Subscribe to Bankless or sign in
Yesterday’s Socket hack, which saw $3.3 million drained from users with active token allowances for the cross-chain bridge, stands as another painful reminder that security and wallet hygiene are critical elements of navigating Web3.
To use any decentralized app, token allowances must be issued and approved — a process where the user grants permission to the dapp they are interacting with to essentially spend tokens on their behalf. For example, when swapping USDC for UNI, I set a token allowance to permit Uniswap to spend my USDC to buy UNI. The 'approve' function sets this spending limit, while the 'allowance' function reveals how much a dapp can use from your wallet.
Once you grant these permissions, they will remain active until the line is cut, potentially acting as a backdoor for hackers if they gain access to a faulty smart contract. To be safe, it is wise to revoke these permissions once done using the dapp — a process that can be done through tools like Revoke Cash.
Abonnez-vous gratuitement pour continuer à lire
- Soutenez le mouvement Bankless
- Accès à des milliers d’articles
- Archive complète des épisodes Bankless
- Lancez-vous dans des quêtes gratuites sur Airdrop Hunter
- De l’alpha quotidien dans votre boîte mail
Déjà abonné ? Se connecter
