Comment on page
MetaDock enhanced a token approvals management tool by Etherscan that can help you identify and avoid risky approvals to phishing addresses or vulnerable contracts.
Approval is a mechanism that makes users let other users (spenders) spend his/her tokens. For instance, a user can approve his USDC to a smart contract so that the smart contract can operate on the USDC token on behalf of the user, e.g., swapping the USDC to other tokens. Since the user has approved his tokens to the smart contract, the operation on the user's USDC token by the smart contract does not need another confirmation (or a new signed message) from the user. This can make the whole flow smooth.
The approval can be risky if the spender is a phishing address or a spender is a vulnerable contract. In both cases, the user's tokens can be stolen.
MetaDock flags suspicious approvals to vulnerable contracts and EOAs (phishing accounts, unsafe accounts, etc.) Users can carefully review the approvals shown here and revoke all risky approvals immediately to prevent further loss.
The Approval Diagnosis Button
After clicking the button, the detailed approval results will be shown. Risky approval will be displayed in red with notes!
Approval to the phishing address
We can see the approval of the phishing address. Unfortunately, the user did not notice this approval and the attacker transferred 70 WBTC from this address (see the following figure).
If there is any risky approval, the user needs to remove the approval immediately. Just connect to Web3 wallet and revoke all approvals flagged by MetaDock.
When you find risky approvals, please ①connect your wallet and ②revoke as soon as possible
🩺 Risky approval has been a great threat to users and MetaDock helps users to get known of his/her risky approval. To keep safe, don't forget to make an approval diagnosis regularly.