When we interact with new crypto projects, we are often prompted by the page to first authorize (Approve) tokens. This step is necessary to allow the project to trade, stake, lend, or otherwise interact with the coins in our wallets.
Currently, 99% of projects on the market set the token approval value to unlimited when writing this approval function into their smart contracts. This is done so that users do not have to perform the additional authorization step each time they interact in the future.
However, this has also become one of the most concerning security vulnerabilities in the operation of smart contracts. It means that even if we do not put our coins in the protocol, the project team still has the authority to withdraw coins from our same address. This operation does not require us to sign with our private key, so it is crucial to be cautious when granting approval.
Reminder: When recovery phrases are leaked, regardless of whether a hardware wallet is used, all coins will be lost; if excessive approvals are not revoked and the project team acts maliciously, all coins will be lost regardless of hardware wallet use; if the project team exits without notice, all coins will be lost regardless of hardware wallet use.