Read on Twitter
Time for another #BSC 
Thread -- Let's discuss tokens and approvals.
You've surely noticed that all #DeFi projects you interact with require "approval" before staking or otherwise transferring tokens. But what does this actually mean, and what are the implications? [1/9]
![Time for another #BSC Thread -- Let's discuss tokens and approvals.You've surely noticed that all #DeFi projects you interact with require "approval" before staking or otherwise transferring tokens. But what does this actually mean, and what are the implications? [1/9]](https://pbs.twimg.com/media/E00oLCUWEAQcFFh.jpg "Time for another #BSC Thread -- Let's discuss tokens and approvals.You've surely noticed that all #DeFi projects you interact with require \"approval\" before staking or otherwise transferring tokens. But what does this actually mean, and what are the implications? [1/9]")
Thread -- Let's discuss tokens and approvals.You've surely noticed that all #DeFi projects you interact with require "approval" before staking or otherwise transferring tokens. But what does this actually mean, and what are the implications? [1/9]
You may be surprised to know that tokens are not actually "in your wallet". Instead, contracts using the ERC20 standard hold - and control - your balance. This is how RFI-type tokens grow automatically over time, and why wallets made for Eth don't always pick up BSC tokens. [2/9]
'Approval' tells the token contract (here, $xBLZD) that an address - a staking contract, but could be any address - has permission to re-assign your token balance.
In the perfect, trusting world we aspire to be in, this makes defi seamless and easy to use, right? [3/9]
In the perfect, trusting world we aspire to be in, this makes defi seamless and easy to use, right? [3/9]
But contracts with bugs or backdoors not only put deposited funds at risk, but can affect your current and future holdings, as well.
Let's say you stake BNB/BUSD on the hypothetical "RugSwap". You grant them access to your LP, and true to their name, funds are drained... [4/9]
Let's say you stake BNB/BUSD on the hypothetical "RugSwap". You grant them access to your LP, and true to their name, funds are drained... [4/9]
You forget about it for a few months, but don't revoke token permissions. With the right (wrong?) functions built to manipulate those token balances, the owner can still take them! The token contract has no idea that it's a bad actor, it is simply honoring your approval. [5/9]
Due to the nature of contracts (which don't work like a regular wallet and can only execute its defined code), this is mostly hypothetical. But we have seen at least one project that actively watched approval events to their contract and siphoned the entire balance. [6/9]
This is why it's great practice to manage your approvals both before and after use. Wallets default to 'unlimited' access to tokens. Consider adjusting this to a defined amount. The downside is re-adjusting approval if you ever want to deposit more, but cheaper than a rug. [7/9]
![This is why it's great practice to manage your approvals both before and after use. Wallets default to 'unlimited' access to tokens. Consider adjusting this to a defined amount. The downside is re-adjusting approval if you ever want to deposit more, but cheaper than a rug. [7/9]](https://pbs.twimg.com/media/E0015TOWYAIRT3o.jpg "This is why it's great practice to manage your approvals both before and after use. Wallets default to 'unlimited' access to tokens. Consider adjusting this to a defined amount. The downside is re-adjusting approval if you ever want to deposit more, but cheaper than a rug. [7/9]")
After you're done with a farm, revoke permissions! It will set the allowance to 0 so tokens cannot be moved. This will NOT protect funds currently deposited, as you have given ownership to the farm, only the tokens in your wallet.
https://bscscan.com/tokenapprovalchecker is my current fav. [8/9]
https://bscscan.com/tokenapprovalchecker is my current fav. [8/9]
Lastly, don't let this scare you away from #DeFi; utilize the rich #BSC community. @BscGemz, @money_blizzard, & @beefyfinance (and my Discord channel!) are safe spaces with members dedicated to education and safety, helping you learn to help yourself. Be smart and vigilant! [9/9]
community. @BscGemz, @money_blizzard, & @beefyfinance (and my Discord channel!) are safe spaces with members dedicated to education and safety, helping you learn to help yourself. Be smart and vigilant! [9/9]
