Transactionless scam

bxmmm1

Benjamin

Posted on February 9, 2023

Transactionless scam

There has been an increasing number of scams via EIP712 signatures. A lot of people think that in order to lose tokens you need to execute an on-chain transaction, but that is not true.

Here is what to do when you are presented with an EIP712 signature:

EIP712 prompt

1. Click on "Verify Contract Details" and check the contract that is requesting a signature. If you are claiming an NFT airdrop on a website, ask yourself why the verifying contract would be Uniswap's Permit2 or your Safe multi-sig wallet. In this example, the address is my development Gnosis Safe wallet

2. Inspect the "To" field to see what is happening
0x4a916e57fef455d6103FA67F0d67F61234e09f04

In this case, you can see that it is an ERC20 token and that its code is verified on Etherscan. This will help you decode the "Data" field. Usually calls to EOA(Externally Owned Account) will have empty "Data".

3. Copy the "Data" into ETH call data decoder and try to figure out what it is doing

In this example the input is:

0x095ea7b30000000000000000000000001a38a54e6d0007ad2d095d044bef7143ff46c167ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Enter fullscreen mode Exit fullscreen mode

And that gets us the result

{
  "allPossibilities": [
    {
      "function": "approve(address,uint256)",
      "params": [
        "0x1a38A54E6d0007Ad2D095d044bef7143ff46C167",
        "115792089237316195423570985008687907853269984665640564039457584007913129639935"
      ]
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

4. Inspect other fields that you are signing and try to figure out what you are signing.

other fields

Now let's try to figure out what is happening.

My Safe multi-sig is a verifying contract (step 1) and it is requesting a gas-less signature.
This signature allows anybody to execute a safe transaction that does what the signer intended (signed it to do).
In this case, Safe would call to with data.
To is an ERC20 token, and we've decoded data in step 3, and saw that it is calling approve(0x1a38A54E6d0007Ad2D095d044bef7143ff46C167, 115792089237316195423570985008687907853269984665640564039457584007913129639935) The first parameter is the address to which we are approving our Token, and the second parameter is the amount. This big number is actually a maximum allowance amount.

If we were to sign this with a Safe multi-sig that has a threshold of 1, it would allow 0x1a38A54E6d0007Ad2D095d044bef7143ff46C167 address to spend all ERC20 "FREE (FTKN)" tokens that are in that Safe.

Potential attack vector for Safe multi-sig owners

Victim perspective

  1. As a user, you visit a website offering NFTs or ERC20 tokens as rewards to eligible users.
  2. After connecting your wallet, you discover that you are eligible for a reward.
  3. You click "Claim Reward" and are prompted to sign a signature. Believing that the off-chain signature can't cause harm, you sign it.
  4. Upon checking your wallet, you find that you've received a token as a reward and share it with your friends.
  5. Eventually, you realize that your Gnosis Safe is no longer accessible.

Scammer perspective

The following is written from the inverse perspective to show how easy it can be to set up a scam.

  1. Create a fake site for distributing NFT/ERC20 tokens that promotes rewards for eligible users.
  2. When a user connects their wallet to check their eligibility, a series of API calls will be made to verify that the user owns a Safe Multi-Sig with funds with a Safe threshold of 1, meaning only one signature is required to add a new owner to the Safe.
  3. Upon claiming their reward, present an 'addOwner' signature to their Safe Multi-Sig. After the user signs the transaction, your automated scripts will be triggered. One script will perform the airdrop to the user, while another will take over the Safe by removing the other owners.

My intention is not to teach people new scam methods, but to educate you so that you don't become a victim of this or similar scams.

💖 💪 🙅 🚩
bxmmm1
Benjamin

Posted on February 9, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Storage vs Memory vs Calldata
solidity Storage vs Memory vs Calldata

January 29, 2023

Playing with Yul (Assembly)
solidity Playing with Yul (Assembly)

February 22, 2023

Transactionless scam
solidity Transactionless scam

February 9, 2023