logo
logo
Menu
Wallet Security

Wallet Delegations: Explained

8 minutes

Available In:

Jan 16th, 2023 - 05:51 am

SHARE

Update 1/4/2023: A couple months ago, Delegate.Cash updated their link to https://delegate.xyz/ and released a version 2 of their protocol. To see a new list of features, as well as how to migrate, see their tutorial here: https://docs.delegate.xyz/delegate/upgrade-to-v2/v1-v2-migration 

First, What Are Wallet Delegations?

First of all, lets articulate the difference between what these services are calling “Cold Wallet Delegations” vs. other types of wallet delegations found in the blockchain space:

  1. Staking Delegations: Chains like Cardano often pool assets to get more consistent rewards to staking pools. This is likely what will come up when you google wallet delegations. This is not what we are talking about here.
     
  2. Approvals: Some services rely on Approvals to act on your behalf. For example, marketplaces like Opensea require approvals to execute/fulfill orders atomically on your behalf out of your wallet. Wallet Delegation, as discussed here, does not rely on approvals at all. For more information on approvals, see our article on Approvals here: All About Approvals.
     
  3. Wallet Delegation Tools: As we will explore in this article, there are two major players in this space, Delegate Cash and Warm. These primitives require an on-chain transaction showing that one wallet/contract/NFT can have its ownership attested by another wallet address entirely. How? Let's jump in.

actually.jpg

How Do They Work?

Wallet Delegations rely on an on-chain transaction by the ‘cold wallet’ to allow another wallet attest ownership of an asset. What it does NOT do is allow the delegated wallet to control, move, approve, or affect listings on the original wallet/contract or asset. This is important to understand because that means that you are not introducing any vulnerability or attack vector by making these delegations. 

So what's the point?

The idea is that once you've made these delegations, you won't need to risk your valuable assets to do future events, merch drops, airdrops, or any other type of claim or asset attestation. The future of attesting ownership should never risk ownership. Period. Additionally it is highly recommended that you use a hardware wallet for both your vault wallet, and your delegated wallet (this is mostly a futureproofing warning, because although it doesn't allow a hacker much benefit now since they can't steal assets this way, if sites like collab.land started to recognize delegated wallets, you'd have issues with impersonation). Let's look at how to delegate with each service:

Warm.xyz

Warm is a service offered by Wenew labs, the creators of 10KTF and Renga, which has strong affiliation/ties to Yuga, since Yuga labs just recently purchased 10KTF from Wenew labs, so some in the Yuga ecosystem are already accustomed and trust the brand. This combined with its sleek and simple UI makes it a first choice amongst many ape holders.

How To Delegate:

WarmMagicHappens.png

  1. Connect Your “Vault/Cold” Wallet. This is a safe wallet that you should not have any approvals on, that stores you valuable assets like your PFP, etc. Don't know if its considered a vault wallet? Our “Wallet For Every Occassion” system we recommend to our students should help clear things up! The short of it though is if it is on a hardware wallet that has its seed phrase securely stored offline, and has not approvals, you're good to go. Don't know if it has approvals? Check with the process outlined in this article written by Revoke.Cash on How To Revoke Approvals.
  2. Paste an Address to Use as a “Warm” wallet. We recommend that this address is also secured by the same hardware wallet. The reason is, you'll likely be using this to claim high value assets/airdrops, etc, and imagine using a hot wallet with a seed phrase that is already compromised, and claiming your reward/airdrop, only to have it immediately be swept as it was already compromised. Yikes.
  3. Confirm in Metamask. You'll notice it comes up as “Warm.xyz” in the top right hand corner. This is because I've added the contract to my bookmarks! You'll also notice that it shows up simply as a “Contract Interaction” in Metamask. This is likely because Warm is actually a Proxy contract and Metamask can't interpret the actual method being called. This can be unnerving to some, but is completely fine so long as you are on the correct contract here: 0xC3AA9bc72Bd623168860a1e5c6a4530d3D80456c
WARM_How_It_Looks_In_MM.png

 

Delegate.Cash

Delegate Cash offers much of the same functionality as Warm.xyz. However, with Delegate you can get much more granular with how you want to delegate your assets. Let's say you want to delegate only one particular collection to a delegate wallet. Maybe your child has a particular interest in some game being built with a collection, but you don't want any possibility of them losing anything from that collection. Boom, Contract Delegation to the rescue! 

Let's do one even better. Let's say you have a whole family wanting to prove ownership of five different NFTs from the same collection on five different wallets, but you don't trust certain members of that family with those high value assets. No need to show favoritism to those in the family with a bit more security chops, NFT Delegation saves the day! This will allow all family members to be delegated ownership and allow them to prove ownership with whatever services support Delegate Cash!

This granularity is intimidating to some, but it offers the most flexibility for those that have unique situations or needs.

DelegateCash.png

I would put the full steps in here, but the team has done a pretty good job at doing a walkthrough on their website. The flow is very much the same as in Warm for wallet delegation, but for Contract/NFT delegation, you'll need to dig up the contract of that asset/NFT using Etherscan (see our article Etherscan Basics for more information). Simply follow the steps in the walkthrough and if you get lost, the site's documentation is actually pretty serviceable as well! Hooray!

How_It_Looks_In_MM.png

Some folks have had mini-heart attacks seeing the method “Delegate For All” on the Delegate.Cash contract wondering if it somehow relates to Set Approval For All. It does not! However, ensure that you bookmark this contract as well, so you know you're interacting with the correct contract on the site: 
V1: 0x00000000000076A84feF008CDAbe6409d2FE638B

V2: 0x00000000000000447e69651d841bD8D104Bed493

Pros and Cons to Each?

 ProsCons
Warm
  • Reputable Company
  • Clean Interface
  • Simple Design
  • More in Use (50% more activations)
  • Audited by 0xQuit
  • Proxy Contract
  • Only supports wallet delegation
  • Only able to delegate to one wallet
  • Documentation is lacking
  • Must Revoke from Cold Wallet
Delegate
  • Granular Delegation Permissions
  • Ability to delegate to multiple wallets
  • Immutable Contract
  • Made by 0xFoobar
  • UI/UX possibly more intimidating
  • has an L in the name (literally)
  • site could have a better user FAQ

Pros of Warm: As mentioned above, Warm was made by Wenew Labs, a proven builder in the space, their design is clean, and its first mover advantage means that its possible more projects could adopt it going forward, and if Delegate fails to gain market share, then maybe you've wasted that $10 in gas! Ouch! Also, the contract has been audited by 0xQuit, an absolute legend in the space. Here is a thread on Warm that Quit did here that goes into the more technical details of how it works.

Cons of Warm: Warm is deployed on a Proxy contract, which means that it can be upgraded or changed. This isn't a huuuge deal, but not something you'd typically want to see in a trustless public good. This means you have to worry about the deployer of the contract potentially getting hacked or attacked with a $5 wrench attack, turning his contract methods into something more sinister! It also only supports whole wallet delegation (you can't delegate 1 contract, asset, or NFT) and the documentation is lacking from a dev and user perspective comparatively.

Pros of Delegate Cash: Although the UI/UX may seem a bit more intimidating at first, it does have a nice walkthrough that makes up for it. Delegate Cash also has a lot more features for both devs and users, offering the ultimate flexibility. It is also gaining traction fast, with many large projects using it for their future drops. It allows users to delegate multiple wallets per vault wallet, and you can delegate not only individual contracts or NFT collections, but single NFTs as well. You might do this if there is one wallet you want to delegate to in order to do something more risky (like a third party claim), vs something on a reputable site. You could have a hot Mint Wallet have proof for a “degen” claim, and your Sell Wallet interact with a trusted site. Unfamiliar with the mint/sell/vault wallet concept? Read more here! The contract is immutable, and made by one of the most trusted voices in web3 security, 0xfoobar. The team is heavily active in development, and even submitted EIP-5639 to that effect to make their approach a standard across the space.

Cons of Delegate Cash: Other than the UI/UX being slightly less inviting, a lot of the Pros I mentioned weren't mentioned in their documentation, and I had to play around with it and reach out to the team to get those answers. Some better documentation on the site for users such as an FAQ would be nice! Also, I was surprised to find that DeIegate (dot) cash [notice it is a capital i not an L] was actively being used by an attacker, and the twitter handle of the same name was not registered (this has since been fixed!). Though that might not seem like much, both teams should be doing everything they can do prevent homograph attacks (similar domains) such as monitoring, user education (bookmark encouragement!), etc. Hackers and scammers are going to HATE these services if they catch on. As such, they will be a target in a multitude of ways!

The Winner?

For 90% of users, either will work just fine! Both are secure, so long as you have them both websites AND CONTRACTS bookmarked (Front-ends do get hacked, y'all!). But the granularity and control for power users just isn't available in Warm, and for that reason, we'd say Delegate Cash is the better tool overall! But really, you can't go wrong with either, as they both get the job done. 

However, there may come a time when adoption is widespread enough, that folks will end up utilizing the flexibility and feature-set of Delegate Cash much more unless Warm releases some new features (which they can, because they deployed with a proxy)! Either way, this is only the beginning in this new primitive, and I'm excited to see both projects evolve and gain traction over the coming months and years! 

FAQ

Q: Can I make multiple delegations to multiple wallets?

A: With Warm, no, but with Delegate Cash, yes. The granular permissions let you delegate hot wallets for different NFTs in the same collection to different wallets, even. 

Q: Is there risk to leaving a wallet delegated indefinitely?

A: From the perspective of losing your assets, no. However, if your wallet gets compromised, there is a risk of folks being able to claim airdrops and other things on your behalf in the future depending on how projects implement delegations, but Yuga has said that the claims will go back to the cold wallet, regardless if the ‘warm’ or delegated wallet claimed the airdrop or NFT. 

Q: Can I use a Metamask wallet // “hot” wallet to Delegate to?

A: You can, but this is not recommended to use this to do claims. In theory, you could delegate to a fresh metamask hot wallet you made in another browser/computer, and even share the seed phrase for that metamask wallet, and you still won't run the risk of losing the assets. However, depending on how airdrops, identity proofs, and other applications utilize delegation, this is not a good habit to get into!

Q: If I claim something on my delegate wallet ("hot wallet"), where does it go?

A: The particular mechanism will dictate that. In the case of the ‘Dookey Dash’ game in the BAYC, the pass will show up in your delegated wallet. It is recommended the delegated wallet also be on your same hardware wallet that uses the same seed phrase, just on a different address. A more in depth explanation is at the bottom of this page under the heading “Tech Stuff”.

Q: Can I have multiple cold wallets delegated to the same “Warm” Wallet?

A: Yes, with both services, you can do this.

Have any questions or want to learn more about web3 security and stay up to date on the most current security information, scams, and tactics? Join us in our discord at https://discord.gg/boringsecurity .