## Gas Token "Revoke" Scam
As blockchain technologies continue to foster innovation and new ideologies, we must recognize that malicious users will do the same. To use certain smart contracts, users may give approve smart contracts to use X amount of their tokens. Most platforms give infinite approvals to their smart contracts meaning that a user could have limitless losses in the event the contract was exploited. To mitigate this, some users only approve a certain amount per transaction. However, this creates a worse user experience and can be more expensive depending on what chain each approval is sent.
When a smart contract is exploited, users are told to revoke all approvals to the exploited contract. Revoking approvals is done to not be susceptible to non-approved transactions. After an exploit, it is common to see many websites that will mimic the exploited platform and try to trick users into signing an approval of all their assets. These phishing platforms will state "Please revoke your tokens". Instead of protecting yourself, you are signing all your assets over.
However, this new exploit encompasses a new technique of scamming via tokenized gas. Due to the absence of [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) on the BNB chain, the scammer was able to steal some of the users' transaction fee. The malicious behavior occurs when a “[revoke](https://revoke.cash/)” is issued to safeguard a user’s funds, but instead it maliciously mints tokenized gas to the scammer. Consequently, all EVM chains that have not implemented eip-3529 are strongly advised to do so.
The user’s funds, outside of the large transaction fee, of this revoke approval scam are “safe”. Compared to [previous approval scams](https://ethereum.org/en/security/#:~:text=You%20will%20get%20prompted%20to,private%20keys%20to%20the%20scammer.) that steals all the user's assets, this exploit only steals money via the large [transaction fee](https://bscscan.com/tx/0x7d3e1abaf857abd39e557ccb908c8273c436fd11d22f63c2791c73473bef63ad). Users should be careful about what they are signing. Transaction fees on networks such as BNB should not be $65.
### What Are Gas Tokens?
On the Ethereum network, gwei is auctioned off each block. As users could not predict the future gas price, gas tokens were introduced to hedge against gwei volatility. The [Chi Token](https://blog.1inch.io/1inch-introduces-chi-gastoken/) was introduced by [1nch](https://app.1inch.io/) as the most efficient gas token. By tokenizing gas, users and developers could "lock" the current gwei rate and save later on. Other considerations such as [eip-1559](https://eips.ethereum.org/EIPS/eip-1559) have been implemented to protect users from the transaction fee volatility and attempting to make block fees more predictable.
Tokenization of gas came with disadvantages such as filling up unnecessary block space. As a consequence of users exploiting higher refund costs, [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) was introduced to remove tokenizing gas. However, not all EVM chains implemented this. As such, the exploit explained below was on BNB network.
### How Do Gas Tokens Really Work?
Gas tokens work by filling up the blockchain with junk data. When storage is cleared on Ethereum before eip-3529, users were granted large gas refunds. During a transaction, there is a refund counter that separately counts the amount of gas to be refunded at the end of the transaction.
`SELFDESTRUCT` and `SSTORE` refunds were introduced for ["good state hygiene"](https://eips.ethereum.org/EIPS/eip-3298). By clearing or deleting storage, a user could get a refund of 15,000 gas. If the user self-destructed the contract, the refund was 24,000 gas. When gas is lower, a user can write to the state and use it to help pay for a transaction when the gas is higher. Since the maximum refund can only equal half of the gas consumed, it can be a sizable savings if the gas price is high.
### What Happened?
The exploit works by tricking the user to assuming the transaction fee to revoke is expensive. A fake [Dai Token](https://bscscan.com/address/0x1af32e8488822bf8e2fff374de8d737ecfb368c3) is used to spoof users into thinking their fund will be lost. Users pay a large transaction fee to mint the exploiter.
This [Scam Transaction](https://bscscan.com/tx/0x7d3e1abaf857abd39e557ccb908c8273c436fd11d22f63c2791c73473bef63ad) will be used for the following example:
1. User signs transaction spoofed revoke.
- This looks completely harmless to the user signing as they will not lose any funds other than the transaction fee charged.
2. Approval method takes in the correct amount to the correct revoked address.
4. Emits the proper revoke.
- The transaction appears to be harmless!
4. Calls the function `0x1c5e()`.
- This funciton is where the scam occurs.
The storage slot 75 is equal to the Chi Token.
6. `0x1c5e()` then uses the amount of gas sent for the transaction to.
mint the phishing contrac Tokens.
6. The return is hard coded to always be true.
### Asset Tracing
The [Chi Tokens](https://blog.1inch.io/1inch-introduces-chi-gastoken/) currently reside inside of the [Fake Dai Token](https://bscscan.com/token/0x0000000000004946c0e9f43f4dee607b0ef1fa1c?a=0x1af32e8488822bf8e2fff374de8d737ecfb368c3) contract.
However, the [exploiter](https://bscscan.com/address/0x8639b763e40a8b42fd9008b7d3d1f3a9caba87a4) that created the [Fake Dai Token](https://bscscan.com/token/0x0000000000004946c0e9f43f4dee607b0ef1fa1c?a=0x1af32e8488822bf8e2fff374de8d737ecfb368c3) received funds from [0xe964c0..2db5](https://bscscan.com/address/0xe964c0adb82465e15c58468b5a8298f38db02db5) which was [funded](https://bscscan.com/tx/0x9f4ecfbd4d6b2851fe28ba24d5ae3577354ef47a8c7c13e9ceb3ad0d04a8ddf9) by Tornado Cash.
Total Assets lost is just roughly $3000-4000, but the scammer can only receive $400-500 as the price in the LP is much lower than the transaction fee charged.
## Notices for EVM Compatible Chains
All EVM compatible chains should implement [eip-3529](https://eips.ethereum.org/EIPS/eip-3529) as to stop this scam from happening. As we cannot stop malicious users from exploiting users funds, we can implement eip's to mitigate as is feasible.
## Key Takeaways and Recommendations
Proper key management and password management is crucial to ensuring your wallet is safe. Below are some critical security measures that everyone should use.
- 2FA should be enabled on all accounts.
- Since 2FA SMS spoofing is possible, a security key can be used to mitigate this concern.
- A password manager for more complex passwords and ensuring that passwords are not reused on each platform.
- Proper education around wallet security.
- Careful consideration of what a user is signing.
- A User can check the smart contract on the respective blockchain they are signing.
## Copy paste Zokyo Disclaimer portion
Google Drive
Gist
Clipboard
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
