Subscribe to I'm Lucio
I'm Lucio进入区块链的大门 — — 取消钱包授权(第五讲)
前面我们有讲到不同钱包的使用方法,和如何访问Dapp。对于经常访问Dapp和使用DeFi应用的人们来说,若想在DeFi协议上使用代币,‘’代币授权‘’是经常性的步骤。什么是代币授权?以太坊链、EVM链(BSC/HECO/OKExChain/Polygon等)和波场链上的Dapp大都涉及到合约操作,授权即表示允许该合约地址提取用户的代币。Dapp需要访问代币才能需要对其操作。比如你想在uniswap卖掉WBTC,则需要‘’Approve‘’ Uniswap的智能合约访问你钱包内WBTC的权限,然后才能通过第二笔交易把WBTC转换成其他代币。在钱包上面,你可以看到该授权。为了提升用户体验,减少授权次数,Dapp会要求无限授权,即该智能合约有权对钱包内的某个币种有不限量的转移权限。对于靠谱的知名平台,如uniswap等,不会恶意操作转移用户的钱包资产。如果该Dapp一开始就是恶意的,则该钱包对于已经授权该平台的所有币种都有极大的安全隐患。即便是成熟的项目,也有可能存在漏洞而被攻击者利用。所以一旦用户给Dapp授权,钱包的该代币就会陷入风险。 虽然硬件钱包可以保护私钥,并且没有人能绕过硬...
I'm Lucio进入区块链的大门 — — 网页插件钱包(第三讲)
我们前面讲到了加密货币钱包的概览,上一讲是关于imtoken钱包的使用。本讲的主要内容是Metamask。metamask 有两个版本,一个是在谷歌浏览器chrome的以太坊钱包插件,也是最常用的,另一个是手机的app。这里主要讲最常用的chrome浏览器插件版。 1. 下载谷歌浏览器:https://www.google.com/chrome/ 记住一定要在官网下载,或者在有保障的平台下载,不要下载未知源头下载的谷歌浏览器。 2. 下载metamask的chrome浏览器插件 metamask的官方网站为https://metamask.io/ 点击下载,然后选择Chrome, Install metamask for chrome 这个时候就会跳转到chrome商店然后添加插件到chrome浏览器就可以了。 安装完成后,浏览器的插件栏会出现metamask小狐狸图标,安装完成可以开始使用。 3. 开始使用生成钱包根据引导一步一步走,点击”开始使用”2. 导入或者创建 根据你的钱包习惯,喜欢用自己老的钱包去作为metamask钱包的话,可以直接用助记词导入钱包,在metamas...
I'm Lucio进入区块链的大门 — — 硬件钱包的使用(第四讲)
我们前面讲到了加密货币钱包的概览,imtoken和metamask的使用。本讲的主要内容是硬件钱包 — ledger nano X的使用。 为什么选择Ledger? Ledger是法国的硬件钱包品牌,是目前销量最大的硬件钱包。产品经过了市场和安全机构的验证,使用方便。Ledger目前有三款产品,是ledger nano S,Ledger nano S plus 和 ledger nano X。Ledger nano S 只能连接电脑端并且最多安装3个币种的app。Ledger nano X 可以连接电脑端,并且可以通过蓝牙连接手机端。存储空间大,可以同时安装几十个app。因为Ledger nano X可以连接手机,适合对于操作频繁的用户购买。Ledger nano S plus则是 Ledger nano S的升级款,也可以同时安装几十个app,但是无法通过蓝牙与手机连接。在这里我推荐用户购买ledger nano S plus 或者ledger nano X,用户可以按需购买。为了保证安全,这里硬件设备只推荐从官网购买,因为无法判定其他经销商的真伪。避免因为买到假的硬件钱包或者...
<100 subscribers
I'm Lucio进入区块链的大门 — — 取消钱包授权(第五讲)
前面我们有讲到不同钱包的使用方法,和如何访问Dapp。对于经常访问Dapp和使用DeFi应用的人们来说,若想在DeFi协议上使用代币,‘’代币授权‘’是经常性的步骤。什么是代币授权?以太坊链、EVM链(BSC/HECO/OKExChain/Polygon等)和波场链上的Dapp大都涉及到合约操作,授权即表示允许该合约地址提取用户的代币。Dapp需要访问代币才能需要对其操作。比如你想在uniswap卖掉WBTC,则需要‘’Approve‘’ Uniswap的智能合约访问你钱包内WBTC的权限,然后才能通过第二笔交易把WBTC转换成其他代币。在钱包上面,你可以看到该授权。为了提升用户体验,减少授权次数,Dapp会要求无限授权,即该智能合约有权对钱包内的某个币种有不限量的转移权限。对于靠谱的知名平台,如uniswap等,不会恶意操作转移用户的钱包资产。如果该Dapp一开始就是恶意的,则该钱包对于已经授权该平台的所有币种都有极大的安全隐患。即便是成熟的项目,也有可能存在漏洞而被攻击者利用。所以一旦用户给Dapp授权,钱包的该代币就会陷入风险。 虽然硬件钱包可以保护私钥,并且没有人能绕过硬...
I'm Lucio进入区块链的大门 — — 网页插件钱包(第三讲)
我们前面讲到了加密货币钱包的概览,上一讲是关于imtoken钱包的使用。本讲的主要内容是Metamask。metamask 有两个版本,一个是在谷歌浏览器chrome的以太坊钱包插件,也是最常用的,另一个是手机的app。这里主要讲最常用的chrome浏览器插件版。 1. 下载谷歌浏览器:https://www.google.com/chrome/ 记住一定要在官网下载,或者在有保障的平台下载,不要下载未知源头下载的谷歌浏览器。 2. 下载metamask的chrome浏览器插件 metamask的官方网站为https://metamask.io/ 点击下载,然后选择Chrome, Install metamask for chrome 这个时候就会跳转到chrome商店然后添加插件到chrome浏览器就可以了。 安装完成后,浏览器的插件栏会出现metamask小狐狸图标,安装完成可以开始使用。 3. 开始使用生成钱包根据引导一步一步走,点击”开始使用”2. 导入或者创建 根据你的钱包习惯,喜欢用自己老的钱包去作为metamask钱包的话,可以直接用助记词导入钱包,在metamas...
I'm Lucio进入区块链的大门 — — 硬件钱包的使用(第四讲)
我们前面讲到了加密货币钱包的概览,imtoken和metamask的使用。本讲的主要内容是硬件钱包 — ledger nano X的使用。 为什么选择Ledger? Ledger是法国的硬件钱包品牌,是目前销量最大的硬件钱包。产品经过了市场和安全机构的验证,使用方便。Ledger目前有三款产品,是ledger nano S,Ledger nano S plus 和 ledger nano X。Ledger nano S 只能连接电脑端并且最多安装3个币种的app。Ledger nano X 可以连接电脑端,并且可以通过蓝牙连接手机端。存储空间大,可以同时安装几十个app。因为Ledger nano X可以连接手机,适合对于操作频繁的用户购买。Ledger nano S plus则是 Ledger nano S的升级款,也可以同时安装几十个app,但是无法通过蓝牙与手机连接。在这里我推荐用户购买ledger nano S plus 或者ledger nano X,用户可以按需购买。为了保证安全,这里硬件设备只推荐从官网购买,因为无法判定其他经销商的真伪。避免因为买到假的硬件钱包或者...
Share Dialog
Share Dialog
Earlier we talked about how to use different wallets and how to access Dapp. For people who frequently access Dapps and use DeFi applications, ''Token Permission'' is a recurring step in order to use tokens on DeFi protocols.
Most of the Dapps on the Ethereum chain, EVM chain (BSC/HECO/OKExChain/Polygon, etc.), and TRON chain involve smart contracts, and permission means that the smart contract is allowed to withdraw the user's tokens. Dapps need access to tokens in order to operate on them. For example, if you want to sell WBTC on uniswap, you need ''Approve'' Uniswap's smart contract to access the WBTC in your wallet, and then you can convert WBTC into other tokens through the second transaction. On the wallet, you can see the permission. In order to improve the user experience and reduce the number of permissions, Dapp will require unlimited permission, that is, the smart contract has the right to transfer unlimitedly for a certain token in the wallet.
For reliable and famous platforms, such as uniswap, there will be no malicious operations to transfer users' wallet assets. If the Dapp is malicious, the wallet has a big security risk for all the coins that have authorized the platform. Even mature projects may have vulnerabilities that can be exploited by attackers. So once the user authorizes the Dapp, the token in the wallet will be at risk.
Although hardware wallets can protect private keys, no one can cross hardware wallets to steal private keys. But there is no way to prevent security risks on 'Approve'.
The most important thing is not to authorize smart contracts on unreliable Dapp platforms, some platforms may operate the users’ tokens within a few hours after authorization.
Second, the user needs to periodically clear the permissions, because even a mature and reliable project may be exploited by attackers. In order to ensure the security of the tokens in the wallet, it is necessary to periodically revoke permissions.
Visit the ETH allowance website: https://ethallowance.com/
Access the ETH allowance, connect to the Metamask, and the list of authorized smart contracts will be displayed on it
Select the platform/contract to cancel the authorization, and click Revoke, if you want to cancel all authorization, click revoke all above
Confirm the revoking transaction in the wallet. After the transaction is confirmed, the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk of permissions.
For friends who like to use Debank, it is also very fast to revoke permissions through Debank. Debank official website: https://debank.com/
After entering Debank, link the wallet and switch to the corresponding network
Click on the profile, then click on management, and you can see the Dapps or smart contracts that are still providing permissions.
For the smart contract that wants to revoke permission, click decline. After the transaction is confirmed, the permission of the smart contract will be canceled, and the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk.
These are the steps for revoking permissions. Users should always ensure the safety of funds and avoid risks as much as possible.
Written by: Lucio Lyu
Twitter: @imLucio_eth
Earlier we talked about how to use different wallets and how to access Dapp. For people who frequently access Dapps and use DeFi applications, ''Token Permission'' is a recurring step in order to use tokens on DeFi protocols.
Most of the Dapps on the Ethereum chain, EVM chain (BSC/HECO/OKExChain/Polygon, etc.), and TRON chain involve smart contracts, and permission means that the smart contract is allowed to withdraw the user's tokens. Dapps need access to tokens in order to operate on them. For example, if you want to sell WBTC on uniswap, you need ''Approve'' Uniswap's smart contract to access the WBTC in your wallet, and then you can convert WBTC into other tokens through the second transaction. On the wallet, you can see the permission. In order to improve the user experience and reduce the number of permissions, Dapp will require unlimited permission, that is, the smart contract has the right to transfer unlimitedly for a certain token in the wallet.
For reliable and famous platforms, such as uniswap, there will be no malicious operations to transfer users' wallet assets. If the Dapp is malicious, the wallet has a big security risk for all the coins that have authorized the platform. Even mature projects may have vulnerabilities that can be exploited by attackers. So once the user authorizes the Dapp, the token in the wallet will be at risk.
Although hardware wallets can protect private keys, no one can cross hardware wallets to steal private keys. But there is no way to prevent security risks on 'Approve'.
The most important thing is not to authorize smart contracts on unreliable Dapp platforms, some platforms may operate the users’ tokens within a few hours after authorization.
Second, the user needs to periodically clear the permissions, because even a mature and reliable project may be exploited by attackers. In order to ensure the security of the tokens in the wallet, it is necessary to periodically revoke permissions.
Visit the ETH allowance website: https://ethallowance.com/
Access the ETH allowance, connect to the Metamask, and the list of authorized smart contracts will be displayed on it
Select the platform/contract to cancel the authorization, and click Revoke, if you want to cancel all authorization, click revoke all above
Confirm the revoking transaction in the wallet. After the transaction is confirmed, the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk of permissions.
For friends who like to use Debank, it is also very fast to revoke permissions through Debank. Debank official website: https://debank.com/
After entering Debank, link the wallet and switch to the corresponding network
Click on the profile, then click on management, and you can see the Dapps or smart contracts that are still providing permissions.
For the smart contract that wants to revoke permission, click decline. After the transaction is confirmed, the permission of the smart contract will be canceled, and the smart contract cannot operate and access the tokens in the user's wallet, which can avoid the risk.
These are the steps for revoking permissions. Users should always ensure the safety of funds and avoid risks as much as possible.
Written by: Lucio Lyu
Twitter: @imLucio_eth
No comments yet