The Risks of Using DApps

How To's Troubleshooting
1

What is a DApp?

A decentralized application (DApp, dApp, Dapp, or dapp) are applications that run on a distributed computing system. Most of the current DApps now are utilizing distributed ledger technology (DLT) such as the Ethereum Blockchain. DApps are often referred to as smart contracts.

DApps can be in the form of Decentralized exchanges, lending platforms, social networks and even games.

Learn more about DApps here: What is a DApp?

How does a DApp work?

DApp creators give users access to their platform by implementing them as smart contracts. Some examples are Uniswap on the Ethereum Network and PancakeSwap on the Binance Smart Chain. Trust Wallet allows its users to interact with DApps via the built-in DApp browser.

image
image420×828 66.5 KB
image
image420×828 67.3 KB

Before interacting with a DApp, Trust Wallet will present you with a warning. Please make sure you are connecting to a legit DApp. Your funds could be at risk if interacting with a fake or rouge DApp.

Token Approval

When trying to do a token swap, the DApp will ask the user to approve access to their tokens. This process is required to allow the DApp to interact with the user’s wallet. See examples below from Uniswap and PancakeSwap. When a token is being swapped for the first time, a Token Approval is required.

image
image420×828 98.1 KB
image
image420×828 97.3 KB

At this point, you are taking all the risks. To continue with the Token Approval, tap on Send. Once the Approval transaction is done, the token can be swapped.

image
image420×828 75 KB
image
image420×828 75.6 KB

Rouge DApps

A Token Approval exploit is one most common vulnerabilities of DApps. As explained above, the user interacts and gives approval to the DApp to spend tokens in their behalf. Unknowingly, the user provides the smart contract full access to all of their tokens. An attacker can withdraw all of the user’s holdings of that specific asset even if they did not allow such transactions to happen.

Check this video posted by ZenGo team which shows how a Rouge Dapp can drain your wallet via a Token Approval exploit.

How to Avoid?

Always check first the DApp you are interacting with. With Trust Wallet, we are always making sure that the DApps you will see are verified and has been reviewed rigorously. You can also check sites like https://www.stateofthedapps.com and https://dappradar.com to do further research.

Source:
baDAPProve: DeFi’s Security Issue Explained - Zengo

44 Likes