer from function as public. By saying that, it means that anybody can transfer tokens to their account or other address via calling their, via calling Banker Finance's safe transfer from function. But fortunately, the Banker Finance discovered this bug at the beginning, and they ran a white hat hack to transfer users token to another safe contract. Right. We probably can notice that the malicious or buggy platforms can easily lead users to lose their approved tokens. And the results will be worse if the user approved with maximum amount. Right. In addition, actually, there are, there are much more here. We also like attach the three incidents related to maximum approval problem, and that you can easily follow the link and read more details about them. Okay, coming to the next, next section. In, in this section, we will, we will present some measurement results related to unlimited approval for measurements. I conduct two types of investigation. For the off-chain investigation, I focused on wallet and platform, since users might have direct interaction with their web or mobile interface. In this investigation, I try to answer two questions. The first question is how is the interface design in wallets and the platforms for approval processing. For the second, do they warm users about unlimited approval at all. And for the on-chain investigation, we focus on platform, which, which is also known as spender, and also tokens. We also try to answer two questions in this investigation. The first question is how unlimited approvals distributed on the chain. And how risky are approved, approved tokens on the chain. To answer two questions, we mainly look at two aspects of user interface provided by both wallets and platforms. For explanation, we will look at whether they present clear information for approval transaction. For modification future, we will look at whether they enable users to customize their approval amount. Here, we select 15 well-known wallets in our off-chain investigation. And here, we will guide you through the approval approving process, designed in three wallets with a, with a, with a application called compound platform. These three selected wallets actually, I think we'll cover the, we'll almost cover all the metadata showed in this table. Metamask is a very, very well-known wallet. It has over one million downloads and over 8000 reviews from Google Play Store. We're using compound with Metamask wallet. Actually, it provides pretty, pretty informative text to help users to double check their approval transaction. Moreover, even provide the modification future for users to edit the approval amount. As you can see, user can customize their approval, approval amount. The changes will be applied to the transaction easily before users confirmation. Compared to Metamask wallets, ArmToken has much less downloads and reviews from Google Play Store. In terms of approving process in compound platform, it has actually a specific section for users to modify their permission. I mean, this is good, right? And, and also users can customize the approval amount. And as well, it provides like informations about the token spenders, token spender and token sender. But actually, this is less informative compared to Metamask. As you can see, at least it provides like the modification futures for users to edit their approval amount. Actually, the last wallet I will present is Coinbase. Compared to previous two wallets, Coinbase wallet have over one million downloads and it has the most reviews from the user. However, while I'm using it with compounds, it does not provide any information about the approval transaction. And, and also it does not give you any like more give users any modification futures. It requires user to confirm, confirm the payment and warn about the trust. But somehow, if you click the confirm, it directly set the Coinbase while directly send the approval transaction to the network for verification. And then you can only view, you can only view the details of your transaction afterwards. Finally, here it charges me like unlimited approval since it's the default setting in compound platform. So, about the platforms, the off-chain investigation for platforms, I select like 24 platforms based on their total locked value. And to better understand, better understand how to explain nation of approval in each platform. We defined three categories. The first category is whether the platform provide a some explanation for approval transactions on their web UI. And the category two is whether the platform notify users of the approval transactions assistance. And the last one, criteria three, whether the platform notify user that to transaction actually are sequentially executed. Okay. And also, in this subsection, I will also go through the details of four platforms. May, may I gain your attention about the two platforms here? You may notice there are two special case down below, which is which are co-finance and young finance. Actually, for these two platforms, they are actually can't misleading users about unlimited approval. Anyway, I will go through both of them as well in the following. So, compound. Compound is the fourth largest platform based on the total locked value. And it's in third, it's on third place of all like landing platforms here. Actually, while I'm using the platform, the compound, as you can see, it only provides the keyword enable. And it has no explanation for the approval process at all. Moreover, it does not supply any modification future in their platform interface. When I try to confirm the action by clicking the enable button. What happened? I actually just got the unlimited approval. Therefore, actually, we might, we might can tell that compound does not really give too much details and future for users in terms of approval. And banker, banker ranks 15 based on the total locked value. And actually it's in its own like fifth place among all decentralized exchange. Well, I'm using, well, I'm using banker for trading by clicking the swap, the swap button. It gives me the instruction. And surprisingly, like, it explains the, it explains the approval, and even gives you the two options on their website interface. As you can see, with unlimited approval, obviously, a maximum amount of tokens will be approved. But with limited approval, it only requests exact amount of token for permission. And now coming to the interesting case, you know, why in finance, actually, it's also known as Wi-Fi. This platform ranks nice, based on the total log the value and its own second place in a set class. So in your in Wi-Fi, it combines two transactions on the transaction for approved and the transaction for for transfer from. They combined the two transactions with one button approved. And actually, for this part, while you move the mouse on the button, actually, it provides very detailed explanation of approving process. As you can see, even since there is actually a sequence of the of the transaction that they will require you to approve first, then they will allow you to, they will like allow you to depositing the the tokens into the platform. But somehow, the interesting thing happens. While users are thinking, they are only approved one USDT to the platform. Actually, what they get is an unlimited approval. This approval transaction definitely constructed by Wi-Fi. And the button approved here, it actually is pretty, it's pretty misleading. It means it's like a well confused user, whether they, it will probably make you think that they only approve one USDT to the platform, instead of like a maximum amount of their USDT. Same situation in Co-finance too. When users are told about approved 10 USDT for exchange, it's actually an unlimited approvals. I know sometimes, I know you might notice that while I'm using the MetaMask wallet, I can actually edit the allowance. But somehow, if you imagine some users from Coinbase, which does not provide the information or modification future at all, what they are going to do? So I think the platform should really provide like well-explained nation for users. So, according to my case study, I think wallets like Coinbase and platforms like UM-finance and Co-finance should really consider to provide users like enough information or at least they should guide users to a right understanding of approval process, instead of just maximizing their user interface with one maximum approval transaction. Okay. Now, about on-chain analysis, I will present the results in two different perspectives. First, I conduct a full-chain analysis to see the distribution of approval transactions. And I will also show you the top 1000 tokens and spenders with most unlimited approval. Then, I also attended to find out how much risk our tokens and the platforms are taking. In specific, we analyzed three famous stable coins and the two platforms which are suffered from unlimited approval. Now, about the distribution, I'd like to show you the chain of, I like to show you the chain of approval transactions made externally. Just to remind you about maximum approval, as you can see as shown in this chat here, we can easily tell that the number of the unlimited approval transactions are increasing rapidly. The reason rapidly, rapidly, rapidly in recent years, especially after Uniswap V2 are announced. The reason I mentioned, I mentioned the Uniswap V2 rather than other platforms is because that Uniswap V2 is an exchange platform with a large throughput. And as you can see here, the Uniswap V2 is using unlimited approval as default setting. It says that users only have to do the approval once per token, which also we can see from the wallet. It definitely approved the maximum amount request, the maximum approvals from the users. So, or maybe let us take a step further to see whether, to see whether it proves my thoughts. This is a distribution plot for 1000 spenders sitting on the top of the most, most unlimited approvals. For X access, it describes, like for X access here, it describes the, it describes like how active is the token. The larger value here on this actually indicates more active the token, the token is. For Y access, it indicates the percentage of unlimited approvals among all approvals. So the large value of the Y access, the large value of Y value indicates the more unlimited approvals that the token are involved with. As for the size of each dot, it indicates the total amount of approvals. Larger the size actually more approvals contained here, contained by each token. Now, let us take a close look at the plot. Especially the red dot at the right top corner. This, this thought actually is Unisort V2. Obviously, that from the plot, we can easily tell that Unisort V2 dominates each dimension, no matter, liveness, max approval ratio, or even the size. Therefore, this might can explain why the number of unlimited approval increase so rapidly after the announcement of Unisort. Similarly, we also pulled out the top, top 1000 tokens in terms of the number of unlimited approval. Like for those highlighted dots, they are quite similar actually based on the maximum approval ratio. But the three dots, USDT, USDC, and DAI, they are all stable coins. They are still like leading, except the maximum approval ratio. Those three are still like leading the other dots in terms of the liveness and the number of unlimited approval, which is the size. As a short conclusion, actually we found that the stable, stable coins like USDC, USDT, and DAI are highly traded with unlimited approvals. And the platform Unisort V2, it definitely dominates other platforms here. So now let's imagine if you can find a bug in the Unisort, if you can find a bug in any platforms and also all users are proving unlimited allowance to the platforms, what is going to happen? But somehow I think yeah, the Unisort might be quite safe, but actually who knows, right? Okay, now come to, that's why lead us to like give a risk analysis here. For risk analysis of token, we select three stable coins like the top three stable coins like presented before. We collect one and a half years data to plot the chain of risk for each token. More specifically, we define a term called the risk rate to describe how risky of the token are. As shown in the formula for each token, the risky amount is simply the sum of available tokens from all token holders. Here, we actually here we only can see the spendable tokens, which means the minimum value of allowance and the balance. As for the risk rates, it simply indicates the percentage of tokens that can be spent by function transfer from over tokens total supply. The analysis results of three stable coins show that USDC and USDDT, they are actually pretty stable compared to DAI, but the DAI token here has experienced a lot of up and down through the one and a half years. Actually for Spender, for the risk analysis of Spender, which is also known as platforms, we simply analyzed the risk amount of UniCAD and Banker finance, which has been presented before in previous slides. Actually, it's pretty obvious that the Banker finance has a considerable drop and hold the peak for a very short time. This is because the white hair attack may be launched by themselves, because Banker finance found their bug pretty quick and they just ran or launched the white hair attack right after they discovered it. So the peak here was holding for a very short time. As for UniCAD, there are a few up and down through two weeks. This may be because that UniCAD launched the backdoor attack for many times and the users didn't realize the backdoor before someone reported in the community. So they're quite up and down here. Actually, you can understand the drop, which is UniCAD running their backdoor function to still use this money. The up to 6th October, actually, while the community are reporting the, I mean, once the community reported that UniCAD is a phishing platform, maybe the UniCAD risky amount just all gone because all the users, they tried to, because all the users, they revoked the allowance from UniCAD. So let us consider now if after the risk analyzes for both spender and tokens, may we just consider now if we are current a participation, I mean, participants in crypto trading, like what kind of level of risk you are taking now. If you define three levels, three levels of risk that you might can take it into your consideration while you are trading in the Ethereum. First of all, if you have zero allowance for any spenders, no matter how many tokens you have, there will be no risk. So don't have to worry, and you don't have to worry about stealing because you just don't have the allowance to any spender. And this can be done by customizing on your approved function signature. And or if you just get a, I mean, if you just accidentally send a maximum approval transactions to the, to the, to the chain, then you can actually just send another zero approval transaction to avoid the back. A second, actually, if your allowance is greater than there, but you actually don't have any tokens. I think you are potential victim by that I mean, once you are going to buy some like corresponding tokens, then boom, you will, you will get direct into the high risk. Your token might be in a very dangerous place because you have the allowance of your token to some other place, and you are having it, but you are not using it right. If the platform are malicious, or there's a bug in the platform, where your allowance seat seat on, then the hackers or the malicious platform can just directly transfer from your account, transfer from the token from your account to their account, right. Okay, that's the, that's all the measurements result I'm going to present to you. Now, I will show some impacts that we gained from this project. So, first of all, why platforms prefer unlimited approval. Actually, there are, there are a few reasons. I mean, first of all, two transactions actually are required for both the proof and the transfer from function, right, and also customized approval. Well, well, force, well, force user to approve each time before trading or depositing. This means that the user might need to pay more transaction fee. And also platforms actually wants to maximize the user experience by asking unlimited approval for once. Somehow, actually, there are, there are some existing solutions like ERC777 token and the EIP2612. The ERC777 token standard is first announced on 20th November 2017. Introduced term called operator. Users can actually authorize an operator to have permission to transfer their tokens with which the month. Actually, by the operator here, it's, it's actually can be, can be such, can be like exchange platform, lending platform, or some other platforms actually. With the ERC777 token, actually user do not have to repeatedly submit transactions for approvals. And also they do not have to worry about the risk of unlimited approvals, since they just don't have to do, do approval at all. In short summary, the users actually can perform a atomic purchase by using ERC777 token. Somehow, actually, however, there are still some drawbacks of ERC777 token standard. ERC777 requires a bit, a bit higher transaction fee than approval. The reason is because that it uses hooks that increase the cost of each transaction. Moreover, revoking the permission from the operator still costs a fee. So using ERC777 token requires users to select trust. I mean, I mean, of course, then the second point is that using ERC777 token, it definitely requires users to select trust for trust for operators. I think that's why even this token standard is announced pretty early, like 2017, but there still are like no many applications compared to ERC20 token. Now, as for EIP 2612 proposed on 13th April 2020, a new function called Permate is introduced here. This function contains a very simple idea. It allows users to modify the allowance variable with a side message. This means that the approval process will no longer cost transaction fee. In short summary, with this EIP, with this proposal, approving process is totally free. So furthermore, actually this idea is also used by Uniswap V3 for their lending provider tokens. On the other side, we also summarized some suggestions for both users and platforms to enhance the security for unlimited approvals. So for user, we recommend the users to select wallets wisely. The wallets with allowance modification are always good. And also, users should select platform wisely as well. Audition is always good. And lastly, it is always a good practice to monitor your approved token or the allowance amount. By doing that, you can simply use the two websites list below. And for platforms, we also have 3.3 recommendation for platforms. First of all, the platform should expand the approval mechanism and its risk for users. And the second, the platform should allow customization on approvals for security purpose. And the last, platforms should actually seriously consider the existing solutions to develop more secure tokens instead of using unlimited approval for all. Now I think that's all my presentation and here are some takeaways. First, unlimited approvals are used as default or recommended settings by most DeFi platforms nowadays. And fully understand the approval mechanism and its risk are actually necessary. So for those existing solutions, they should really be considered to develop a token or to balance the user experience and security. Users should choose audited and reliable platforms and well designed wallets for their trading or depositing. And the last one is that the platforms and wallets should provide a comprehensive explanation for the risk of unlimited approval in their user interface. By that I mean, if once the platforms and wallets give the comprehensive explanation, then at least the users can make a right decision. So that's all my presentation today. So if you want to get in touch with us. I just list the content details below and we are more than happy to take any questions or discussions. And lastly, I'm also thankful for for your attendance to listen to my presentation. Thank you.