TokenPocket: A secure and easy-to-use multi-chain wallet

Author: GoPlus Chinese Community

TokenPocket is a leading global multi-chain self-custody wallet that supports mainstream public chains such as BTC, ETH, BSC, TRON, Polygon, Solana, Aptos, HECO, Klaytn, Avalanche, OKC, HSC, Fantom, Polkadot, and Kusama.

As a one-stop entry point for crypto users, TokenPocket integrates multiple DEXs, DApps, and NFTs, providing users with a simple and secure Web3 user experience. For mobile users, simply search for the dAPP keyword in the search bar to access and use the applications they want. Of course, users can also check and discover more dAPPs on the "Discover" page.

Currently, TokenPocket has been operating stably for over 5 years, covering 20 million users worldwide, with over 3.5 million active users each month, spread across more than 200 countries.

In terms of security, TokenPocket integrates the Web3 "security infrastructure" provided by GoPlus, including Token Security Detection and Authorization Detection API Services, maximizing the protection of crypto users' security in token asset trading and authorization contracts.

Token Security Detection Service

When trading tokens using the DEX in TokenPocket, security detection can be performed on any added token. From the basic information of the trading token, contract security, trading security, and information security, potential security risks of the trading token are assessed in real-time. If any issues are detected, users will be alerted to the risks.

Taking the token in the screenshot above as an example, multiple security risks were detected, including a Pi Xiu hidden risk and a trading slippage risk. The Pi Xiu security risk is a very common security risk; if it occurs, it means that the token cannot be bought or sold, rendering it worthless. The trading slippage risk, also known as the sell slippage value (Sell Tax) (%), is generally considered high if it exceeds 10%. A tax rate over 50% means it may not be tradable; in the above token, this value reaches 100%, far exceeding the acceptable threshold.

TokenPocket's token detection solution is supported by GoPlus's Token Security API service, which includes over 30 security checks across three main categories: contract code, trading security, and information security. This includes but is not limited to: whether the contract is open-source, whether it has minting functions, the security of owner-related code; the number of token holders, LP information, whether the address is locked, trading slippage, Pi Xiu issues, and other trading security aspects; whether the project is a legitimate token, whether there are airdrop scams, and other project information.

The free Token Security API service provided by GoPlus is one of the most comprehensive and accurate security services for token data currently available on the market. As of now, it covers 2,040,000 cryptocurrencies (this database is automatically updated in real-time daily with thousands of new tokens, ensuring the fastest and latest coverage), of which 1,090,000 are risk tokens, with nearly 3 million calls made daily.

Authorization Detection

When users use a dAPP, they will receive authorization requests from the application. In fact, only after users execute the authorization can subsequent operations be performed.

Typically, when users use a dAPP, two things happen:

• The dAPP requests permission to view your wallet. Most of the time, this operation is essentially harmless: while it means the dAPP can see your balance, it cannot perform any actual operations on the contents of your wallet with this permission.

• The dAPP requests authorization for its smart contract to access the tokens in your wallet, such as requesting authorization to access USDT in your wallet. However, the problem is that some scams exploit this scenario to set up malicious authorization traps, such as unlimited token authorization models, which allow the dAPP's smart contract to withdraw unlimited tokens from your wallet. While many well-known dAPPs do this to spare users from paying gas fees for every authorization, unfortunately, unlimited authorization significantly increases security risks.

TokenPocket's authorization security detection service allows users to perform security risk checks on their wallet addresses, viewing the authorization history of that address, which automatically detects the contracts authorized by the specific address and related information about the authorized contracts.

TokenPocket's authorization security detection service is supported by GoPlus V2, which conducts security checks and assessments of authorization contracts from three dimensions: basic token information, main token security, and authorization contract information/time. If any issues are found, different levels of security risk alerts will be triggered, allowing users to revoke the relevant contract authorization based on their actual situation.

In the above case, TokenPocket warned of the contracts with authorization risks for that wallet, allowing users to revoke the authorization. For contracts with unlimited token authorization requests, users should remain vigilant, as this means the contract's developers could quickly change the code and deplete all tokens in that wallet. To prevent such situations, users must click "Revoke Authorization."

iOS mobile users can also use TokenPocket for contract authorization detection and revoke historical authorizations at any time.

As a Web3 "security infrastructure," GoPlus currently supports security detection of crypto assets on public chains such as Ethereum, BNB Chain, AVALANCHE, and Polygon. This means that once applications on these public chain platforms integrate the API services provided by GoPlus, they can offer their users security detection services for tokens, malicious addresses, NFTs, and authorization contracts.