Metamask Approval Hygiene

With the latest Badger exploit let's talk about Metamask approval hygiene

1. Know what you are approving

Check the approved address yourself.
Do not trust the site's UI. Take the address manually from the metamask data and look at the contract on Etherscan.
If you are on another network you may want to use Polygonscan, BSCscan, Solscan or the blockexplorer for your network.

Things to pay attention to at this point.

Is the contract brand new?

Who deployed it?

Where did the funds come from to the deployer

Is it a proxy?

2. Know how much you are approving

Never approved more than you plan to use.
You can always approve more in the future.

Yes, it costs a few $ more, but so is psychological help once you will get rugged.

3. Approvals are per token

So if you approved WETH on some shady contract only your WETH is at risk due to that approval, none of your other tokens.

4. Be extra tight with your approvals on proxies

You are not only approving the current implementation, you are also approving the next implementation, and the next implementation, and the next implementation...
This means that if the code is changed, your approval will still be valid, you need to be really careful here.

5. Periodic review of all your approvals

Go over each approval and verify if it makes sense. If not, revoke it.
If there is a lot of stuff you are unsure about, see what is less of a hassle, revoking all the odd approvals or migrating all tokens to a fresh address.
You can use Etherscan's, Polygonscan's or BSCscan's token approval checker, at the time of writing, there is no equivalent service for Solana.
There is no need to revoke tokens you don't hold anymore and don't plan to use in the future.

6. You should have a good reason for doing an infinite approval

It should not be your default!

Not sure what an infinite approval looks like?
It looks like this:

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
README.md		README.md
index.html		index.html
style.css		style.css

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Metamask Approval Hygiene

With the latest Badger exploit let's talk about Metamask approval hygiene

1. Know what you are approving

Check the approved address yourself.
Do not trust the site's UI. Take the address manually from the metamask data and look at the contract on Etherscan.
If you are on another network you may want to use Polygonscan, BSCscan, Solscan or the blockexplorer for your network.

Things to pay attention to at this point.

2. Know how much you are approving

Never approved more than you plan to use.
You can always approve more in the future.

Yes, it costs a few $ more, but so is psychological help once you will get rugged.

3. Approvals are per token

So if you approved WETH on some shady contract only your WETH is at risk due to that approval, none of your other tokens.

4. Be extra tight with your approvals on proxies

You are not only approving the current implementation, you are also approving the next implementation, and the next implementation, and the next implementation...
This means that if the code is changed, your approval will still be valid, you need to be really careful here.

5. Periodic review of all your approvals

6. You should have a good reason for doing an infinite approval

It should not be your default!

Not sure what an infinite approval looks like?
It looks like this:

Stay safe out there apes.

Created by 0xPUFLER (0xAFFE6a78BD3F014Da114C327a48BBEC8CbcFbF3F)

Taken from https://twitter.com/CryptoCatVC/status/1466380960648380419?s=20

About

Languages

pujux/metamask-approval-hygiene

Folders and files

Latest commit

History

Repository files navigation

Metamask Approval Hygiene

With the latest Badger exploit let's talk about Metamask approval hygiene

1. Know what you are approving

Check the approved address yourself. Do not trust the site's UI. Take the address manually from the metamask data and look at the contract on Etherscan. If you are on another network you may want to use Polygonscan, BSCscan, Solscan or the blockexplorer for your network.

Things to pay attention to at this point.

2. Know how much you are approving

Never approved more than you plan to use. You can always approve more in the future.

Yes, it costs a few $ more, but so is psychological help once you will get rugged.

3. Approvals are per token

So if you approved WETH on some shady contract only your WETH is at risk due to that approval, none of your other tokens.

4. Be extra tight with your approvals on proxies

You are not only approving the current implementation, you are also approving the next implementation, and the next implementation, and the next implementation... This means that if the code is changed, your approval will still be valid, you need to be really careful here.

5. Periodic review of all your approvals

6. You should have a good reason for doing an infinite approval

It should not be your default! Not sure what an infinite approval looks like? It looks like this:

Stay safe out there apes.

Created by 0xPUFLER (0xAFFE6a78BD3F014Da114C327a48BBEC8CbcFbF3F)

Taken from https://twitter.com/CryptoCatVC/status/1466380960648380419?s=20

About

Topics

Resources

Stars

Watchers

Forks

Languages

Check the approved address yourself.
Do not trust the site's UI. Take the address manually from the metamask data and look at the contract on Etherscan.
If you are on another network you may want to use Polygonscan, BSCscan, Solscan or the blockexplorer for your network.

Never approved more than you plan to use.
You can always approve more in the future.

You are not only approving the current implementation, you are also approving the next implementation, and the next implementation, and the next implementation...
This means that if the code is changed, your approval will still be valid, you need to be really careful here.

It should not be your default!

Not sure what an infinite approval looks like?
It looks like this: