TLDR:
Wallet hygiene relates to keeping your wallet secure and therefore your assets too.
Revoking removes old permissions you’ve given for protocols to move your assets for you. This means if the protocol is ever hacked your assets are still safe.
Delegating links a hot wallet to another wallet holding valuable assets, so that you can use the hot wallet in its place and never risk signing your valuable assets away.
Last week’s post was about Pocket Universe an important solution to keep your self secure from scammers in the Web3 world. There are equally great alternatives like Wallet Guard and Fire but having at least one of these browser extensions is essential.
Today continuing on the theme of keeping yourself secure in Web3 I’ll cover revoking and delegating wallets.
Revoking and delegating are different yet similar concepts that I thought could sit well together in single post since they are both related to security and focused on the “permissions” assigned to a wallet.
Wallet Hygiene
Wallet hygiene is a generic term that encompasses a lot of things in Web3 related to keeping your wallet and therefore assets secure. Everything from how you store your private keys to how up to date the wallet software you use plays into wallet hygiene.
As a wallet interacts with a lot of different things on-chain we end up leaving a trail and history of unclosed loops.
Many of these interactions can leave you open to attack vectors you may not even be aware of and its important to go back and “clean up” your wallet.
For example, when you swap USDT for ETH on Uniswap, before even doing the swap the protocol will need permission to transfer your USDT for you. In most cases people give unlimited permissions to a protocol like Uniswap to move their USDT even if they are not swapping all of it.
While Uniswap has never been hacked, there’s no guarantee it won’t be in the future, and if it was the hacker could then move all your USDT from your account since you already gave Uniswap those permissions ages ago!
Similarly that random new NFT you were entitled to mint because you have another NFT that gives you token gated access could in fact be a way to drain your wallet. Instead of transacting from a wallet with high value assets you can delegate another one in its place and massively reduce risk.
These “permissions” as such are important to understand and take control of. Both revoking and delegating are therefore important concepts in keeping yourself secure.
Revoking
Revoke.Cash is the go to service for revoking, and in their own words:
When using dapps like Uniswap or OpenSea you have to grant them permission to spend your tokens and NFTs. This is called a token approval. If you don't revoke these approvals, the dapp can spend your tokens forever. Take back control by revoking your approvals.
To do this the interface is super simple, you just: Connect; Inspect; Revoke.
First you must connect to your wallet, and on connecting Revoke.Cash allows you to inspect a list of every token you’ve given approvals to spend, therefore showing how much of your assets are at risk.
For example, with afox.eth you can see I have 21 approvals and $27 + NFTs at risk.
This isn’t a significant amount because I’ve already revoked before, but if you were to open Revoke.Cash with your own account you may find a lot more money at risk.
In my long list of approvals I have the 24 DAI in my wallet able to be spent by Uniswap. This means if Uniswap was hacked they could drain my wallet’s DAI.
Revoking is simple and inexpensive so whenever you see something like this its worth revoking.
In this case when I select “revoke” you can see that a transaction comes up for $0.28 worth of ETH that will revoke my spending cap. Once approved I end up with the certainty that even if Uniswap were hacked the scammers wouldn’t access my DAI.
This same logic applies to my NFTs on Opensea or Blur and to any other tokens I may have given permission for a protocol to move.
Make sure to revoke permissions regularly to keep yourself safe!
Delegating
Delegate.Cash is a commonly used service for this.
Delegation is the other side of the coin. By using a delegate wallet you avoid the account holding valuable assets from ever giving permissions to any smart contracts in the first place!
As Delegate.Cash explains:
Keep your vaulted NFTs and ERC20s safe by linking wallets together. Claim airdrops, prove token ownership, and more from your hot wallet.
With delegation you link a wallet that doesn’t hold valuable assets with another that does, and use it to interact with smart contracts instead.
Delegating does requires smart contracts to take delegation into account, but more and more smart contracts are beginning to do this. You can see a list of contracts on the Delegate.Cash site and they claim over $418m assets are secure through it.
It’s real easy too!
Just “Tap to start using Delegate”, then type in another account or contract you want your wallet to act as a delegate for. In this case I created a brand new account.
When you select “Delegate” you can now either “add to batch” to do multiple delegations in a single go or just “submit delegation” to transact.
What’s cool is you can even get very granular with the “asset” option, getting an account to act as a delegate for one specific asset!
There’s a small gas fee and Delegate.Cash asks for an approximately $1 tip. Then once delegated you’ll see it appear in the registry.
Now the new account I’ve just registered can act on behalf of afox.eth to claim airdrops and mints that I may be entitled to from the NFTs I have in afox.eth.
This new wallet was a totally blank wallet that I created meaning it has nothing valuable in it itself so there’s no risk from using it. When you combine this with Pocket Universe that we looked at last week, you’ll be pretty secure that you’ll never sign away your valuable fungible tokens and NFTs!
Keep Safe
Wallet hygiene and security in Web3 is a topic that honestly there’s just so much to write about.
I feel happy that over the 40+ posts I’ve written in this blog I’ve covered plenty of ways to keep secure.
For example we’ve looked at:
And in future posts we’ll undoubtedly cover more and more ways to keep secure, especially as the technology improves making security even easier.
I hope you’ve learned something new today and are already on your way to cleaning up and revoking onchain approvals that you’ve had for years and didn’t even know about, along with delegating a hot wallet for your most valuable NFTs.
Stay safe out there!