NFT Delegation - How to Protect Your NFTs from Malicious Smart Contract Approvals

8uVB...zE69
2 Oct 2023
79

Anyone who has a dear or valuable NFT has a very similar concern:
We don't want to lose our NFTs to a malicious contract approval or a wallet hack.
So, by reason, any valuable NFT should be safely stored in a cold wallet.
But, in some situations, we cannot use cold wallets to interact with dApps and web3 applications so we may be missing opportunities.
Or, we don't want to use our most valuable hot wallets, where we keep our most valuable crypto assets, because we don't want to expose those wallets to hacks, scams or accidents.
Now, what do we choose:

  • To keep our NFTs safely stored in cold wallets or secured hot wallets, and protect them from hacks?
  • Or to use our NFTs for what they are intended, which is to interact with dApps and web3 applications?

Fortunately, with delegate.xyz we can delegate NFTs while keeping them safe and, also, not exposing our valuable wallets to hacks. For example:

  • We can delegate our NFTs safely stored in a cold wallet to a hot wallet
  • Or we can delegate our NFTs safely stored in a secure hot wallet to a burner hot wallet

So we can safely use our NFTs while keeping them fully protected.


What is a Malicious Contract Approval?

Hackers and scammers do write smart contracts that that harmful and malicious intentions. 
Smart contracts: Smart contracts are self-executing code programs that run in the Blockchain. They have the advantage that they can automatically enforce, verify, or execute the terms of a contract without the need for intermediaries.
Smart contract approvals: To interact, a smart contract will require the user to approve a specific action like transferring a token, triggering a function, giving specific or general permissions, and such.
Malicious smart contracts: Some contracts are written with harmful or deceitful intentions that will be detrimental to the user like stealing assets such as cryptocurrencies, or NFTs. 
Every single day, people sign malicious contract approvals that grant access to their crypto assets or their crypto wallets.
And every single day hackers drain crypto wallets through the permissions granted to them through those malicious smart contract approvals.

 
How does Delegate XYZ can be used to Protect our Assets and NFTs?

As explained in the website, Delegate XYZ is a:
' ... solution to secure valuable on-chain assets while still participating in NFT airdrop claims, ERC20 token governance, and more.
Users link cold wallets with hot wallets, and then the hot wallet can act on behalf of the cold wallet, like crypto power-of-attorney.'
As an example, with Delegate XYZ you can:
'...assign a hot wallet delegate for your cold wallet vault - that's it. The delegate has permission to claim airdrops or other utility on behalf of the vault, but it cannot touch anything within the vault'

Can Delegate XYZ be Trusted?

This is for you to decide, but Delegate XYZ makes sure to be as transparent as possible, as explained in their documentation
- Fully Onchain: There are no off-chain signatures floating around a hidden relay network. This gives users important assurances that what you see is what you get. Attack vectors like the OpenSea stale listings problem are prevented.
- Fully Enumerable: We provide on-chain methods to get a complete list of all delegations for both cold and hot wallets. No event parsing is needed. This greatly simplifies integration efforts for both smart contract and frontend developers.
- Fully Independent: There are zero external dependencies or admin/governance control, so the attack surface is locked down and the registry can deployed on any EVM chain of your choice.
- Fully Immutable: There are zero admin powers. Because governance is an attack vector, there should be none of it in a neutral trustless delegation standard. The standard is designed to be as flexible as possible, but upgrades are always possible by deploying a new registry with different functionality.
- Fully Verifiable: By using vanity addresses for CREATE2 deployment, the contract can be permissionlessly deployed at the same 14-leading-zeros address across multiple chains. This makes it easier for end users to verify that they’re interacting with the correct contract.
Have a look at what Delegate XYZ is and what solutions they can offer. Because it may be very worth your time to keep your crypto digital assets safe.
_____________________________________________________________________________________________
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
If you have additional time, consider digging deeper and expanding your knowledge about private keys and seed phrases
_____________________________________________________________________________________________
Article originally published at: https://www.publish0x.com/@Crypto-Safety-First

Crypto Safety First

Subscribe
Enjoy this blog? Subscribe to CryptoSafetyFirst

6 Comments

B
No comments yet.
Most relevant comments are displayed, so some may have been filtered out.