✨ Visual Editor

close

palette Canvas & Background

Gradient:arrow_forward
Text Color:
135°

style Card Style

40px
16px

text_fields Typography

16px
MetaMask 🦊
@MetaMask
Hey all, we have a VERY important PSA to help keep your assets safe 👩‍🏫

⚠️ Disconnecting MetaMask from a dapp does NOT ensure your tokens are always safe! ⚠️

When ppl say 𝗿𝗲𝘃𝗼𝗸𝗲, they mean at smart contract level. Disconnecting from dapps doesn't include contracts.

1/ 🧵
Thread image
MetaMask 🦊
@MetaMask
Connecting MetaMask to a dapp (primarily) allows that dapp to:

1. see your address
2. ask you to confirm & send a transaction from that address.

When a dapp requests that you make a tx, you see the confirm/reject prompt, meaning nothing can be sent without your input.

2/
Thread image
MetaMask 🦊
@MetaMask
While there's no harm in disconnecting MM🦊 from a dapp (and it is good for your privacy), please don't let it give you a false sense of security.

There is another connection that is handled on-chain by the contracts you interact with.

3/
Thread image
MetaMask 🦊
@MetaMask
(We’re going to dive in a bit here because, honestly, it all makes perfect sense if you understand the structure of it all. Stay with us, it's not too bad. 🙈)

4/
MetaMask 🦊
@MetaMask
First, some find it helpful to note distinct dapp layers:

👀 Frontend / website / wallet layer = stuff you see that implies what's happening under the hood.

⚙️ Under the hood = backend / smart contracts / tokens = what you don’t usually see = the actual 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘤𝘴.

5/
MetaMask 🦊
@MetaMask
Second, it’s helpful to know what the 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘤𝘴 actually are! 😄

When sending ETH, you simply send 1 ETH to a recipient address.

When sending a token, you send 0 ETH to the token’s contract address & include instructions to “send 1 token to the recipient address.”

6/
MetaMask 🦊
@MetaMask
The same applies when you swap/mint/sell/stake/farm on all the fancy stuff built by amazing devs the past few years.

When tokens need to be moved by a contract to facilitate an action, you must first *approve* that address to access/move those tokens.

This is important.

7/
Thread image
Thread image
MetaMask 🦊
@MetaMask
You can allow 1 token or an “infinite” amount of tokens to be moved by a specified address.

In order to make your life easier and save on txn fees, it’s common to use an “infinite” amount so that you don’t need to repeatedly approve..

8/
MetaMask 🦊
@MetaMask
However, this means that the address you said could move 1,000,000,000 of your tokens…CAN MOVE 1,000,000,000 YOUR TOKENS! 💀

Ideally, they don’t, unless first instructed by you. But they can and, if they are malicious or the contract is upgraded to be malicious, they do.

9/
Thread image
MetaMask 🦊
@MetaMask
It is this token approving action that has the potential to result in your assets being stolen and everyone on CT shouting REVOKE REVOKE DISCONNECT REVOKE!

Disconnecting your MM🦊 will NOT protect you from this.
Revoking your token allowances WILL protect you.

10/
MetaMask 🦊
@MetaMask
Concerned about your own approvals?

Until we incorporate token revocation directly in MM🦊, you can see, adjust, and revoke your allowances on…

👍 @RevokeCash’s revoke.cash
👍 @etherscan’s etherscan.io/tokenapprovalc…
😍

11/
Thread image
MetaMask 🦊
@MetaMask
@RevokeCash @etherscan If this sounds like a lot of work - it is. 😅

Having full control of your assets and financial sovereignty is a big undertaking. There are no middle-men to make you cozy and save the day.

Being your own bank means being your own security, compliance, everything! 🏦

12/
MetaMask 🦊
@MetaMask
@RevokeCash @etherscan It’s a good practice to revoke contracts that have large/infinite approvals, as well as any you don’t remember or plan on using again anytime soon.

Even better, be more mindful about what you approve in the first place!

Stay safe out there. 🦊❤️

metamask.zendesk.com/hc/en-us/artic…

13/13
Generated by Thread Navigator
100%
view_carousel Carousel Studio NEW
Press + S to quick-export