Auto-Revoke Allowances

As part of our dedication to protect your online assets, Fordefi has developed a mechanism for auto-revoking approvals to smart contracts in which suspicious exploits have been identified.

Fordefi integrates with third-party Web3 security providers, chiefly Hexagate, which monitors on-chain activity and continuously broadcasts the addresses of suspicious smart contracts. If Fordefi identifies a match with any address for which our customers have enabled an allowance, the allowance is automatically revoked.

Each such revoke transaction must be signed, either manually using the mobile app, or automatically using the API Signer. Notification of each revoke transaction is sent to the signer you designate.

📘

Note

• When you have multiple open approvals to a suspicious contract of several tokens, multiple transactions are triggered - one for each token.
• Auto-revoke transactions are NOT subject to your organization's policies. If you do not use an API Signer to sign them, you must designate a signer who will approve them.

To enable auto-revoke

1. Open the Fordefi web console.

2. In the side menu, click Allowances.
   The Allowance Management screen opens.

   

3. Click Manage Auto Revoke. In the dialog that opens, toggle on Enable auto revoke.

4. Select the alert provider. At the moment only Hexgate is available.
5. Select Send to API signer to have API Signer sign the generated revoke transaction automatically.
6. Click the Choose signers list to select one of the admins or traders in the workspace. In this case, the approval revocation will be pending until the transaction is signed manually.
7. Click Save.