When we go to a new project, we are frequently requested to Approve by the page. Before we can allow the project to interact with the currencies in our wallet for trading, pledging, lending, and other purposes, we must first complete this step.
Currently, 99 percent of projects on the market include this authorisation function in their smart contracts and set the token value to infinity, removing the need for the user to take an extra step to authorize the transaction in subsequent contacts.
However, in the functioning of smart contracts, this has become one of the most concerning security threats. This means that the project owner has the power to transfer coins from the same address we possess even if we don't include our coins in the protocol. Because we are not required to sign with our private key for this operation, we must exercise caution while authorizing it.
Note: The coins will be lost with or without the hardware wallet if the mnemonic is leaked; the coins will be lost with or without the hardware wallet if the over-authorization is not cancelled and the project party does evil; and the coins will be lost with or without the hardware wallet if the project party flees.
Please sign in to leave a comment.