Yesterday, as i was reading
THIS thread , i allowed myself to bring some infos. This informations deserve, I think, to be more visible and that's why I created this topic.
What is the problem ? There may be none... but if it occurs, the damage could be ... catastrophic
The fact is that very often when authorizing the spending of a token on uniswap or one of its competitors, the setting is set by default on the maximum value. This means that if a malicious actor gets their hands on the smart contract to which you have given authorizations, then all of your tokens (of a certain type) can be removed from your wallet.
I'll let you browse the following article to finish convincing yourself:
https://cryptotesters.com/blog/token-allowancesThere are a few ways to prevent unlimited and unwanted withdrawals : for example, when using metamask (on uniswap & others), first precaution you can take is to only allow a specific number of erc20 tokens you agree to sell and not to leave the setting to max by default. (Note that 1inch already offers this setting).
In addition, I would like to draw your attention to the fact that there are at least two possibilities to edit the given permissions:
1 - Token checker allowance:https://tac.dappstar.io/It seems that another project (MathWallet) took the idea of 'Token checker allowance' and adapted it for Bsc (Binance chain). I specify that I have not tested this one.
https://twitter.com/MathWallet/status/13108778062644224012 - https://approved.zone/Works on the same principle as tca. (Except we can only erase autorisation, and not set a new value)
According to the following tweet, this project would come from the '
1 Inch exchange' team.
https://twitter.com/1inchExchange/status/1273508633570140162I am sharing a few ideas here, however do your own research
