Hey all, we have a VERY important PSA to help keep your assets safe 👩🏫
⚠️ Disconnecting MetaMask from a dapp does NOT ensure your tokens are always safe! ⚠️
When ppl say 𝗿𝗲𝘃𝗼𝗸𝗲, they mean at smart contract level. Disconnecting from dapps doesn't include contracts.
1/ 🧵

Connecting MetaMask to a dapp (primarily) allows that dapp to:
1. see your address
2. ask you to confirm & send a transaction from that address.
When a dapp requests that you make a tx, you see the confirm/reject prompt, meaning nothing can be sent without your input.
2/
1. see your address
2. ask you to confirm & send a transaction from that address.
When a dapp requests that you make a tx, you see the confirm/reject prompt, meaning nothing can be sent without your input.
2/

While there's no harm in disconnecting MM🦊 from a dapp (and it is good for your privacy), please don't let it give you a false sense of security.
There is another connection that is handled on-chain by the contracts you interact with.
3/
There is another connection that is handled on-chain by the contracts you interact with.
3/

(We’re going to dive in a bit here because, honestly, it all makes perfect sense if you understand the structure of it all. Stay with us, it's not too bad. 🙈)
4/
4/
First, some find it helpful to note distinct dapp layers:
👀 Frontend / website / wallet layer = stuff you see that implies what's happening under the hood.
⚙️ Under the hood = backend / smart contracts / tokens = what you don’t usually see = the actual 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘤𝘴.
5/
👀 Frontend / website / wallet layer = stuff you see that implies what's happening under the hood.
⚙️ Under the hood = backend / smart contracts / tokens = what you don’t usually see = the actual 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘤𝘴.
5/
Second, it’s helpful to know what the 𝘮𝘦𝘤𝘩𝘢𝘯𝘪𝘤𝘴 actually are! 😄
When sending ETH, you simply send 1 ETH to a recipient address.
When sending a token, you send 0 ETH to the token’s contract address & include instructions to “send 1 token to the recipient address.”
6/
When sending ETH, you simply send 1 ETH to a recipient address.
When sending a token, you send 0 ETH to the token’s contract address & include instructions to “send 1 token to the recipient address.”
6/
The same applies when you swap/mint/sell/stake/farm on all the fancy stuff built by amazing devs the past few years.
When tokens need to be moved by a contract to facilitate an action, you must first *approve* that address to access/move those tokens.
This is important.
7/
When tokens need to be moved by a contract to facilitate an action, you must first *approve* that address to access/move those tokens.
This is important.
7/


You can allow 1 token or an “infinite” amount of tokens to be moved by a specified address.
In order to make your life easier and save on txn fees, it’s common to use an “infinite” amount so that you don’t need to repeatedly approve..
8/
In order to make your life easier and save on txn fees, it’s common to use an “infinite” amount so that you don’t need to repeatedly approve..
8/
However, this means that the address you said could move 1,000,000,000 of your tokens…CAN MOVE 1,000,000,000 YOUR TOKENS! 💀
Ideally, they don’t, unless first instructed by you. But they can and, if they are malicious or the contract is upgraded to be malicious, they do.
9/
Ideally, they don’t, unless first instructed by you. But they can and, if they are malicious or the contract is upgraded to be malicious, they do.
9/

It is this token approving action that has the potential to result in your assets being stolen and everyone on CT shouting REVOKE REVOKE DISCONNECT REVOKE!
Disconnecting your MM🦊 will NOT protect you from this.
Revoking your token allowances WILL protect you.
10/
Disconnecting your MM🦊 will NOT protect you from this.
Revoking your token allowances WILL protect you.
10/
Concerned about your own approvals?
Until we incorporate token revocation directly in MM🦊, you can see, adjust, and revoke your allowances on…
👍 @RevokeCash’s revoke.cash
👍 @etherscan’s etherscan.io/tokenapprovalc…
😍
11/
Until we incorporate token revocation directly in MM🦊, you can see, adjust, and revoke your allowances on…
👍 @RevokeCash’s revoke.cash
👍 @etherscan’s etherscan.io/tokenapprovalc…
😍
11/

@RevokeCash @etherscan If this sounds like a lot of work - it is. 😅
Having full control of your assets and financial sovereignty is a big undertaking. There are no middle-men to make you cozy and save the day.
Being your own bank means being your own security, compliance, everything! 🏦
12/
Having full control of your assets and financial sovereignty is a big undertaking. There are no middle-men to make you cozy and save the day.
Being your own bank means being your own security, compliance, everything! 🏦
12/
@RevokeCash @etherscan It’s a good practice to revoke contracts that have large/infinite approvals, as well as any you don’t remember or plan on using again anytime soon.
Even better, be more mindful about what you approve in the first place!
Stay safe out there. 🦊❤️
metamask.zendesk.com/hc/en-us/artic…
13/13
Even better, be more mindful about what you approve in the first place!
Stay safe out there. 🦊❤️
metamask.zendesk.com/hc/en-us/artic…
13/13
Generated by Thread Navigator
Press ⌘ + S to quick-export
