SaucerSwap will be deploying a new router contract and making several changes to its front-end ahead of the Hedera Smart Contract Service (HSCS) security model update on July 11th 2023. Once these changes are in effect, users will be prompted to sign token approvals before swapping or providing liquidity. This will enhance user, dApp, and network security.
Update: SaucerSwap has since published an instructional video that covers these front-end changes.
https://www.youtube.com/watch?v=ahxkvKHni04
Background
The HSCS combines Hedera’s third-generation native entity functionality with a highly optimized Ethereum Virtual Machine (EVM) called Hyperledger Besu EVM. SaucerSwap smart contracts use this Besu EVM for executing transactions, and the resulting changes are stored in the Hedera-optimized Virtual Merkle Tree state. This integration ensures deterministic finality (versus probabilistic finality) of smart contract executions within 2–3 seconds and ensures that state changes are limited to smart contract functionality.
In HSCS version 0.35.2 and older, the security model allowed for account key signatures provided at transaction time to authorize actions. This model enabled smart contracts to be delegatecalled to perform operations on behalf of another account, including Hedera Token Service (HTS) operations. The SaucerSwap dApp utilized this feature to sign approvals, also referred to as allowances, on behalf of users. This enhanced the user experience by combining multiple transactions into one atomic operation. However, this model had a vulnerability where unauthorized transactions could be carried out by bad actors. This network-level vulnerability was exploited in March 2023 via a precompile attack.
In the new security model, account key signatures are no longer sufficient for authorizing contract actions. Therefore, users must now explicitly sign approvals before performing actions like swapping or providing liquidity.
For more information on the new HSCS security model, please visit https://hedera.com/blog/hedera-smart-contract-service-security-model-update
Upgraded Router
SaucerSwap upgraded its UniswapV2 router contract to conform with the new HSCS model boundaries. Given that non-trivial modifications were made, SaucerSwap elected to have Omniscia perform a new audit. Omniscia is a leading blockchain security firm, having worked with clients such as Convex Finance, Olympus, Fetch.ai, and AllianceBlock. After an initial audit and subsequent remediation, Omniscia asserted that all exhibits have been adequately dealt with and the outputs of the finalized audit report have been properly addressed by the SaucerSwap core maintainers.
Link to Omniscia audit report: https://omniscia.io/reports/saucerswap-labs-router-implementation-64660c885d5517001401256c/
Changes to UI/UX
Once the new router is deployed to the mainnet, users will notice several UI/UX changes. One significant change is the requirement for users to sign approvals before performing DEX operations. SaucerSwap, in an effort to balance security and usability, offers two options to users: one-time approvals and unlimited approvals.
In the first option, which is selected by default, users need to sign an approval that matches the quantity of tokens involved in the transaction. This approval is specific to each transaction and must be repeated for future transactions.
The second option allows users to sign an “unlimited” approval equivalent to the maximum supply of the token. For example, an unlimited approval for the SAUCE token would be for 1 billion tokens. If a user then conducts cumulative transactions totaling 100 million SAUCE tokens, their new allowance would be 1 billion — 100 million = 900 million SAUCE tokens. This form of approval is effectively unlimited, as it accommodates any number of transactions.
SaucerSwap has introduced a new modal that provides a convenient overview of queued transactions. Let’s consider an example where a user wants to swap 10 USDC for HSUITE. If HSUITE is not yet associated, the modal will display three pending transactions in a queue:
- Grant approval for 10.00 USD Coin
- Associate Token HbarSuite
- Swap USD Coin for HbarSuite
To complete the swap, the user needs to sign each of these transactions in HashPack. However, if the user has already associated HSUITE and signed an unlimited approval for USDC, only one signature for the swap transaction would be required. In any case, the relevant transactions will be queued in the modal.
Additionally, users have the flexibility to manage and revoke their allowances at any time in HashPack.
Conclusion
The July 11th 2023 HSCS update has a significant positive impact on user, dApp, and network security. The SaucerSwap core maintainers have promptly responded to these changes by modifying and re-auditing their implementation of the UniswapV2 router. Additionally, several enhancements have been made in the front-end to maintain a top-notch user experience.
