Is there a security risk when using Uniswap? How can off-chain signatures lead to asset theft?

Recently, there have been incidents of users having their assets stolen due to the use of off-chain signatures. What is the underlying principle behind this? How can it be prevented? And why is it related to data on the Uniswap platform? This article will provide a clear explanation of the operation mode behind the Permit function and offer knowledge on how users can protect themselves.

Off-chain Signature

To understand how the Permit function signs to move user assets, you need to know the principle of off-chain signature first.

What is Off-chain Signature

Off-chain signing is a common user interaction method in the blockchain industry, commonly used for wallet connection, website member login, ensuring user reads disclaimers, etc. It is a unique way of interaction using the Web3 wallet and can bring user power into the virtual world.

Using the login process of OpenSea as an example, it uses the off-chain signature method to not only ensure that the user is the wallet holder, but also to confirm that the user agrees to the terms of service and privacy policy.

Advantages of Off-chain Signature: Good User Experience

Off-chain signature has many advantages:

• The most obvious is that it can reduce gas consumption
• Quick completion

Overall, off-chain signature provides a better user experience compared to on-chain transactions.

Disadvantages of Off-chain Signature: Easily Ignored Security Risks

The biggest problem with off-chain signature is that it may expose users to the risk of asset theft.

Although off-chain signatures do not upload data to the blockchain, certain on-chain contract functions can use the user's signature information as parameters, meaning anyone who obtains specific signature content or smart contracts can call on-chain functions, such as the Permit function, and affect user assets.

Different signatures pose different risks, especially when some signature content is not understood, extra caution is needed. It is strongly recommended not to agree to sign when the signature content is not understood to ensure security.

This issue will be further discussed at the end of the article.

Permit Function

The on-chain function that can be called with user signatures as parameters, the most common function is Permit, which provides similar functions to approvals, but the former allows users to authorize without paying gas fees using the off-chain signature.

Problem to Solve: Poor On-chain Authorization Experience

Users who have used on-chain services are familiar with this interface. When using tokens for on-chain contract operations, the approvals function is required to authorize on-chain access to tokens in the wallet for services.

However, due to the wide variety of tokens and the need to reauthorize different contracts, not to mention that contracts will also be updated over time. This ultimately requires users to frequently authorize tokens, in addition to the time spent, each action also requires gas fees, severely affecting the user experience.

Improving User Experience with the Permit Function

Therefore, EIP-2612 emerged as an extension of the ERC-20 token standard, proposing the Permit function to complete token authorization by inputting off-chain signatures as parameters, allowing users to authorize without paying gas fees.

The signature content that complies with the Permit function needs to include:

• Authorizer address
• Authorized address
• Token contract address
• Authorization time
• Authorization amount

Ideally, it is like a real-life signing process, where users can adjust parameters according to their needs before signing, ensuring their rights. It offers more flexibility compared to approvals.

Permit Function Not Applicable to Early Tokens

However, since many tokens have been in circulation for a long time, many token contracts are immutable, so the Permit function only applies to newer tokens, limiting its usage scenarios.

Therefore, the Uniswap team later created a new smart contract, Permit2, to address this issue.

Permit2 Contract

Uniswap Introduces Permit2 Contract

When the Uniswap team introduced the Universal Router function, they also integrated the Permit2 contract, which went live on various networks including Ethereum, Optimism, Arbitrum, Polygon, and Celo. This allows all tokens to support the Permit function.

Permit2 contract: Enables all tokens to support the Permit function

Principle of Permit2

Since old token contracts do not support the Permit function, they continue to use the approvals function.

By inserting the Permit2 contract between the Dapp contract and the token contract, the Permit2 contract receives off-chain signature data sent by the Dapp for verification, and interacts with the token contract on behalf of the Dapp, saving the number of token authorizations for different Dapps or users.

By leveraging its influence, Uniswap encourages other Dapps to integrate Permit2, which will allow almost all tokens and services in the future to only require the Permit2 contract for authorization.

Principle of Off-chain Signature Theft

Based on the background knowledge above, we can finally understand why users who have used Uniswap are at greater risk of signature theft.

Risk Increase of Off-chain Signature Permit Function

Since off-chain signatures do not require gas fees, it is a security aspect that users often overlook. If malicious websites induce users to sign content that meets the requirements for calling the Permit function, the user's tokens will be stolen by a third party.

The above example is a signature format that meets the requirements of the Permit function. Most smart contracts authorize an infinite number of tokens, 10^31, and the authorization time is also calculated to be 54 years, which is essentially a long-term, unlimited authorization. If this content comes from a malicious third party, the user's assets will be at great risk.

Of course, token theft can only occur if the token has the Permit function, but with the introduction of the Permit2 contract, the situation is different. As more and more protocols integrate the Permit2 contract, users who have used Uniswap or other contracts integrated with Permit2 will expose other tokens to the same risk. This is why phishing incidents involving the Uniswap contract occur.

Difficulty in Tracing Off-chain Signatures

Off-chain signatures are not recorded on the chain, but are mostly stored in a private or project database for easy access. Therefore, compared to on-chain authorization, they are not easy to trace and cancel, leading to a higher risk of Permit authorization.

How Users Can Protect Themselves

As a user, there are many ways to reduce the risks associated with off-chain signature-designed tokens if the content of the off-chain signature is not familiar:

• The first principle is not to sign unfamiliar content.
• When the approvals confirmation screen appears, adjust the authorization amount to the amount required for the transaction. Although this requires multiple authorizations for each transaction.
• Although signature content is difficult to trace, tools can still be used to query as much as possible revoke.cash
• Use a wallet to sign off-chain with small asset holdings

A Series of Misplaced Designs

Whether it is the Permit function or the Permit2 contract, the starting point is to improve the user experience. However, it ultimately puts more ordinary users at risk, requiring more cumbersome processes such as creating multiple wallets and multiple approvals to ensure asset security. Instead of improving, the overall user experience becomes worse.

However, many have indeed noticed this issue and have proposed potential solutions. It is believed that the industry will mature in the future, but it still requires time to develop. As an early participant in the industry, paying attention to one's own asset security is indeed an important responsibility.

Be sure to inform friends around you that due to changes in the on-chain environment, the security risks of off-chain signatures should not be overlooked.