Written by Keystone
1. Understand what a permit is in one minute
Let’s start with a short story about borrowing money:
I was going to borrow 1 million from my good friend Jack Ma. Without saying a word, Jack Ma picked up the phone and called the bank. After confirming his identity, he told the bank: I want to authorize a withdrawal limit of 1 million to someone. The bank replied that it had received the authorization and had recorded it.
The next step is to go to the bank and tell the counter that I am ready to withdraw the 1 million yuan that Jack Ma authorized me to withdraw. At this time, the bank will check whether there is any authorization record and give me the 1 million yuan after confirming that I am so-and-so.
This short story can be seen as a concrete manifestation of Approve authorization on ETH. In this process, authorization can only be obtained by Jack Ma (the asset owner) calling the bank to authorize (on-chain), and the bank (Token contract) manages these authorizations. After that, I (the authorized party) can transfer money from the bank that does not exceed the authorized amount. If the bank does not find the authorization record, my withdrawal application will undoubtedly be rejected.
Okay, now if we change to another authorization method - Permit, how will the process change if we borrow money from Jack Ma?
This time I asked to borrow another 1 million yuan. Jack Ma was so generous that he didn't even bother to call. He took out a checkbook from his pocket, filled in the amount, signed it, and gave it to me. I took the check to the bank to cash it. Although the bank had no authorization record, it confirmed the authenticity of the check based on Jack Ma's signature on the check and cashed the specified amount to me.
I believe that you have already seen the difference in the processes between the two. Approve, as an important function in ERC-20, has been widely used shortly after ETH was launched. Why was the Permit method introduced in ERC-2612 to achieve the same effect?
2. Why do I need a permit?
The ERC-2612 proposal was proposed in March 2019 and completed its final review in October 2022. Its launch is closely related to the multiple surges in gas prices on the ETH mainnet during this period.
Figure: ETH mainnet gas price remained high during 2020-2022
The raging bull market coupled with the wealth-creating effect of new projects on the chain has boosted users' enthusiasm for on-chain transactions, and they are willing to pay higher fees to get transactions on the chain faster, because sometimes getting transactions on the chain one block earlier often means higher returns.
However, the consequence of this phenomenon is that when users trade tokens on the chain, they often have to bear high gas fees. Under the Approve method, 2 TXs are required to complete a token swap. For users with small amounts of funds, the transaction fees are simply a nightmare.
The Permit introduced by ERC-2612 changes the authorization process to an offline signature. It does not need to be uploaded to the chain immediately, but only needs to be provided when the token is transferred. Just like me who got Jack Ma’s check in the story of borrowing money, I only need to submit the check to the bank for verification when withdrawing money.
The busy Jack Ma saved a phone call, and it seems that the user also saved a TX. When the gas price is high, the cost savings are considerable, and it seems to be a happy ending. However, little did he know that Pandora's box was quietly opening...
3. Wild growth like a volcanic eruption
Before Permit appeared, one of the methods used by hackers to phishing cryptocurrency users was to induce users to sign Approve transactions. Such transactions require users to spend gas, which easily arouses vigilance and makes them fail. Even if the user clicks it hastily, since it takes a certain amount of time for the transaction to be uploaded to the chain, the user who comes to his senses can immediately submit a transaction with the same nonce to rescue it. Relatively speaking, it is not so easy for hackers to succeed.
The emergence of Permit is undoubtedly a blessing in disguise for hackers. Compared with Approve, Permit does not consume gas and only requires a signature, which reduces the user's vigilance. At the same time, due to the characteristics of offline signatures, the initiative is in the hands of hackers. Not only can users not regret it, but hackers can also use authorization to choose the right time to do bad things and maximize their profits.
The negative impact brought about by this is that we can see a surge in the number of phishing victims and the amount of money stolen. According to statistics from @ScamSniffer:
Phishing victims lost $295 million in 2023.
In the first half of 2024, this amount has exceeded US$314 million.
At the end of Q3 in 2024, a big incident happened: a wallet address suspected to be Shenyu suffered a Permit phishing attack, resulting in a loss of 12,000 $spWETH, worth 200 million RMB.
Figure: ScamSniffer 2024 first half year phishing attack statistics report
I believe that such a situation is beyond the expectations of the developers who proposed the proposal. The original intention of introducing Permit was to reduce users' gas costs and improve user experience and efficiency. They thought it was a double-edged sword with gains and losses, but they didn't expect it to be a big kitchen knife with one side extremely sharp, which directly cut a big hole in the shield of user asset security.
There are many signature authorization methods similar to Permit, such as Permit2 launched by Uniswap, which allows all ERC-20 tokens to support offline signatures. As the No. 1 DEX, UniSwap's move also increased users' reliance on offline signatures and increased the risk of phishing.
4. How to prevent it?
So, as ordinary users, facing this big knife of Damocles hanging over our heads, what are the preventive measures to avoid losses?
1. Raise awareness
Stay Calm About Airdrop Temptation
Airdrops from cryptocurrency projects are indeed attractive, but most of the time they are phishing attacks in the name of fake airdrops. When you encounter this kind of information, don’t be overwhelmed and just "receive" it. Confirm the authenticity of the airdrop and the official website through multiple sources to avoid entering phishing websites.
Avoid blind signing
If you are unlucky enough to enter a phishing website, and you are unaware of it, when the transaction window pops up in your wallet, you should carefully check the transaction content. When words such as Permit, Permit2, Approve, IncreaseAllowance, etc. appear, it means that this transaction is to take away token authorization, and you should be vigilant, because the normal airdrop process does not require this. Keystone also implements transaction analysis and display on the hardware side. Users can use transaction analysis to avoid blind signing and avoid serious consequences caused by impulse.
Figure: Keystone hardware wallet and Rabby Wallet parse and display Permit2 signature transaction
2. Make good use of tools
ScamSniffer
As an ordinary user, it is very difficult to accurately identify phishing websites, and it is inevitable that some will slip through the net. With the help of ScamSniffer's browser plug-in, before entering a suspected phishing website, the plug-in will remind the user, and the user can stop interacting in time after receiving the reminder.
Revoke
Revoke.cash can display the token authorization records in the user's wallet. We recommend revoking suspicious authorizations with unlimited amounts. Develop the habit of cleaning up authorizations regularly and try to avoid authorizations that exceed the required amount.
3. Asset Isolation and Multi-Signature
As the saying goes, don’t put all your eggs in one basket, and this also applies to cryptocurrency assets. For example, we can store large amounts of assets in cold wallets such as Keystone, and use small amounts of hot wallets for daily interactions. Even if we are accidentally attacked, our assets will not be wiped out.
If you have higher security requirements, you can use multi-signature to further improve security. For assets with multi-signature, only when the number of wallets agrees to reach the threshold, can the assets be transferred. If a single wallet that does not reach the threshold is stolen, the hacker cannot get hold of the assets.
5. Conclusion
We cannot deny the value of Permit, but the recent increasing number of thefts also shows that it seems to cause greater harm. Just like the ethsign method in the past, it was favored by hackers at the time due to its poor readability and huge harm. Now it has been blocked and abandoned by most wallet software, and its functions have been replaced by some safer methods.
Focusing on Permit, is it also at the same crossroads that ethsign once faced? Whether to improve and upgrade or abandon it, ETH developers need to spend some time thinking and discussing.
