• GM Frens Lootbox
  • Posts
  • How To Reduce Your Risk Of Exploit And Dev Tools For New Web3 Devs In 2023

How To Reduce Your Risk Of Exploit And Dev Tools For New Web3 Devs In 2023

AuthorAuthor

Manuel Olumorin & Mark Kennedy
January 04, 2023

GM and a happy new year 🍾!!!

Lootbox is back in 2023, bringing you the best of Web3 gaming to your inbox. We want to get to a good start so here's the loot we have for you.

  • Reduce your exposure to exploits with a wallet hygiene

  • The best Web3 dev tools for 2023 and why

  • The Sneakies

Wallet Hygiene To Reduce Your Risk Of Exploits

2022 was a rough year for crypto, where we saw big hacks and exploits. The big takeaway of the year was proper asset management. Many learned the hard way, and now we are seeing hardware wallets selling like hotcakes.

That seems all well and good, but what if that's not the only clear and present danger?

Let's talk about it.

Transaction signing is familiar to people regularly interacting with smart contracts. From read-only to send signatures, every crypto user has had to sign a transaction at some point. What many don't realize is that these signatures often have "permissions" or access that is granted until revoked.

Take this avid crypto user who started a lively Reddit thread on the topic. Reddit user 4cademy on January 1 posted their advice on how they "thought it was time to check my approved smart contracts.” You can check out the thread below.

r/CryptoCurrency - Check and Revoke your smart contract approvals ASAP

253 votes and 116 comments so far on Reddit

https://www.reddit.com/r/CryptoCurrency/comments/100lheh/check_and_revoke_your_smart_contract_approvals/

4academy shockingly found out, as many do, that a slew of smart contracts had granted unlimited send amounts for different tokens. If one of these smart contracts is compromised, all your funds can be moved without your permission with a single click.

Still think it's no big deal?

The 10 largest thefts last year saw around $2.1 billion stolen, mostly from Defi protocols and bridges where hackers found ways to exploit existing smart contracts.

What to do?

It's time to institute a wallet hygiene, like brushing your teeth everyday to prevent tooth decay and gum disease.

How do you do it?

Revoke often and without mercy. One of the great pillars of crypto and the broader Web3 mindset is "Not Your Keys, Not Your Crypto". This simple phrase, while referring to key possession is really a mantra for the greater responsibility of total asset management control. You are the master of your assets in this space. I don't know about you, but I don't like giving unfettered permission to anyone for my vault. Schedule a regular time when you revoke access to all the smart contracts you interact with. It could be every month, every quarter.

Separate your wallets. Keep one for minting and another for your vault, at the very least. I personally have several mint wallets in case one gets exploited by a malicious contract. The wallet can be dropped and swapped out with ease.

Give Fewer Permissions. I spent a lot of time in my early crypto days, trying to avoid malicious links, contracts, and phishing scams. It's a minefield out there. Sometimes if something doesn't seem right, it's better to walk away.

Taking this to the next level, revoking permissions at regular intervals should be built into dapps similar to how Google signs out accounts automatically and you have to log in again.

Top 3 Platforms For New Web3 Devs in 2023

We cover a lot of news here. Sometimes we like to bring you something different. In the spirit of this here are a few platforms for new Web3 developers to explore as they begin their journey in this space.

ALCHEMY

In only 16 months, Alchemy, which has been called the Amazon of Web3, has grown to be worth $10B. The world's top web3 applications use Alchemy to power $100 billion in transactions each year. What's attracting devs to alchemy?

  • An all-in-one dashboard that helps devs manage the app’s data, user interactions, and more from a single interface.

  • Simple to set up an account and get started building code right away

  • The array of developer tools makes it easy to build, test, and deploy a Web3 app.

  • Enhanced Alchemy APIs give its users exclusive features, allowing for an easy query of just about any information on chain.

Alchemy is a great place to start building a web3 Dapp, for those familiar with code but unfamiliar with blockchain. Those looking for a simple all-in-one interface for managing their app's data can find it with Alchemy.

CERAMIC NETWORK

Ceramic describes itself as a decentralized network for mutable information. Ceramic is a public, decentralized, censorship-resistant network for managing mutable information on the open internet without databases or servers. In other words, Ceramic helps to scale your Dapp. Why use Ceramic?

  • Developers can easily create, manage, and deploy their Dapps without worrying about data interoperability.

  • Ideal for devs looking to build data-heavy applications, making it easy to manage and scale data.

  • Ceramics' open API devs can store, modify, and retrieve data, this makes Ceramic an excellent choice for devs who want to build on top of existing data sets.

  • Scalable consensus allows Ceramic to handle a large amount of data.

  • DID authentication allows developers to share data easily and efficiently.

  • Immutable naming ensures data is always available and up-to-date.

Ceramics dedication to its community is apparent through its Discord, Twitter, and a dedicated Help forum among other community resources. These helpful avenues allow devs to roll into ceramic easily and will make them attractive to new developers. Their documentation is also simple and easy to understand, allowing devs to roll existing apps into the platform in no time.

THE GRAPH

The Graph is the indexing and query layer of web3. Developers can build and publish open APIs, called subgraphs, that applications can query using GraphQL. The Graph breaks the trend of user data exploitation for profit common in the Web2 space. They do this by implementing a decentralized data economy and a library of open-source APIs (subgraphs). Why use The Graph?

  • A Global GraphQL API allows devs to access and use data from several sources, reducing bottlenecks.

  • Interoperability within The Graph allows devs to connect to various data sources, making it painless to find the data devs need quickly.

  • The Graph team is big on security. They have implemented several security measures to protect projects' data.

  • Reliability is vital to web3 devs, and The Graph is built on a robust and scalable infrastructure.

Many web3 devs are familiar with The Graph, and the advantages they provide devs over traditional data query methods are broad. With little competition, It is easy to see them being a force for web3 gaming devs in 2023.

Want more platforms to explore? Check out this article HERE.

The Sneakies

Love this email?

Forward it to a friend who needs to read this.