Overview

Fireblocks offers users access to DeFi protocols on Ethereum and other EVM-compatible and non-EVM-compatible networks.

DeFi activity requires interacting with smart contracts. These are displayed as a special transaction type in Fireblocks identified as Contract Calls.

Interaction with smart contracts poses unique security risks that may lead to theft or loss of funds. Attacks can be performed on the smart contract itself, the Web3 app, the client that interacts with an app, or through a man-in-the-middle attack between the client and the wallet before a transaction is signed and broadcast.

Protecting against attacks in DeFi

Only allow interaction with whitelisted contracts

By default, the Fireblocks policy engine authorizes interaction only with whitelisted addresses.

Limiting smart contracts interactions to whitelisted contracts only or defining an escalated authorization flow for any interaction with non-whitelisted contracts using the transaction authorization policy is recommended.

Review contracts by multiple people before signing transactions

Contract calls are decoded on-the-fly, and the method name and parameters of any call to a smart contract are displayed in the console and Fireblocks mobile app. Fireblocks maintains a list of common contracts and their application binary interfaces (ABIs) in order to automatically decode and accurately identify DeFi transactions. To decode a custom contract that is not listed in the Fireblocks database, contact Fireblocks Support with the request.

The transaction authorization policy also allows you to define multiple authorizers to review transaction details before a transaction is signed.

Limit the amount of funds you put at risk

Funds may be withdrawn from your vault by interacting with DeFi protocols. For example, every swap operation where one asset is exchanged for another withdraws the chosen asset from your vault.

If the withdrawn asset is that network's base asset (such as Ether on the Ethereum network), then similar to a regular transfer, the withdrawn amount is definitive, is indicated as part of the transaction, and can be therefore limited through the transaction authorization policy (TAP).

However, withdrawing ERC-20 tokens as part of a DeFi operation is a two-step process. First, the user authorizes the contract to withdraw funds on their behalf with an Allowance / Approve transaction. Then, the smart contract withdraws the required amount of funds at a later stage, usually as part of the actual DeFi operation.

Creating an Approve transaction from a decentralized app (dApp) typically permits withdrawing the maximum amount of funds possible. The DeFi contract is then allowed to withdraw an unlimited amount of tokens from the user. This reduces the need to create additional Approve transactions in the future but poses a potential security risk. Because the contract is able to withdraw any amount of funds from your vault, it may withdraw more funds than expected either due to an implementation bug or an intended attack. It is recommended to follow these best practices to mitigate this risk:

• Limit the amount of funds stored in vault accounts that interact with DeFi.
• Enforce a policy for allowance (approve) transactions - Fireblocks allows users to define transaction authorization policy rules that apply specifically to allowance transactions. Based on the transaction amount, policy rules can either limit or require escalated authorization for approvals above a set threshold. These rules apply to both approve() and the less common increaseAllowance() transactions.
• Approve capping -  Most dApps request an unlimited allowance to your funds. The Approve Capping feature allows you to set a maximum amount that any smart contract can withdraw from your Fireblocks workspace. Any DeFi transaction above the limit is decreased to the set amount before signing. Learn more about setting a cap on Approve transactions.
• Periodically check open token approvals - Use this tool provided by Etherscan to find previously approved operations. You can then reduce token allowances or completely revoke access if you no longer interact with a specific contract.