The Security Risks of Using Uniswap: How Off-Chain Signatures Can Lead to Asset Theft

Recently, there have been incidents where users’ assets were stolen due to the use of off-chain signatures. What is the principle behind this? How can we prevent it? Why is it related to Uniswap and on-chain data? This article will explain the operating mode behind the Permit function and provide users with knowledge on how to protect themselves.

Table of Contents:
Toggle
Off-chain signatures
What are off-chain signatures?
Advantages of off-chain signatures: good user experience
Disadvantages of off-chain signatures: easily overlooked security risks
Permit function
The problem: poor on-chain authorization experience
Permit function improves user experience
Permit function not applicable to early tokens
Permit2 contract
Uniswap launches Permit2 contract
Principle of Permit2
Principle of off-chain signature theft
Increased risk of off-chain signature Permit function
Difficult to trace off-chain signatures
How users can protect themselves
Inverted design
To understand how the Permit function can be used to steal user assets, we need to first understand the principle of off-chain signatures.

Off-chain signing is a common user interaction method in the blockchain industry, commonly used for wallet connections, website member logins, and ensuring that users have read disclaimers, etc. It is a unique interaction method using Web3 wallets, which brings user power into the virtual world.

Taking the example of the login process on OpenSea, it uses off-chain signatures to not only ensure that the user is the wallet holder but also to confirm that the user agrees to the terms of service and privacy policy.

There are many advantages to off-chain signatures:
The most obvious is reducing gas fees.
Quick completion.
Overall, off-chain signatures provide a better user experience compared to on-chain transactions.

The biggest problem with off-chain signatures is the risk of users’ assets being stolen.

Although off-chain signatures do not upload data to the blockchain at the time, some on-chain contract functions can use the user’s signature information as a parameter. This means that anyone (or a smart contract) who obtains the specific signature content can invoke the on-chain function (such as the Permit function) and manipulate the user’s assets.

Different signatures have different risks, especially when some signature content is not understood, extra caution is required. It is recommended not to sign without understanding the signature content to ensure security.

This issue will be further discussed at the end of the article.

The most common function that can use user signatures as parameters is the Permit function, which provides similar functionality to approvals. However, the former allows users to complete authorization without paying gas fees through off-chain signatures.

Users who have used on-chain services are familiar with this screen. When using tokens for on-chain contract operations, the approvals function is used for on-chain authorization to allow the contract to access tokens in the wallet for service.

However, due to the variety of tokens and the need for reauthorization for different contracts, not to mention that contracts may be updated over time, users need to frequently perform token approvals. This not only consumes time but also incurs gas fees for each action, severely affecting the user experience.

Therefore, EIP-2612 was proposed as an extension of the ERC-20 token standard to introduce the Permit function. By using off-chain signatures as input parameters, token authorization can be completed without users paying gas fees.

Permit provides an alternative method for token authorization, but the parameter is off-chain signature information.

The signature content that meets the requirements of the Permit function needs to include:
– Authorizer address
– Authorized address
– Token contract address
– Authorization time
– Authorization amount

Ideally, it is like a signing process in real life, where users can adjust the parameters according to their needs before signing to ensure their rights. Compared to approvals, it also provides more adjustment space.

However, as many tokens have already been launched and many token contracts are immutable, the Permit function is only applicable to newer tokens, which limits the usage scenarios of this function.

Therefore, the Uniswap team later created a new smart contract, Permit2, to solve this problem.

When Uniswap launched the Universal Router feature, it integrated the Permit2 contract and went live on networks including Ethereum, Optimism, Arbitrum, Polygon, Celo, etc. All tokens can now have the Permit function.

Permit2 contract: Allowing all tokens to support the Permit function

Since the old token contracts do not have the Permit function, users will continue to use the approvals function.

By inserting the Permit2 contract between the Dapp contract and the token contract, the Permit2 contract receives off-chain signature data sent by the Dapp, verifies it, and interacts with the token contract on behalf of the Dapp. Each token only needs to go through the approvals function once, thereby saving the number of token authorizations for different Dapps or users.

Due to Uniswap’s influence, other Dapps are being encouraged to integrate Permit2, which will make almost all tokens and services in the future only require authorization from the Permit2 contract.

Based on the background knowledge above, it can finally be understood why users who have used Uniswap are at a higher risk of signature theft.

Since off-chain signatures do not require gas fees and are often overlooked as a security aspect by users, if malicious websites induce users to sign content that meets the calling requirements of the Permit function, the user’s tokens can be stolen by third parties.

The above example is a signature that meets the format of the Permit function, where the authorized token amount is mostly set to an infinite amount (10^31), and the authorization time is calculated to be 54 years, which is essentially a long-term unlimited authorization. If this content comes from a malicious third party, the user’s assets will be at great risk.

Of course, the token needs to have the Permit function to be susceptible to this attack, but with the introduction of the Permit2 contract, the situation is different. As more protocols integrate the Permit2 contract, other tokens will also face the same risks when users use Uniswap or other contracts that integrate Permit2 (which is why phishing incidents involving the Uniswap contract occur).

Off-chain signatures are not recorded on-chain and are mostly stored in a private or project database for easy retrieval. Therefore, compared to on-chain data or on-chain authorization, they are not easy to trace and cancel, making Permit authorizations more susceptible to security risks.

As users, if we are not familiar with the content of off-chain signatures, there are many ways to reduce the risks associated with such token designs:
– The first principle is not to sign unfamiliar content.
– When the approvals confirmation screen appears, adjust the authorization amount to the required amount for the transaction (although multiple transactions will require repeated authorizations).
– Although it is difficult to trace the signed content, you can try to use tools to query as much as possible (e.g., revoke.cash).
– Use a wallet that holds small amounts of assets for off-chain signatures.

Whether it is the Permit function or the Permit2 contract, the intention is to improve the user experience. However, it ultimately exposes more ordinary users to risks and requires more cumbersome processes (creating multiple wallets, multiple approvals) to ensure asset security, which worsens the overall user experience.

However, many people have indeed noticed this issue and have proposed potential solutions. It is believed that the industry will mature in the future, but it still needs time to develop. As early participants in the industry, it is our responsibility to pay attention to the security of our own assets.

Please make sure to inform your friends about the security risks associated with off-chain signatures, as the current on-chain environment is constantly changing.

Permit
Permit2
Uniswap
Signature
Off-chain signature

Further reading:
Reviewing the chaos of airdrops, Hayden Adams comments on Uniswap airdrops: unprecedented innovation
How to build brand value with the launch of the Uniswap Android APP

Leave a Reply

Your email address will not be published. Required fields are marked *