A Deep Dive into Smart Contract Wallet Security Risks & Best Practices
6 min read
In our earlier guide An Introduction to Crypto Wallets and How to Keep Them Secure, we covered the crypto wallet threat landscape as well as some basics and key terms. In this next guide, will cover smart contract wallets in depth and the unique and complex threat vectors to be aware of when interacting with them. We will also list some best practices to secure funds. Let's get started!
Smart Contract Wallet Overview
Smart contract wallets are capturing more attention across multiple ecosystems (Solana, Ethereum, etc.) due to their combination of features across security, flexibility, speed, and convenience. Smart contract wallets allow users to store cryptocurrency, NFTs, and access many popular decentralized applications (dApps). One common use case for smart contract wallets is using it as a safe deposit of joint funds controlled by multiple parties.
How Smart Contract Wallets Work
The funds in smart contract wallets are accessed and controlled through smart contract code. The smart contract allows for programmable features such as social recovery, transfer limits, and account locking/freezing. In addition to completing transactions, users have the ability to configure and set policy features and controls across their transactions.
Many smart contract wallets deploy a multi-signature security approach which enables users to add additional users to their wallet who can approve and sign transactions. At a minimum, two signatures are required. A trusted user can be a friend, a secondary wallet, or a third party who will typically have the ability to participate in any of the wallet owner actions. As a signer/approver, a trusted user can help recover the wallet in the event of compromise or when the owner cannot access it.
Additional functionality that smart contract wallets enable include but aren’t limited to; account freezing, transaction limits, transfer limits, multi-factor authentication, allowlisting, trusted parties, bundled transactions, and paid gas fees depending on the vendor offerings.
Smart Contract Wallet Security Risks
Any additional flexibility features being offered with wallet products come with trade-offs. Since smart contract wallets are smart contracts (code written by humans), many of the same risks we see inherent to smart contracts apply. Many of the top ten Smart Contract Risks fall into three main categories: Operational Risk, Implementation Risk, and Design Risk and are applicable to many of the smart contract wallets on the market today.
- Operational risks: these involve access, authorization, and privilege escalation risks that can be exploited when logic in the code is insufficient or flawed Examples include: Escalation of owner privileges, by-passing signers/approver, allowing an owner to also be a signer/approver, and the ability to change configurations arbitrarily.
- Implementation risks: these are errors that can result in unintended smart contract wallet behavior. Examples include: Unauthorized transfers or activities, bypassing limitations on transfers or other money movement activities, activities that can take place with none of the intended controls (locking, recovery, etc.), incorrect signatures, connecting to dApps without permission, restoring removed dApps, and signing malicious transactions.
- Design risks: these encompass wallet design features that are exploited to alter the intended smart contract behavior. Examples include: functions that can be triggered that are not defined in the code, asynchronous transaction processing, replay functions, return statement, and callback functions.
Another common security risk includes compromised private keys. While it is marketed across smart contract wallet vendors that users of smart contract wallets do not need to manage their own private keys or seed phrases, it should be noted that the wallet private keys are stored in the smart contract. Smart contract code is public and visible, and it is critical that the private keys stored in the smart contract are encrypted. Regardless of the wallet type, if the private keys become compromised, your wallet funds are at risk. Ultimately, this is an end user decision and risk acceptance on whether or not they would want to control the private keys or entrust the smart contract code to do so.
Despite certain enhanced features, smart contract wallets are still susceptible to attack and compromise. These include:
- Malicious Modules: Smart contract wallet functionality is encapsulated by modules that are used to handle sets of operations that take place. These modules can have more power than the wallet owners and can act as an attacker-controlled backdoor to control the wallet and its funds. Obscure and malicious modules can potentially phish and hack users, especially ones that are not inherent to the wallet vendor and can come from a potential marketplace.
- Wallet Control Outside of the Owner: It can be common to use a third party to deploy a smart contract wallet. If this is the case, it cannot be assumed that the wallet will only be controlled by the owner. Additionally, attack vectors can widen depending on a given implementation, and it is not safe to assume that any smart contract wallet is always controlled by the owners as transactions can be executed without owner approval. Similarly, integrating systems with a smart contract wallet can result in other accounts that are different from those listed as owners of the multisig setup to have control. Receiving a transaction from a multisig wallet does not mean that the owners have approved the transaction.
- dApp Integrations: Integrations with dApps can be flawed and can make wallets susceptible to malicious transactions from any given dApp.
- Phishing: Phishing is a tried and true method that applies to smart contract wallets. If an attacker is able to obtain multi-signature data from a wallet user, they may have the ability to make calls to an external contract and change contract data that can result in funds being transferred without signatures.
How to Keep Smart Contract Wallets Safe
It's without a doubt that keeping your smart contract wallets safe from these attacks and security risks is of the utmost importance. By following these best practices, you can ensure that you are taking every precautionary to keep your smart contract wallet safe and secure.
- Complete security audits on all smart contract wallets inclusive of: code, modules, proxies, integrations, and sessions.
- Take precautions against malicious deployments by following secure code deployment standards.
- Check and confirm all addresses you are interacting with before signing a transaction.
- Ensure that all transactions are verified before signing.
- Confirm all dApps' integrity and deactivate dApp sessions when not actively being used.
- Review modules and understand what they are and the power they hold.
- Understand your trade-offs during deployment when it comes to flexibility and security.
- Pay attention and stay vigilant to avoid phishing scams that can attempt to obtain multi-signature data from a user to be used nefariously.
- Monitor transactions regularly so that malicious transaction data can be spotted early.
- Ensure that any smart contract wallet apps are being accessed through official websites.
Thanks for reading! Remember that although smart contract wallets have additional features and flexibility, it should not be assumed that they are more secure than any other type of wallet. As we've learned, the additional features are programmable code that have the ability to be exploited coupled with inherent smart contract risks and vulnerabilities. Developers, auditors, and users ultimately play a key role in the safety of the implementation, design, and daily use.
We ❤️ Feedback!
If you have any feedback or questions on this guide, let us know. We’d love to hear from you!