I present you with a situation β¬
You're making a payment at the market, and the employee makes you a proposal:
π¨βπΌ "You come to buy every day, and I've been thinking... why don't you leave your wallet π΅ here with me, and every time you come to buy, I'll charge directly from there?" π€¨
If you're like most people, you'd probably consider this as something completely absurd, and you'd likely react with disbelief to the idea, maybe even feel like giving the person a punch π΅ before leaving the place πͺπ‘
But... what would you think if I told you that many of us do/did this every day without any complaints? π³
The magic word is β¨approveβ¨; it's a function that grants a smart contract permission to "spend" our tokens πΈ
It's commonly used for exchanges or adding liquidity to pools/vaults
Many will be astonished to discover the number of smart contracts that have authorization to use tokens from their wallets π±
(self-granted authorization π)
It's like leaving our wallets, credit cards, and blank checks at every place we visit π€¦
Let's look at an example to understand how it works π
We have the need to exchange DAI for USDC and decide to use Uniswapπ¦ for this operation. We'll use Rabby π wallet for this example π½
1οΈβ£ We select the amount of DAI we want to exchange.
2οΈβ£ We click "Swap" and then "Confirm Swap."
3οΈβ£ A small message appears, which we usually overlook π.
4οΈβ£ At the same time, the wallet window opens.
5οΈβ£ We look at the window and think, "There's a lot of data... it must not be important... I'm in a hurry... I'll sign it right away" βοΈ.
6οΈβ£ We proceed and complete the desired exchange.
End of the story, right? π¬
But NO, the reality is that without even considering it, we've just handed our wallet, checkbook, house keys, and a blank promissory note to the market employee π
Let's examine closely what that signature we made without much attention implies.
As can be seen in that scenario, we granted UNLIMITED permission to the Uniswap contract to spend all the DAI we own or will have in our wallet β
Now, let's consider what action we should have taken instead β π
Within Rabby window (which shows the amount π), we have the possibility to adjust the spending limit we want to authorize:
1οΈβ£ Click "Edit"
2οΈβ£ Remove the default amount
3οΈβ£ Enter the precise amount of the token we want to exchange right now, just as we would in the market π
4οΈβ£ Press "Confirm"
5οΈβ£ Verify that the approved amount has been adjusted
6οΈβ£ Sign and then proceed with the exchange
As we can see, we have now authorized only 10 DAI β
Therefore, once we complete the exchange, the spending limit will be consumed, and the contract will no longer have the ability to use more tokens from our wallet π
Unfortunately, some wallets, like Rabby's π, suggest granting permissions for unlimited amounts by default βΎ
However, others, like Metamaskπ¦, in their latest update, ask us how much we want to authorize beforehand π
And at least the π wallet offers us the option to modify that value, as most wallets, especially mobile ones, don't even give us the option to do so and only offer the option to authorize unlimited spending π’
This last aspect should be considered when selecting a wallet π«‘
But what if I've already granted unlimited spending multiple times for different tokens and contracts? Or if my wallet doesn't give me the option to choose the amount when granting permissions? π
I'll explain it in my next post, so let me know if you're interested in this topic with a β€οΈ Like and π¨οΈ Comment.
