Revoke Scam - HackMD

## Gas Token "Revoke" Scam        As blockchain technologies continue to foster innovation and new ideologies, we must recognize that malicious users will do the same. To use certain smart contracts, users may approve smart contracts to use X amount of their tokens. Most platforms give infinite approvals to their smart contracts meaning that a user could have limitless losses if the contract was exploited. To mitigate this, some users only approve a certain amount per transaction. However, this leads to poor user experience and can be more expensive depending on what chain each approval is sent to.        When a smart contract is exploited, users are told to revoke all approvals to the exploited contract. Revoking approvals serves the purpose of safeguarding against unauthorized transactions, thereby enhancing the overall security profile. After an exploit, it is common to see many websites that mimic the exploited platform and try to trick users into signing an approval to all their assets. These phishing platforms will state, “Please revoke your tokens.” In this scenario, you are signing all your assets over instead of protecting yourself.        However, this new exploit encompasses a new scamming technique via tokenized gas. Due to the absence of [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) on the BNB chain, the scammer was able to steal some of the users’ transaction fees. This malicious behavior occurs when a “[revoke](https://revoke.cash/)” is issued to safeguard a user’s funds, but instead, it maliciously mints tokenized gas to the scammer. Consequently, all EVM chains that have not implemented eip-3529 are strongly advised to do so.        The user’s funds, outside of the large transaction fee of this revoke approval scam, are “safe.”. Compared to [previous approval scams](https://ethereum.org/en/security/#:~:text=You%20will%20get%20prompted%20to,private%20keys%20to%20the%20scammer.) that steal all the user’s assets, this exploit only steals money via a hefty [transaction fee](https://bscscan.com/tx/0x7d3e1abaf857abd39e557ccb908c8273c436fd11d22f63c2791c73473bef63ad). Users should be careful about what they are signing. Transaction fees on networks such as BNB should not be $65. ### What Are Gas Tokens? ![](https://hackmd.io/_uploads/BJQn8TB5h.png)        On the Ethereum network, gwei is auctioned off each block. As users could not predict the future gas price, gas tokens were introduced to hedge against gwei volatility. The [Chi Token](https://blog.1inch.io/1inch-introduces-chi-gastoken/) was introduced by [1nch](https://app.1inch.io/) as the most efficient gas token. By tokenizing gas, users and developers could "lock" the current gwei rate and save later on. Other considerations such as [eip-1559](https://eips.ethereum.org/EIPS/eip-1559) have been implemented to protect users from the transaction fee volatility and attempting to make block fees more predictable.        Tokenization of gas comes with disadvantages, such as filling up unnecessary block space. As a consequence of users exploiting higher refund costs, [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) was introduced to remove tokenizing gas. However, not all EVM chains have implemented this. As such, the exploit explained below was on BNB network. ### How Do Gas Tokens Really Work?        Gas tokens work by filling up the blockchain with junk data. Users were granted large gas refunds when storage was cleared on Ethereum before eip-3529. During a transaction, there is a refund counter that separately counts the amount of gas to be refunded at the end of the transaction. `SELFDESTRUCT` and `SSTORE` refunds were introduced for ["good state hygiene"](https://eips.ethereum.org/EIPS/eip-3298). By clearing or deleting storage, a user could get a refund of 15,000 gas. If the user self-destructed the contract, the refund was 24,000 gas. When gas is lower, a user can write to the state and use it to help pay for a transaction when the gas is higher. Since the maximum refund can only equal half of the gas consumed, it can be a sizable savings if the gas price is high. ### What Happened?        The exploit works by tricking the user to assuming the transaction fee to revoke is expensive. A fake [Dai Token](https://bscscan.com/address/0x1af32e8488822bf8e2fff374de8d737ecfb368c3) is used to spoof users into thinking their fund will be lost. Users pay a large transaction fee to mint the exploiter. This [Scam Transaction](https://bscscan.com/tx/0x7d3e1abaf857abd39e557ccb908c8273c436fd11d22f63c2791c73473bef63ad) will be used for the following example: 1. User signs transaction spoofed revoke. - This looks completely harmless to the user signing as they will not lose any funds other than the transaction fee charged. 2. The approval method takes in the correct amount to the correct revoked address. ![](https://hackmd.io/_uploads/SJ5I93B5h.png) 4. Emits the proper revoke. - The transaction appears to be harmless! ![](https://hackmd.io/_uploads/rk427Tr5n.png) 4. Calls the function `0x1c5e()`. - This funciton is where the scam occurs. ![](https://hackmd.io/_uploads/BJOSqhH5n.png) The storage slot 75 is equal to the Chi Token. ![](https://hackmd.io/_uploads/BJDaLiS52.png) ![](https://hackmd.io/_uploads/Hkmewsr9h.png) 6. `0x1c5e()` then uses the amount of gas sent for the transaction to. mint the phishing contrac Tokens. ![](https://hackmd.io/_uploads/BJiw4pB9n.png) 6. The return is hard coded to always be true. ### Asset Tracing The [Chi Tokens](https://blog.1inch.io/1inch-introduces-chi-gastoken/) currently reside inside of the [Fake Dai Token](https://bscscan.com/token/0x0000000000004946c0e9f43f4dee607b0ef1fa1c?a=0x1af32e8488822bf8e2fff374de8d737ecfb368c3) contract. However, the [exploiter](https://bscscan.com/address/0x8639b763e40a8b42fd9008b7d3d1f3a9caba87a4) that created the [Fake Dai Token](https://bscscan.com/token/0x0000000000004946c0e9f43f4dee607b0ef1fa1c?a=0x1af32e8488822bf8e2fff374de8d737ecfb368c3) received funds from [0xe964c0..2db5](https://bscscan.com/address/0xe964c0adb82465e15c58468b5a8298f38db02db5) which was [funded](https://bscscan.com/tx/0x9f4ecfbd4d6b2851fe28ba24d5ae3577354ef47a8c7c13e9ceb3ad0d04a8ddf9) by Tornado Cash. Total Assets lost is just roughly $3000-4000, but the scammer can only receive $400-500 as the price in the LP is much lower than the transaction fee charged. ## Notices for EVM Compatible Chains        All EVM compatible chains should implement [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) as to stop this scam from happening. As we cannot stop malicious users from exploiting users’ funds, we can implement eip’s to mitigate as is feasible. ## Key Takeaways and Recommendations Proper key and password management is crucial to ensuring your wallet is safe. Below are some critical security measures that everyone should use: - If a device or exchange wallet has the option for 2FA, then it should be enabled. - Since 2FA SMS spoofing is possible, a security key can be used to mitigate this concern. - A password manager for more complex passwords and ensuring that passwords are not reused on each platform. - Learn about wallet security. - Careful consideration of what a user is signing. - Ensure that you are on the correct website. - Compare your transactions to similar ones on Etherscan. - Etherscan gives you default values under Med Gas Price. ![](https://hackmd.io/_uploads/Sks0bpgsn.png) ![](https://hackmd.io/_uploads/Byx1faxih.png) - You can search the list and see if your “sell” transaction cost is similar to this. - Viewing gas prices on Etherscan may not be a catch all fix, but it is a good baseline start to see if you are overpaying for a transaction.