TokenPocket:a secure and simple multi-chain wallet

GoPlus Security
5 min readDec 21, 2022

TokenPocket is the world’s leading multi-chain self-custodial wallet, which supports over 30 public chains and a few EVM-compatible chains including BTC, ETH, BSC, TRON, Polygon, Solana, HECO, Klaytn, Avalanche, OKC, HSC, Fantom, Polkadot, Kusama, etc.

As a one-stop portal to the crypto ecosystem, TokenPocket integrates a variety of DEXs, DApps and NFTs to provide users with a simple and secure Web3 user experience. For mobile users, TokenPocket is now available on your phone, iOS & Android and in your browser.To access DApps on TokenPocket, you just need to search the specific name for the DApp you want to use on the search bar. Then you can move easily and smoothly through this simple operation. Also, you can search different DApps on the “Discover” page.

TokenPocket, which has been operating for more than 5 years, has provided reliable services for over 20 million users around the world. The number of monthly active users exceeds 3.5 million and the users are located in more than 200 countries around the world.

TokenPocket integrates Token Security API and Approval Security API powered by GoPlus, the “security infrastructure” for Web3, to provide the advanced protection against crypto scams.

Token Security API

When swapping tokens within TokenPocket’s embedded DEX, a security detection for any tokens that have been added as a trading pair would be triggered. This service would identify risks and assess its risk levels around the tokens on its basic information, contract security, trading security, and information security . Once the token is detected with a security risk, the user will be informed with detailed risks info.

Taking the scenario above as an example, this security detection identified several security risks, and both of which are honeypot and sell tax. If a token is identified to be a honeypot, it means the token can’t be sold, so the token has no value. And slippage (be akin to a tax) is the percentage of variance between any transactions asked for price and the actual price at the transaction’s completion. As usual, above 10% is considered to be a high slippage, and a tax rate above 50% means that transactions may not be executed. In the above example , the sell tax is as high as 100%, far more than a normal one.

The powerful token security detection service of TokenPocket is supported by the Token security API provided by GoPlus, which would detect the risks of security for the token, checking over 30 safety indicators from contract code, transaction security to info security, including but not limited to: whether the contract is open sourced, whether it is mintable, whether there is any risks of security associated with the owner address, the amount of token holders, LP info, the percentage of buy/sell tax, whether it is honeypot and more.

The Token Security API service provided by GoPlus is one of the most complete and accurate security services for token data on the market. As of December 25, a total of 2.04m+ tokens have been detected and nearly 3 million times of calls happen per day. 1.09M+ tokens with risks have been discovered and added to GoPlus database. The database is also currently automatically keeping on adding newly issued tokens in the market and doing security identification and detection for them, covering as fast as possible for as many tokens in the market as possible.

Approval Security API

When you interact with a DApp, it would ask for your permission to perform an action with your tokens. Only after you approve it, can you interact with any tokens in the wallet.

When users connect to a DApp, two things happen:

  • The DApp requests permission to view your wallet. In most cases, this is harmless: although this means the DApp could check your balance, it can’t use this permission to actually do anything with your wallet.
  • The DApp will request approval for its smart contract to access the tokens in your wallet, such as asking for approval to have spending access to USDT. This is all good: the DApp can only access your funds with your permission. The problem is this leaves a room for scammers to set a malicious trap,like they request access to astronomically high quantities of tokens, even infinite amounts of tokens. Many trustworthy DApps do this to maximize convenience and to prevent you from paying for gas every time you approve access, but, unfortunately, unlimited approvals also greatly increase the security risks.

In integration with GoPlus Approval Security API V2, TokenPocket enables users to self check the approval activities of a given wallet address in the past and auto-check if there are potential risks of security for the contracts you’ve ever approved, whatever it is ERC20,ERC721 NFT or ERC1155 standard.

Approval Security API V2 checks the risk of security for a contract that requests an approval from the basic info, main security and the contract info around the token. An alert with a red flag mark would appear once any of the potential risks are detected. Cancel Approval for any risky approvals that you’ve ever approved.

In the above case, TokenPocket identified four DApps with potential approval risks

So for those contracts with unlimited amounts of tokens, you SHOULD STAY VIGILANT, like the infinite approval for AAVE. Meaning, if the devs of this contract ever wanted to they could quickly alter the code and drain all of those tokens from this wallet. In order to cancel this ability, you need to press ‘Cancel Approval’ And remove the full ability to spend.

TokenPocket mobile wallet supports approval security detection and users can cancel approval at any time.

Serving as the Web3 security infrastructure, GoPlus supports all these assets issued on blockchains including Ethereum, BNB Chain, AVALANCHE, Polygon, and Harmony.

It means that once any DApps on those blockchains integrate the API services provided by GoPlus, they could provide security detection for their users on the tokens security, malicious addresses, NFT security and approval Security.

Link below:

TokenPocket — Your secure crypto & DeFi Wallet | TP wallet — ETH wallet — BTC wallet — BSC wallet — HECO wallet — OKXChain wallet — Web3 Wallet — Crypto Wallet — blockchain wallet — Polkadot wallet — Kusama wallet — DeFi wallet — Layer 2 wallet — Solana Wallet — EOS wallet — TRX wallet

--

--

GoPlus Security

Empowering a #SaferWeb3 with user-driven, open access security solutions. Championing user education for a fortified front against adversaries.