phil
@phil
A friend of mine was hacked recently from a phishing link. We used revoke.cash to remove bad approvals, but it missed a few from lesser known contracts. I was able to quickly spin up pre-configured @stelo links to easily fill the gap without needing to walk them through onerous technical details. Nice job @scharf!
4 replies
1 recast
10 reactions
Rosco Kalis
@rosco
Hey, could you share the details of the approvals that you believe Revoke missed? And how did you determine these approvals? It shouldn't matter whether something is a "lesser known" contract, Revoke should catch them all. So the added details would be very helpful for me to investigate.
1 reply
0 recast
1 reaction
phil
@phil
They were specific token Approvals that were set, instead of SetApprovalForAll. It happened for Meebits, World of Women, and the Art Blocks x Pace contracts.
1 reply
0 recast
0 reaction
Rosco Kalis
@rosco
Those should still show up on Revoke. But this type of approvals "resets" when the NFT gets transferred, do you think that could be the case here, or were the affected NFTs still in the user's wallet when they tried revoking their approvals?
2 replies
0 recast
0 reaction
Rosco Kalis
@rosco
Here's an example of what an approval for a single NFT (by token ID) looks like on Revoke.cash.
0 reply
0 recast
0 reaction
phil
@phil
Got it. I wasn’t sure if the approval reset when the token was transferred.  I hadn’t seen it in the spec and wanted to be maximally sure, so I had my friend also manually toggle set approval for all to false for the phishing contract. I’ve got some thoughts here on how to improve the UI if interested
1 reply
0 recast
0 reaction
