Let’s start with a simple story about borrowing money:
I’m planning to borrow one million from my good friend Jack Ma. Without hesitation, Jack Ma picks up the phone, calls the bank, and after verifying his identity, tells the bank, “I’m authorizing so-and-so to withdraw one million.” The bank acknowledges and logs this authorization.
The next step is for me to go to the bank, and tell the teller that I’m here to withdraw the one million Jack Ma authorized. The bank checks for the authorization record and, after confirming I’m the right person, hands over the one million.
This story is a good analogy for how the Approve authorization works on Ethereum. In this process, only Jack Ma (the asset owner) can call the bank to give the authorization (on-chain), and the bank (token contract) manages these authorizations. Only after this can I (the authorized party) withdraw an amount that doesn’t exceed the authorization. If the bank finds no authorization record, my withdrawal request will undoubtedly be rejected.
Now, what would happen if we used a different method of authorization—Permit? How would borrowing money from Jack Ma work then?
This time, I ask to borrow another million. Generous as ever, Jack Ma doesn’t even bother calling the bank. Instead, he pulls out a checkbook, fills in the amount, signs it, and hands it to me. I then take this check to the bank. Even though the bank doesn’t have any authorization records, the bank can verify Jack Ma’s signature on the check and, based on that, hands me the specified amount.
By now, you can probably see the difference in the processes. Approve, as a core ERC-20 function, has been widely used since soon after Ethereum launched. So why was the Permit method introduced in ERC-2612 to achieve a similar result?
The ERC-2612 proposal was introduced in March 2019 and completed its final review in October 2022. Its deployment is closely tied to the sharp spikes in gas prices that the Ethereum mainnet experienced during that period.
Image: ETH Mainnet Gas Prices Remained High from 2020 to 2022
The combination of a raging bull market and the wealth-creation effect of new on-chain projects fueled users’ enthusiasm for transacting on-chain. They were willing to pay higher fees to get their transactions processed faster because sometimes being confirmed even just one block earlier could result in significantly higher returns.
However, this led to a downside: when users wanted to trade tokens on-chain, they often had to endure exorbitant gas fees. Under the Approve method, completing a single token swap required two transactions (TX). For users with smaller funds, the transaction fees could be a nightmare.
ERC-2612’s introduction of Permit changed this process by replacing on-chain approval with offline signatures, which don’t need to be submitted immediately. Users only need to provide the authorization when transferring tokens, similar to how in the borrowing story, I only needed to show Jack Ma’s check when withdrawing the money from the bank.
Busy Jack Ma saves himself a phone call, and it seems users also save one TX. When gas prices are high, the savings in fees can be substantial, making it look like a win-win situation. However, little did anyone realize that Pandora’s box was quietly being opened…
Before the emergence of Permit, one of the common tactics hackers used to phish crypto users was to trick them into signing an Approve transaction. Since these transactions required users to spend gas, it often raised suspicion, making it harder for hackers to succeed. Even if users accidentally clicked on the transaction, the fact that it took some time to be confirmed on-chain gave them the chance to submit another transaction with the same nonce to cancel it—making it relatively difficult for hackers to pull off their schemes.
However, the arrival of Permit was like a dream come true for hackers. Unlike Approve, Permit doesn’t consume gas and only requires a signature, which significantly lowers the user’s guard. Additionally, due to the nature of offline signatures, the control is in the hands of the hacker. Not only do users have no chance to undo their mistakes, but hackers can also hold onto the authorization and strike at the most advantageous moment, maximizing their gains.
This has led to a noticeable rise in the number of phishing victims and the amount of stolen funds. According to statistics from @ScamSniffer"">@ScamSniffer:
Image: ScamSniffer’s Phishing Attack Report for the First Half of 2024
Such a scenario was likely beyond what the original developers envisioned. The purpose of introducing Permit was to reduce gas costs, improve user experience, and increase efficiency. What was thought to be a double-edged sword, with both gains and losses, turned out to be a one-sided blade—razor-sharp—cutting a gaping hole in the shield that was supposed to protect users’ assets.
Permit isn’t the only authorization method based on signatures. For example, Uniswap later introduced Permit2, allowing all ERC-20 tokens to support offline signatures. As the No. 1 DEX, Uniswap’s move further increased users’ dependence on offline signatures, which, in turn, raised the risk of phishing attacks.
As ordinary users, what steps can we take to avoid losses and protect ourselves from this Damocles’ sword—a sharp blade—hanging over us?
1⃣ Raise Awareness
Stay calm when tempted by airdrops.
Airdrops from crypto projects may seem enticing, but most of the time, they are phishing attacks disguised as airdrops. When encountering such information, don’t rush to claim it. Instead, verify the legitimacy of the airdrop and its official website from multiple sources to avoid falling into phishing traps.
Avoid Blind Signing
If you accidentally land on a phishing website and don’t realize it, take a moment to carefully review the transaction when your wallet prompts you to sign. If terms like Permit, Permit2, Approve, or IncreaseAllowance appear, it means the transaction is asking for token authorization. At this point, you should be cautious because legitimate airdrops don’t require this process. Keystone hardware wallets have implemented transaction parsing and display features, allowing users to better understand transaction details and avoid blind signing, which could lead to serious consequences from hasty decisions.
Image: Keystone Hardware Wallet, Rabby Wallet Parsing and Displaying Permit2 Signature Transactions
2⃣ Make Good Use of Tools
ScamSniffer
For the average user, accurately identifying phishing websites can be highly challenging, and it’s easy for some to slip through the cracks. By using ScamSniffer’s browser plugin, you’ll receive alerts when attempting to access potential phishing sites, giving you the chance to stop interacting before it’s too late.
Revoke
Revoke.cash allows you to view the token authorizations in your wallet. We recommend revoking any suspicious or unlimited authorizations. It’s good practice to regularly clean up your authorizations and limit them to only the necessary amounts.
3⃣ Asset Segregation and Multi-Sig
As the saying goes, don’t put all your eggs in one basket—this principle applies to crypto assets as well. For instance, you can store large amounts of assets in a cold wallet like Keystone, while using a hot wallet for everyday transactions. Even if you fall victim to an attack, your entire balance won’t be compromised.
For those with higher security demands, using multi-signature (multi-sig) wallets can further enhance protection. Assets under multi-sig can only be moved when a certain threshold of wallet approvals is reached. If one wallet is compromised but the threshold isn’t met, hackers won’t have access to your assets.
While we can’t deny the value that Permit has brought, the increasing number of thefts also shows that the risks it presents may outweigh its benefits. Much like the old ethsign method, which was favored by hackers due to its poor readability and significant security flaws, Permit has now been disabled by most wallet software, with its functionalities replaced by more secure alternatives.
As we focus on Permit, are we not also at a crossroads similar to the one faced by ethsign? Whether to improve and upgrade or to discard entirely is a question that ETH developers need to take the time to consider and discuss.
Before any conclusions are reached, Keystone aims to enhance risk prevention related to Permit on its hardware wallets. We are initiating a vote to add the following features:
Let’s start with a simple story about borrowing money:
I’m planning to borrow one million from my good friend Jack Ma. Without hesitation, Jack Ma picks up the phone, calls the bank, and after verifying his identity, tells the bank, “I’m authorizing so-and-so to withdraw one million.” The bank acknowledges and logs this authorization.
The next step is for me to go to the bank, and tell the teller that I’m here to withdraw the one million Jack Ma authorized. The bank checks for the authorization record and, after confirming I’m the right person, hands over the one million.
This story is a good analogy for how the Approve authorization works on Ethereum. In this process, only Jack Ma (the asset owner) can call the bank to give the authorization (on-chain), and the bank (token contract) manages these authorizations. Only after this can I (the authorized party) withdraw an amount that doesn’t exceed the authorization. If the bank finds no authorization record, my withdrawal request will undoubtedly be rejected.
Now, what would happen if we used a different method of authorization—Permit? How would borrowing money from Jack Ma work then?
This time, I ask to borrow another million. Generous as ever, Jack Ma doesn’t even bother calling the bank. Instead, he pulls out a checkbook, fills in the amount, signs it, and hands it to me. I then take this check to the bank. Even though the bank doesn’t have any authorization records, the bank can verify Jack Ma’s signature on the check and, based on that, hands me the specified amount.
By now, you can probably see the difference in the processes. Approve, as a core ERC-20 function, has been widely used since soon after Ethereum launched. So why was the Permit method introduced in ERC-2612 to achieve a similar result?
The ERC-2612 proposal was introduced in March 2019 and completed its final review in October 2022. Its deployment is closely tied to the sharp spikes in gas prices that the Ethereum mainnet experienced during that period.
Image: ETH Mainnet Gas Prices Remained High from 2020 to 2022
The combination of a raging bull market and the wealth-creation effect of new on-chain projects fueled users’ enthusiasm for transacting on-chain. They were willing to pay higher fees to get their transactions processed faster because sometimes being confirmed even just one block earlier could result in significantly higher returns.
However, this led to a downside: when users wanted to trade tokens on-chain, they often had to endure exorbitant gas fees. Under the Approve method, completing a single token swap required two transactions (TX). For users with smaller funds, the transaction fees could be a nightmare.
ERC-2612’s introduction of Permit changed this process by replacing on-chain approval with offline signatures, which don’t need to be submitted immediately. Users only need to provide the authorization when transferring tokens, similar to how in the borrowing story, I only needed to show Jack Ma’s check when withdrawing the money from the bank.
Busy Jack Ma saves himself a phone call, and it seems users also save one TX. When gas prices are high, the savings in fees can be substantial, making it look like a win-win situation. However, little did anyone realize that Pandora’s box was quietly being opened…
Before the emergence of Permit, one of the common tactics hackers used to phish crypto users was to trick them into signing an Approve transaction. Since these transactions required users to spend gas, it often raised suspicion, making it harder for hackers to succeed. Even if users accidentally clicked on the transaction, the fact that it took some time to be confirmed on-chain gave them the chance to submit another transaction with the same nonce to cancel it—making it relatively difficult for hackers to pull off their schemes.
However, the arrival of Permit was like a dream come true for hackers. Unlike Approve, Permit doesn’t consume gas and only requires a signature, which significantly lowers the user’s guard. Additionally, due to the nature of offline signatures, the control is in the hands of the hacker. Not only do users have no chance to undo their mistakes, but hackers can also hold onto the authorization and strike at the most advantageous moment, maximizing their gains.
This has led to a noticeable rise in the number of phishing victims and the amount of stolen funds. According to statistics from @ScamSniffer"">@ScamSniffer:
Image: ScamSniffer’s Phishing Attack Report for the First Half of 2024
Such a scenario was likely beyond what the original developers envisioned. The purpose of introducing Permit was to reduce gas costs, improve user experience, and increase efficiency. What was thought to be a double-edged sword, with both gains and losses, turned out to be a one-sided blade—razor-sharp—cutting a gaping hole in the shield that was supposed to protect users’ assets.
Permit isn’t the only authorization method based on signatures. For example, Uniswap later introduced Permit2, allowing all ERC-20 tokens to support offline signatures. As the No. 1 DEX, Uniswap’s move further increased users’ dependence on offline signatures, which, in turn, raised the risk of phishing attacks.
As ordinary users, what steps can we take to avoid losses and protect ourselves from this Damocles’ sword—a sharp blade—hanging over us?
1⃣ Raise Awareness
Stay calm when tempted by airdrops.
Airdrops from crypto projects may seem enticing, but most of the time, they are phishing attacks disguised as airdrops. When encountering such information, don’t rush to claim it. Instead, verify the legitimacy of the airdrop and its official website from multiple sources to avoid falling into phishing traps.
Avoid Blind Signing
If you accidentally land on a phishing website and don’t realize it, take a moment to carefully review the transaction when your wallet prompts you to sign. If terms like Permit, Permit2, Approve, or IncreaseAllowance appear, it means the transaction is asking for token authorization. At this point, you should be cautious because legitimate airdrops don’t require this process. Keystone hardware wallets have implemented transaction parsing and display features, allowing users to better understand transaction details and avoid blind signing, which could lead to serious consequences from hasty decisions.
Image: Keystone Hardware Wallet, Rabby Wallet Parsing and Displaying Permit2 Signature Transactions
2⃣ Make Good Use of Tools
ScamSniffer
For the average user, accurately identifying phishing websites can be highly challenging, and it’s easy for some to slip through the cracks. By using ScamSniffer’s browser plugin, you’ll receive alerts when attempting to access potential phishing sites, giving you the chance to stop interacting before it’s too late.
Revoke
Revoke.cash allows you to view the token authorizations in your wallet. We recommend revoking any suspicious or unlimited authorizations. It’s good practice to regularly clean up your authorizations and limit them to only the necessary amounts.
3⃣ Asset Segregation and Multi-Sig
As the saying goes, don’t put all your eggs in one basket—this principle applies to crypto assets as well. For instance, you can store large amounts of assets in a cold wallet like Keystone, while using a hot wallet for everyday transactions. Even if you fall victim to an attack, your entire balance won’t be compromised.
For those with higher security demands, using multi-signature (multi-sig) wallets can further enhance protection. Assets under multi-sig can only be moved when a certain threshold of wallet approvals is reached. If one wallet is compromised but the threshold isn’t met, hackers won’t have access to your assets.
While we can’t deny the value that Permit has brought, the increasing number of thefts also shows that the risks it presents may outweigh its benefits. Much like the old ethsign method, which was favored by hackers due to its poor readability and significant security flaws, Permit has now been disabled by most wallet software, with its functionalities replaced by more secure alternatives.
As we focus on Permit, are we not also at a crossroads similar to the one faced by ethsign? Whether to improve and upgrade or to discard entirely is a question that ETH developers need to take the time to consider and discuss.
Before any conclusions are reached, Keystone aims to enhance risk prevention related to Permit on its hardware wallets. We are initiating a vote to add the following features: