Can permissions leak across networks/accounts?

On Polygon I only have dust in my account. On ETH I have small, but not negligible, amounts.

Say I grant a dApp permissions on Polygon, is there any risk of those permissions “leaking” over to Ethereum network (where there’s funds) as well?

Edit: Accounts do NOT all have same private key and so presume there’s no x-account leak risk, right?
Same question re Accounts - is there any risk of permissions leaking across MM accounts seeing as they all have same private key?

6 Likes

Hey!

I love this question! I’m going to learn on this one too.

Here are my thoughts (which, may not be correct) -

I think it would depend on what type of contract is signed. If it’s malicious, I think there are chances for all networks. (?)

For accounts, if someone has your secret recovery phrase they can access your funds on all networks. This is the only one I’m sure on :sweat_smile:

If they have a private key specific to one address in your wallet, they can also access across all networks for that specific address. I don’t think they could access any other addresses in the same wallet.

If anyone is interested in the difference of secret recovery phrases and private keys, here is a Knowledge Base article with some great info -

9 Likes

hey @markblun ,

Updated my answer above a bit to expand a little more on the detail of my thoughts but I also gathered some info from a bigger (better) brain. This is what they thought -

  • All smart contracts deployed on Polygon are respective to Polygon only, so granting permissions would only be for that specific network.

  • Also accounts across the same MM wallet don’t have the same private key, they have the same SRP but different private keys. Permissions will not “leak” across accounts

Wanted to leave my original response since I figure it’s good for the discussion, although looks like I’m wrong when it comes to leaking across networks - so I’ve learned something new and thank you! :fox_face:

4 Likes

Also - someone just shared with me this great image of a secret recovery phrase and private keys image @MomOfTwins shared previously here -

5 Likes

Oh, this is a great representation of the Secret Recovery Phrase and the accounts generated under it :100:

4 Likes

Thanks @KBeeTheCapybara , this is what I’m hoping/expecting too!

Hopefully someone can confirm the permissions are locked to the network i.e. signing parameters include address plus the Network Id?

I’m not considering scenarios related to exposed SRP/private key(s) as expect unauthorized access to those is highly unlikely - barring user error of course :wink:

1 Like

Hey @markblun, I can confirm this is correct. Signing parameters on a network is respective to that network only. Smart contracts and the dapps associated with them are deployed to their respective networks with their respective contract addresses.

6 Likes

Thanks all for the answers above. They are very helpful.
BUT! Everything is developing very quickly now, and web3 does not stand still. How to consider multichain services in such a situation? for example, multichain bridges, because they get access not only to one chain network, but also to others…

2 Likes

Hey @TEMHA9l, this is a great point you bring up! :slight_smile:

For a bridge transaction, you would only have to approve the transaction on the network you are bridging the token from. For example, if you are bridging from Ethereum to Polygon, you would only need to approve the transaction on Ethereum.

4 Likes

Yes. But I’m talking about the fact that if we often use a multi-chain bridge and make transactions using different networks, then the bridge, at different times, but still gets access to the wallet in different networks and not just in one. That is, if attackers can slip a false transaction using any dapp service, or somehow deceive us… then in services using multichain, all our networks may be at risk(

1 Like

If you do use a bridge that supports multiple networks and you use that same bridge for multiple networks then it will have access across those networks. For your own safety and security, you must always do your own due diligence and research when using a bridge.

If you would like to ever remove your permissions a bridge has access to, you can do so on a block explorer. Here is more information on our Knowledge Base:

5 Likes

The same wallet address has the same private key. So even if it is a different network, there is the same risk

1 Like

Just have this concern, I think it should be safe.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.