Hey, Rari Gang.
Earlier in July, we discovered an issue with two Ethereum smart contracts that are no longer in use. Impacted users have approved interactions with the following contracts:
Our core goal is user safety, so we tackled the vulnerability as soon as we identified it, which was over a month ago. Needless to say, all of our current contracts have been fully audited.
Sadly, 209 Rarible.com users were still affected by the issue, while the total damage is estimated at $8,000. We have already contacted the majority of the affected users privately and issued the refunds.
We want you to stay safe and in full control of your funds—on Rarible or any other place in the Web3 where you encounter those contracts.
That’s why we've built a vulnerability scanner tool that allows you to safely check if your was wallet was affected and revoke associated permissions if you are one of the users affected by the recent issue.
This tool is safe, straightforward and easy to use.
How to check if your wallet was affected
Please enter your Ethereum wallet address. Wallet addresses are public and you won't have to connect your wallet to anything, so you don’t risk anything by putting it in.
How to revoke token permissions
Step 1. Head to Etherscan’s token approval checker. If you don’t trust clicking an external link, you can manually search for the Etherscan token approval link—however, please triple-check the URL to make sure it’s the official domain for Etherscan (etherscan.io).
Step 2. Login to your wallet via the “Connect to Web3” button.
Step 3. Select the ERC-20 tab and check “Show all approvals”.
Step 4. Locate and revoke the approved spender(s) shown in the wallet check above.
Step 5. Sign and execute the Revoke transaction.
Step 6. Confirm all affected contracts were revoked by reentering your wallet address in the “Check if your wallet was affected” link.
- If your wallet is still affected, repeat Step 1
- If your wallet is not affected now, you are no longer vulnerable to this security issue.
That’s it! Your NFTs are safe. It’s a good habit to regularly check your token approvals and see which you don’t need any longer. Especially if you interact with lots of smart contracts. That’s kind of like brushing your teeth—an easy ritual that you do to prevent bigger problems.
And, of course: for extra safety, remember to use a hardware wallet!