Hash (SHA1): 028dda5ab8ac4a3d400c96439a64f451a2acad21
No.: Lianyuan Security Solution No.001
The recent Radiant Capital security incident once again reminds us that neglecting the management of smart contract permissions may lead to huge asset losses. In this incident, Radiant lost about 51 million US dollars, and users' funds are also at risk of being stolen by criminals. The official urgently calls on all users who have interacted with the project to immediately revoke the authorization of the affected contracts, and emphasizes that this operation is "not optional", otherwise user assets will face further risks of theft [Case source: https://x.com/RDNTCapital/status/1848809006976143397], and strongly recommends users to test their wallet security through the revoke.cash tool.
To deal with such sudden security issues, revoke.cash provides a powerful and simple solution that allows users to quickly review and revoke authorizations to smart contracts to prevent assets from being used improperly. This attack shows that regularly checking and managing smart contract authorizations has become a key step in protecting the security of personal assets. With revoke.cash, users can ensure the security of their wallets in just a few minutes to prevent further threats to their funds.
What is Revoke.cash?
Revoke.cash is a blockchain security tool created by Rosco Kalis (Twitter: @RoscoKalis) in 2019. Its original intention was to help users manage and revoke their authorizations with DeFi projects and smart contracts. At the time, the decentralized finance (DeFi) and smart contract ecosystems were still in their early stages of development, and although there were many active projects, these projects often required users to grant permissions, allowing them to access and spend users' tokens without restrictions. This situation obviously posed serious security risks, especially in the context of no tools to revoke these authorizations at the time, and Revoke.cash came into being.
The team's operating funds mainly come from community donations, grants, and sponsorships. The team's philosophy is to use Revoke.cash as part of the Web3 infrastructure, providing users with free and open source tools to ensure their security and transparency. The team also pays special attention to sustainability and chooses not to obtain financial support through venture capital or issuing tokens, but hopes to maintain independent operation through donations and income from related services. Moreover, the code of Revoke.cash is completely open source, which not only increases transparency, but also allows developers around the world to review and participate in improvements to ensure the reliability and security of the tools.
While working for multiple Web3 projects, Rosco Kalis noticed the urgent need for users to revoke smart contract authorization. Many DeFi, token, and NFT projects require users to authorize smart contracts to use their funds, but these authorizations are often time-limited and unlimited, which means that once a smart contract vulnerability occurs or the project party behaves improperly, the user's assets will be exposed to risks.
Initially, Rosco only maintained Revoke.cash as a personal sideline. However, with the rapid development of the Web3 field, users' demand for security tools has increased, especially as the scale and funding of DeFi projects have expanded, the severity of permission management issues has gradually become apparent. In 2022, Rosco decided to focus on Revoke.cash full-time and launched a series of new features, including the Revoke.cash browser extension and a brand new permission approval dashboard, which greatly improved the user experience and security.
When using decentralized exchanges like #Uniswap and #OpenSea, users often unconsciously grant contracts unlimited access to funds. This practice is convenient, but it provides opportunities for hackers. The main function of Revoke.cash is to help users view and revoke the authorizations they have granted to different smart contracts, ensuring that users can actively manage their permissions and prevent funds from being used improperly. Users only need to connect their wallets to view all current authorizations on the platform and choose to revoke unnecessary or potentially risky permissions. The recent Radiant project attack is a vivid example.
These features of Revoke.cash make it an indispensable security tool in the Web3 field. It fills the gap in permission management in the DeFi ecosystem and helps users ensure the security of their funds in simple steps.
The product currently supports multiple well-known public chains such as Ethereum, Binance Smart Chain, Polygon, Avalanche, etc. According to the team's statistics, the number of authorizations revoked by users on the platform has increased year by year, especially when security incidents occur.
The Revoke.cash browser extension launched in 2022 makes this operation even more convenient. Users can manage and revoke authorizations directly in the browser, greatly improving the usability of the tool and user experience. By 2023, the number of authorizations revoked by users through Revoke.cash reached hundreds of thousands, involving millions of funds.
Learning resources and wallet security:
In addition to providing tools for revoking authorization, the Revoke.cash team also provides users with a wealth of learning resources: https://revoke.cash/zh/learn; to help them better understand the importance of wallet security and how to effectively protect assets. With the help of Revoke.cash, users can more easily protect themselves from potential attacks and asset losses.
Through these innovative and practical features, Revoke.cash has become an essential tool for users to manage authorization and ensure asset security in the Web3 field.
Market Application:
It is worth mentioning that Revoke.cash has reached a strategic partnership with leading wallet projects #MetaMask and #Ledger. This cooperation aims to further enhance the security of users' assets. Through integration with #MetaMask, users can more conveniently manage authorization when using wallets; the cooperation with #Ledger provides users with hardware wallet Dapp selective installation to enhance security, making asset management safer and more reliable.
According to current user feedback, many people have given high praise to Revoke.cash for its ease of use and intuitive interface. Many users have shared their experience on social media, encouraging others to regularly check and revoke unnecessary authorizations. Such feedback not only enhances users' trust in Revoke.cash, but also encourages more people to pay attention to the security of smart contracts.
How to use Revoke.cash?
The process of using Revoke.cash for smart contract permission management is very simple, and users can ensure the security of their assets in just a few steps. The following is a detailed operation guide with corresponding picture examples to help users understand each step more intuitively.
Step 1: Visit Revoke.cash website
First, open your browser and visit Revoke.cash. The page will display a friendly interface where users can start the operation.
Step 2: Connect your wallet
In the upper right corner of the page, click the "Connect Wallet" button and select your favorite wallet type, such as MetaMask, WalletConnect, or other supported wallets. Follow the wallet prompts to complete the connection.
Step 3: Check the authorization status
Once connected successfully, Revoke.cash will automatically scan your wallet and display all currently authorized smart contracts. You can view detailed information for each contract, including the contract name, authorized amount, and asset type.
Step 4: Revoke unnecessary authorizations
In the authorization list, select the contract you want to cancel and click the "Cancel" button. The system will prompt you to confirm the cancellation operation to ensure that you understand the consequences of the operation. After confirmation, the system will automatically process the cancellation request.
Step 5: Confirm the withdrawal status
After the revocation operation is completed, you can return to the authorization list and confirm that the authorization status of the selected contract has been updated to "Revoked". At this time, your assets will be safer and avoid being accessed by unnecessary contracts.
It is also recommended that you install its Revoke.cash browser extension. Phishing sites sometimes pretend to ask you to mint NFTs or other legitimate operations to defraud authorization. When these phishing scams occur. Every time you are about to sign a license, the extension will pop up and inform you of the details of the license. This can help you prevent signing malicious licenses.
Please note:
Regular Check: It is recommended that users regularly use Revoke.cash to check authorization status to ensure asset security.
Authorize with caution: When interacting with a new contract, try to limit the authorization amount and avoid granting unlimited permissions.
Understand the contract: Before authorizing, be sure to understand the function and reputation of the contract and avoid interacting with untrustworthy contracts.
Through the above steps, users can easily manage smart contract authorization and improve asset security. Revoke.cash provides users with an intuitive and efficient solution to help them better control their digital assets.
in conclusion
As a convenient and powerful security tool, Revoke.cash provides users with an efficient solution to proactively manage and revoke smart contract authorizations. This not only helps protect personal assets, but also promotes the importance of smart contract security in the blockchain field. With a few simple steps, users can quickly understand the authorization status of their wallets and take necessary measures to ensure the security of their assets.
In the future, as blockchain technology continues to evolve, users' demand for security tools will only grow. The existence of Revoke.cash is not only a response to this demand, but also an important step to enhance user trust and ensure the security of digital assets. We encourage all blockchain users to regularly use Revoke.cash to check and manage their authorizations, so as to plan ahead and protect their assets in this field full of opportunities and challenges.
