What are the risks associated with granting approvals to the Recovery Vault?

While granting unlimited token approvals to third-party services is typically discouraged due to past exploits (such as cybercriminals exploiting outstanding approvals granted to smart contracts to extract funds from wallets), it is entirely safe and secure for enterprises to grant token approvals to FailSafe Recovery Vault contracts. FailSafe mitigates the risks associated with approvals through several robust security measures:

• Limited Functionality: Funds can never be drained from your FailSafe Recovery Vault because the contract method does not have “transferTo” functionality. It only features a “defend” method which transfers the assets from your targeted wallet to itself.

• Unique Contracts for Each Customer: Each Recovery Vault contract is unique to each customer, reducing the risk of exploitation from a common attack vector.

• No Onchain Contract for Exploiting: As the Recovery Vault contracts are not deployed until a malicious transaction is detected, they’re generally unexploitable. This obfuscation ensures that attackers cannot preemptively target the contracts.

• Controlled Transactions: Recovery Vault transactions are strictly limited to sending at-risk funds unidirectionally to the itself and withdrawing funds through the FailSafe UI, which requires multi-factor authentication (MFA). This additional layer of security ensures that even if approvals are granted, unauthorized access is prevented.

• Sovereign FailSafe: For enterprise customers, FailSafe Interceptor can be deployed in a sovereign state, allowing front-running of attackers without needing to grant token allowances to FailSafe Recovery Vault contracts. This setup is aimed at enterprises that prefer to manage keying protection risks independently.