In recent years, the field of DeFi (decentralized finance) has attracted much attention, and its innovation and high risks have also become hot topics. In the bull market, DeFi projects are booming and attracting the attention of a large number of investors. In this field full of opportunities and challenges, how to ensure the safety of assets has become a common focus for investors. The Cobo security team released the "Bull Market DeFi Interactive Guide", which provides investors with valuable reference and guidance to help them better understand and grasp the risks and opportunities of the DeFi ecosystem.
Since the launch of DeFi Summer in 2019, more and more creative decentralized financial protocols (DeFi protocols) have emerged, led by Ethereum, which has greatly enriched the The availability of on-chain assets allows blockchain users to better utilize on-chain assets to conduct more diverse financial activities and create substantial returns. But with the rise of more and more DeFi protocols, security challenges also arise. According to incomplete statistics, in 2023 alone, asset losses caused by blockchain attacks have reached US$2.61 billion. It can be seen that in the process of participating in the DeFi protocol, in addition to evaluating the corresponding revenue expectations, the evaluation of the security of the protocol cannot be ignored, otherwise it will bring big losses to users.
Generally speaking, the current mainstream definition of protocol security assessment is code security assessment. The dimension of this definition is relatively single. The problem here is that the assessment itself only considers the static process of the protocol. In the DeFi interaction process, security is often dynamic, including account management, preparation before protocol interaction, asset management after the interaction is completed, data monitoring and self-rescue after asset loss in extreme cases, etc. stage.
As a user who is about to enter the DeFi novice village, how can you maximize the security of your funds while earning income? The Cobo security team has sorted out common security risks in DeFi interactions and corresponding security precautions, hoping to inspire and help everyone's DeFi security interactions in the bull market.
Common security risks and preventive measures in DeFi interactions
Account private key leakage is currently relatively easy for novice users One of the problems with scams is that due to the wide variety of wallets currently on the market, novice users lack the ability to judge the security of their wallets. Many novice users will download some unsafe wallets and use them to generate private keys, resulting in the private keys being compromised. Malicious information is transmitted back to the attacker, causing the private key to be leaked. Many experienced users found that all their assets were transferred from their main account on a certain day. After analysis for most of the day, they found that all the behaviors were normal. In most of these cases, the account used an unsafe wallet to generate its own private key. The private key has long been leaked.
At the same time, due to the wealth effect caused by blockchain airdrops, many novice users will blindly click on some so-called airdrop websites. These airdrop websites package themselves into very serious project webpages and tell users that there are a large number of unclaimed items. Token. Driven by profit, many novice users will be induced by web pages to fill in their own account private keys, causing the private keys to be leaked.
In order to prevent the private key from being leaked, users need to do the following to prevent it:
It is recommended to choose a well-known blockchain wallet and download it from the official website. For qualified users, it is recommended to use a hardware wallet to improve asset security.
Never expose your private key in plain text to the Internet, and do not enter your private key into any web page at will.
Signature phishing risk is the same as private key leakage, and it is also the hardest hit area for novice users. Different from directly asking users to fill in their private keys, this type of phishing attack induces users to initiate a transaction or signature to obtain authorization for user-related assets. It is highly concealed, difficult to analyze, and difficult to detect.
Usually, the attacker will first induce the user to a phishing webpage, and ask the user to initiate a signature in the name of receiving airdrops, verifying login, etc. At this time, the user's browser wallet prompts the user to complete the signature.
There may be many types of phishing transactions:
Direct transfer type. Transfer ETH directly or make an ERC20 transfer call to transfer wallet assets to the attacker's address.
Approve type. Call the ERC20 Approve method to authorize the attacker's wallet. No transfer of assets occurs when the user signs. However, the attacker's wallet can transfer user assets by calling transferFrom.
EIP712 message signature. Such as ERC20 Permit method; Permit2 authorization; NFT pending order signature, etc. Such signatures are usually displayed in the wallet as Json data or well-formatted tree data. No transaction will be initiated when the user signs, and there will be no gas consumption. However, the signature result will be recorded by the phishing website, and the attacker can use the signature result to transfer the victim's ERC20 or NFT assets.
Original hash signature. The signature data is hexadecimal hash data, and the specific signature content cannot be inferred from the signature data itself. Behind the hash may be the above 1-3 types of data. Signatures are likely to result in loss of assets. However, current mainstream wallets usually prohibit this signature method or provide obvious risk warnings.
In recent cases, it has been discovered that some phishing websites will require users to make multiple signatures in a row, and the first few signatures are harmless and normal signatures. Then mix in a malicious signature. Use the user's operational inertia to induce the user to complete the signature operation.
In order to prevent financial losses caused by phishing, the core is to refuse blind signing. Carefully review each signature and refuse to sign transactions with uncertain content. Specifically, you can pay attention to the following during the signing process:
Confirm that the interactive website is the official website of the DeFi project and check the complete domain name.
Check the methods called by the contract, focusing on the transfer and approve methods.
Check the ETH transfer attached to the transaction. Some phishing websites will try to construct methods that look safe (such as Claim), but will actually include an ETH transfer when calling, causing the loss of chain-native tokens such as ETH.
Do not sign the original hash content.
Transfer address poisoning is a relatively new attack method recently. Its attack method is to use when the user initiates a transfer (ERC20, native token, etc.) An address similar to the receiving address in the transaction sends the user a transaction with the same amount, or a transaction with the same amount but the corresponding token is a fake token.
Example:
Alice transfers 1 ETH to Bob as salary every month. Charlie monitored this transaction and sent 0.001 ETH to Alice using an address similar to Bob's (the first 8 digits and the last 8 digits of the address are the same). After this operation, the next time Alice transfers money to Bob, it is possible to use Charlie's address as the receiving address of the transaction. The reason why this happens is that blockchain addresses are long and irregular, making it difficult for users to remember. As a result, many times users will copy the address directly from the last transaction record for convenience. Since the addresses of Charlie and Bob are very similar, it is difficult for Alice to distinguish them, which ultimately leads to asset loss.
In order to prevent the transfer address from being poisoned, users can take the following measures to prevent it:
Check the transfer address for each transaction, and check the complete content rather than just comparing the preceding and following bytes .
Set frequently used addresses into the address whitelist (address book) and set up aliases. Try to only use addresses in the address book for transfers.
Avoid copying addresses from on-chain channels (including blockchain browsers, wallet transaction records, etc.) as transfer targets.
Token authorization is almost the first step in DeFi interaction. When performing DeFi operations, since the transaction data is constructed through the project's webpage rather than the user's structure, under normal circumstances, in order to facilitate the user's multiple interactions without repeated authorization, the project's webpage usually constructs an unlimited authorization transaction for the user. sign. The starting point is to save gas for users, but this also creates hidden dangers for subsequent fund security. Assuming problems occur in subsequent project codes, such as unauthorized interfaces or arbitrary calling vulnerabilities, the user's unlimited authorization to the contract will be exploited by attackers, resulting in the transfer of user assets. This attack scenario is more common in cross-chain bridges and DEX protocols.
In order to prevent subsequent projects from introducing risky code during upgrades or from undiscovered vulnerabilities in the project code itself, users should adopt the principle of minimum authorization and try to only authorize the amount used in this transaction to prevent risks in subsequent projects. Causing losses to one's own assets.
In addition to the preparation before interaction, there are also many risks that are easy to ignore during the interaction process. These risks usually arise from users' lack of understanding of the project itself. Specific examples are:
When exchanging tokens through the on-chain exchange protocol, the slippage is set too large or the script is written to perform swap without setting the minimum receiving amount (set to 0 for convenience of writing), resulting in transaction being affected. MEV robot's "sandwich" attack.
When conducting lending operations through the on-chain lending protocol, the health of positions was not managed in a timely manner, resulting in positions being liquidated during large market fluctuations.
When interacting with some projects, the project party's credentials were not well kept. For example, Uniswap V3's NFT credentials were sold in OpenSea as ordinary NFTs.
In order to prevent these risks, users must conduct corresponding project research when interacting with projects, clarify project mechanisms and related characteristics, and prevent asset losses.
DeFi New Paradigm for Secure Transactions -- Cobo Argus
The above introduces the common interaction risks of DeFi activities on the blockchain. If a user accidentally falls into one of these traps, years of hard work may be lost, and even the slightest carelessness will lead to irreparable damage. So, is there a risk control plan that is safe, effective, and easy to manage? A new option is the Cobo Argus.
Cobo Argus is an on-chain risk control product developed by the Cobo team and built on Gnosis Safe. The main function is to analyze user transactions by constructing different ACL strategies and intercept transactions that do not comply with risk control rules, thereby ensuring the safety of user funds.
How does Cobo Argus deal with security risks in the DeFi environment?
1. Bottom-level multi-signature wallet, upper-level single-signature authorization: avoid the single-point risk of private key leakage, mitigate the risk of phishing, and ensure operational efficiency
Cobo Argus is a product built on Safe {Wallet}'s multi-signature wallet. Its foundation and core is a multi-signature contract wallet. Therefore, Cobo Argus naturally inherits the security of Safe {Wallet} multi-signature wallet.
By changing the management of funds from a single private key to the joint maintenance of multiple private keys, the risk of asset loss/locking caused by the leakage of a single private key can be eliminated. The multi-signature wallet itself requires multiple signatures to trigger the execution of transactions, and the leakage of a single address's private key will not affect the overall security of funds. In addition, multi-signature transactions can be initiated to replace lost or risky single-signature addresses to ensure the security of the multi-signature wallet.
In addition, since the switch from a single signature address to a multi-signature address requires each user to sign a transaction when signing a transaction, it is conducive to cross-auditing the transaction content, thus greatly reducing the possibility of being phished. sex.
Multiple signatures require multiple people to review, which has a certain impact on operational efficiency. Cobo Argus allows users to configure flexible authorization rules, allowing certain low-risk high-frequency operations (such as regular claims of income during farming) to be authorized to a certain EOA address. This address can initiate operations instead of a multi-signature wallet to improve work efficiency. At the same time, since the address permissions are strictly restricted, the overall security of the wallet will not be significantly affected.
2. Customized robot: 7*24 hours automatic risk monitoring and response
By configuring the Cobo Argus monitoring robot, you can customize the conditions and triggering conditions that need to be monitored Action required.
Take the leverage management of lending projects as an example. Users can configure the Argus robot to monitor their health factor. When the position is close to liquidation, the robot can perform operations such as replenishing collateral, repayment, etc. to reduce leverage.
3. Customized ACL policy
In addition to customizing monitoring robots, users with certain development capabilities can also develop custom ACL (Access Control List) contract to achieve more flexible permission management. This is one of the core features of Cobo Argus. Let’s experience the charm of this function through several examples:
To target address poisoning attacks, you can write an ACL contract. Users can specify commonly used addresses as whitelists in the ACL contract. During the transaction process, ACL The contract will parse the receiving address in the transaction (ERC20/native token) and compare it with the whitelist address set by the user. If the receiving address is not within the corresponding address, the transaction cannot be completed successfully.
To address the over-authorization problem, users can parse the authorization amount in the Approve transaction by writing an ACL policy contract, and limit the Approve authorization amount of the token to not exceed the user's preset value. Or 1, you can configure a custom robot to clear the authorization of the relevant tokens regularly.
For unsafe DeFi operations, such as swap transactions without slippage check, you can write the Argus ACL strategy contract to set the minimum acceptable slippage for exchange transactions. After the setting is completed, the ACL strategy contract will Different swap transactions can be analyzed based on the set slippage. If the exchange slippage is not met, the transaction can be intercepted.
There are many risks that are difficult to prevent in DeFi interactions. Although the content mentioned in the article involves many common scenarios, it cannot completely cover all risk points. Users need to handle every transaction carefully.
Cobo Argus can provide users with reliable and easy-to-configure means to prevent some common security risks. Flexible and secure authorization management can be completed through ACL, improving operational efficiency while ensuring security; custom robots can reduce manual operations, and the real-time monitoring capability can ensure the security of user funds 7*24 hours.
DeFi can certainly bring considerable benefits to users, but fund security is the core of steady asset growth. Cobo Argus will protect every DeFi Farmer and help everyone create more value in the bull market.
The above is the detailed content of Cobo Security Team: Bullish DeFi Interactive Guide. For more information, please follow other related articles on the PHP Chinese website!