How to tell if a smart contract is safe to interact with
Does this article need to be translated?
Smart contracts are the computer programs that run on the Ethereum Virtual Machine (EVM) and similar blockchains. Their name is somewhat misleading: when you interact with them, you're not signing up to a contract, but simply triggering a program to run.
The virtually endless possibilities for smart contract functions are what makes Ethereum and web3 so powerful. Accessibility is also a key feature: since web3 is meant to be decentralized and usable by everyone, smart contracts can be created and deployed by anyone who wants to. Inevitably, some try and exploit this freedom to take advantage of other users.
This is why you should learn how to identify fraudulent smart contracts and stop yourself falling victim to their scams.
For clarity, smart contracts could represent:
- A token, such as ERC-20 tokens, which are defined and managed by smart contracts, or even an NFT collection
- A function within a dapp, such as a program which oversees a token swap, or even a DAO's governance mechanisms.
Connecting vs. approving
When using MetaMask in the big wide world, you'll often be prompted to connect your wallet. You'll also reasonably often be asked to approve certain operations. In this context, it's approvals (also referred to as allowances) you need to focus on: the distinction is important!
- Connecting your wallet to a site doesn't allow it to do anything with your funds unless you specifically consent. So whilst this connection will enable a dapp to propose certain transactions or actions to you, nothing will happen to your funds unless you approve the suggested transactions. Read more on connecting your wallet here.
- Approvals, meanwhile, involve giving a smart contract the ability to interact with a certain token, in a certain quantity, as and when they require. You should always stop and think when being asking to approve something, as it generally involves handing over control of your assets to a computer program that could have been written by anyone. Read more here.