I have a question about how malicious smart contracts work. Many people here probably have some unsolicited tokens sitting in their wallets, and whenever someone asks what to do with them, the chorus always sings "Do NOT touch it or it will empty your wallet!" Ok, it's a reasonable advice, but anyone has yet to explain how exactly a smart contract can empty someone's wallet.
I have a modest experience writing smart contracts, including ERC-20 smart contracts (creating my own tokens just for fun). I also have some experience interacting with MetaMask from a webpage via JavaScript. So, I know how a user can be scammed into approving access to their tokens and then having their wallets emptied. It's still a long shot, though, since the user needs to be completely clueless and just hit "approve" button without reading what it is they're approving. Obviously, this method would require luring a user to your sinister Web3-enabled website first.
However, if we strictly talk about smart contracts and specifically ERC-20 contracts, can someone explain how calling their functions like "transfer" or "approve" can give them access to your other tokens that are not managed by these contracts? For example, if I find some shΡtcoΡns sitting in my wallet and want to send them to another address via MetaMask, how would it compromise my other tokens? Thanks!
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments