I have no idea what I’m doing — transaction clarity in DeFi
Without any doubt, 2021 was a big year for Crypto Space and DeFi. However, among many topics, no other has sparked such a heated discussion as NFTs. Probably there is not a single person who has not heard about “JPGs sold for millions of dollars”. I was definitely no different but as a curious person too, I decided to check what this fuss was all about. Consequently, I took my virtual steps to visit OpenSea — the most famous NFT Marketplace in existence. Because I did not have spare “hundreds of dollars” to spend on transaction fees, I decided to use Polygon PoS Chain [1], which at the time was freshly integrated into OpenSea. After all, I was there just to play around and Polygon PoS has almost the same user experience as Ethereum thanks to its EVM (Ethereum Virtual Machine) compatibility. After just a few clicks, I was a proud owner of my very first MS Paint generated NFT. Of course, I have not stopped there and decided to sell my work of art! Unfortunately, there was nobody crazy enough to buy my little abomination, so I was forced to buy it from myself. After a few more clicks my JPG was listed and “sold” for an astonishing 2$ worth of WETH. That was fun — I thought to myself — and then it struck me. Wait a minute… during all this messing around I have not sent even a single Transaction via my MetaMask wallet. All I did was just sign some hexadecimal gibberish messages. All of those should be kept off-chain. Right? What kind of magic was happening here?!
Meta-Transactions, EIP-712, and other magic tricks
The magic word, which explains the above phenomenon is “Meta-Transactions”. But what exactly is Meta-Transaction? Long story short, that is how I would define it:
Meta-Transaction is a piece of off-chain data (a.k.a. message) that is compatible with the specific Smart Contract and can trigger some action in that Smart Contract. Meta-Transaction is protected with a signature created by your wallet’s private key to confirm that you indeed approved such action.
It is necessary to emphasize that Meta-Transactions are NOT native Ethereum Transactions and as a result, they are NOT natively supported by Ethereum Network. Meta-Transactions, to be able to do their magic, first need to be developed into Smart Contract code itself. Afterwards, Meta-Transactions, to be executed by such Smart Contract, need to be conveyed to it on top of native Ethereum Transaction (inside Input Data field). Therefore, an entity that sends Meta-Transactions (and pays the transaction fees) does not have to be the same entity as the one which signed it. This simple fact is the biggest value-added of Meta-Transactions, which brings multiple benefits for both end-users and DeFi protocol creators.
Delegation of Transaction costs (a.k.a. gasless transactions) can create a much smoother onboarding experience for new DeFi users (Like me creating my first NFT on OpenSea) or reduce the friction of everyday usage by limiting the number of native transactions being sent on the blockchain (Meta-Transactions can be stuck up and executed in batches). All of those are especially valuable in the current high-fee environment of the Ethereum Network. Consequently, it should not come as a surprise that Meta-Transactions are being more and more widely used in DeFi projects, including some most famous protocols like Uniswap [2] or OpenSea on Polygon Network [3].
On top of that, we have EIP-712 — another silent hero of DeFi Space [4]. EIP stands for Ethereum Improvement Proposal and it is exactly what the name suggests. EIP-712 (Not to be confused with EIP-721: popular interface for non-fungible tokens a.k.a NFTs [5]) is a standard for “hashing and signing of typed structured data”. Behind that, a slightly enigmatic description is a proposal for structuring signed data (like Meta-Transactions), which should result in improved usability and compatibility of signed off-chain messages (again… like Meta-Transactions) in later on-chain usage.
This structured approach should also increase the overall user experience as the presentation of structured data is usually easier to grasp. Before EIP-712, signed messages (yes… Meta-Transactions!) were presented as opaque hexadecimal strings, which had no context while displayed to the user and were nearly impossible to understand. That was because each DeFi protocol used its own home-brewed structure that was unknown and obscure to everybody except its creator.
Nowadays EIP-712 is widely adopted due to its support by Metamask [6] (probably the most popular wallet provider) and Hardware Wallets like Ledger. We can find EIP-712 structures in such DeFi protocols as mentioned before Uniswap, OpenSea, or WETH Token Contract.
Ignorance is bliss?
With the above exposition, the stage is finally set for the big question. Is there any problem here? I believe no one will argue that gasless transactions are great and I totally agree with that. However, truth be told, neither Meta-Transactions nor EIP-712 helped DeFi to become more transparent and understandable for the end-user. Ironically, I believe it made it even worse.
During the whole process of creating, listing, and selling my first NFT on the OpenSea I had no idea what I was actually doing. Unfortunately, it was not because I was not paying attention. Blockchain is in the area of my interest long enough to know a thing or two about Smart Contracts and the most common security practices. The true problem is that Meta-Transactions in their current form (even with EIP-712) are still too obscure to be easily verifiable. Potential verification processes (like analyzing functionSignature hashes to map them to invoked Smart Contract functions) bring too much friction to be feasible for an average user. It is more likely that the end-user will abandon the whole process altogether, rather than try to figure out what those signed messages are really doing. Assuming that such verification is possible, which might not always be the case.
What is more, the introduction of EIP-712 did not provide any advancement in transaction clarity either. In its original proposal, EIP-712 was supposed to also improve signed messages readability to the end-user. However, the final result is that before EIP-712 we were signing opaque hex strings and after EIP-712 we are signing opaque hex strings… which are also structured.
Just to be clear it is not like Meta-Transactions and EIP-712 created this problem and before them, it was all sunshine and roses. The subject of DeFi transaction clarity and readability is not moving from “good” to “bad”. It is more like moving from “tricky” to “trickier”. Not the best sign in the space which was born from the statement: “Don’t Trust, Verify”.
Why it matters — a short story of BadgerDAO hack
Lack of overall transaction understanding among DeFi users creates dangerously fertile ground for hacks. Interestingly, those do not even have to be particularly sophisticated. After all, why look for loopholes in Smart Contract code if you just need to exploit the simple fact that most DeFi users cannot tell apart legit requests from not legit ones.
At this moment some may say that people are not so reckless and frankly speaking I do not have any hard data to prove otherwise. I base it on my gut feeling and recent events like the BadgerDAO hack. A quick recap is necessary:
Hacker was able to tweak the Frontend of BadgerDAO and put there an extra request for a spent allowance increase. This allowance was given to Hacker instead of BadgerDAO Smart Contract Address. For those who might not know, Allowance is one of the most important functions of standard ERC-20 tokens. It is widely used by DeFi projects such as Decentralized Exchanges, as it gives the ability to move tokens from your wallet by entities other than yourself. There were at least a few red flags in this whole situation, which some users have noticed [7]. Unfortunately, it was not enough to avoid 120 million dollars being stolen in the process.
What is most scary in the BadgerDAO hack is not the loss of 120 million dollars. The scariest part is the fact that in this whole story Meta-Transactions and EIP-712 were not even used. End-users did not sign some cryptic, (yet structured!) hexadecimal values. Everything was given out in the plain text on the Metamask pop-up “Give Permission to access your <Token Name>? By granting permission, you are allowing the following contract to access your funds”. Interestingly, attackers were also able to obfuscate this message in later stages of their attack (More information about that is available here [8]). The point is, that Meta-Transactions, Sign Messages, and EIP-712 would make it even more cryptic and hard for the end-users to notice that something fishy is happening. In the end, such a hack with Meta-Transactions in place could be even more devastating.
How to live? What to do?
I believe that transaction clarity is extremely important for the pace of future DeFi adoption. Lack of it creates space for attacks that cannot be easily avoided by simple technical means.
In 2021 alone we have experienced a significant inflow of capital into DeFi and with it new users (Total Value Locked went from around $28B to $87B [9]). It is believed that around 70% of all US Crypto investors started investing in that particular year [10]. Unfortunately, those new users will be naturally more prone to attacks resulting from poor transaction clarity.
If we have learned anything at all from previous hacks, it is that DeFi users need some technological fluency to be able to protect themselves. At the same time, we cannot just put the whole responsibility on the end-user shoulders. Being reckless is one thing. Creating systems that encourage recklessness is completely another.
To further expand DeFi we need not only to develop new toys but also to invest time in making our current ones more understandable for both new and seasoned users. I believe that the current situation can be somehow improved with the following suggestions for the Meta-Transaction area:
- Domain Visibility: Make user access to the Domain part of EIP-712 messages easier in software wallets like MetaMask. The domain part of EIP-712 is meant to prevent the signature of one dApp from being used by another dApp. It holds information like dApp name, Chain ID, and address of Contract which will verify the signature. This might significantly facilitate the verification process for curious or cautious users.
- Verification Instructions: Currently, when signing EIP-712 messages Hardware wallets present a hash value of the signed message and its domain part. However, for many users, those might be hard or even impossible to verify. Software and Hardware Wallets providers should collaborate to produce clear step-by-step instructions on how such hashes can be verified. Without those hash values presented on the Hardware wallet screen does not provide any additional level of security.
- Meta-Transaction Review-Ability: As presented in the BadgerDAO section of this article, MetaMask pop-ups can somehow descriptively present to the end-user what kind of request is being signed and what potential harmful consequences are connected with it. We know that as an outcome of the BadgerDAO hack MetaMask is “currently working on some confirmation review-ability improvements [8]”. I believe those improvements should not only be done for native Transactions but for EIP-712 Meta-Transactions too. Ideally, software wallets should descriptively present all standard ERC-20 functions no matter what kind of transaction is performing them.
- Meta-Transaction Editability: One of the security practices preached widely nowadays is to alter spend limits on allowance requests from the default (infinity) to smaller values. This advice is very reasonable yet can be performed only on native Ethereum Transactions where software wallets like MetaMask allow you to edit the DATA field of the transaction. Currently, there is no way of easily changing allowances done via Meta-Transactions. As a result, such security practices are out of reach of Meta-Transactions as they are not editable. Such a situation is unacceptable when Meta-Transactions can do the same amount of harm as the native ones.
- Meta-Transaction History: Last but not least, software wallets should provide an option to keep the user history of signed messages. Currently, messages become invisible to the user as soon as they are signed (until they are pushed on-chain by the relayer). Each user should have an option to clearly see what kind of messages he signed as Meta-Transactions very often can hold the power to move his funds without his knowledge.
I have no doubt that with or without the above suggestions, DeFi will show us more of its potential in the near future. However, it will be a much more enjoyable ride if we keep in mind that as long as being cautious is hard, people will remain reckless. As perfectly grasped by a great thinker…
References
[1] https://polygon.technology/
[2] https://docs.uniswap.org/protocol/V2/guides/smart-contract-integration/supporting-meta-transactions
[3] https://docs.opensea.io/docs/polygon-basic-integration
[4] https://eips.ethereum.org/EIPS/eip-712
[5] https://eips.ethereum.org/EIPS/eip-721
[6] https://docs.metamask.io/guide/signing-data.html
[8] https://zengo.com/the-badgerdao-hack-what-really-happened-and-why-it-matters/
[9] https://www.defipulse.com/
[10] https://cointelegraph.com/news/70-of-us-crypto-holders-started-investing-in-2021-report
