Self custody is one of the most powerful aspects of blockchain technology, but comes with great responsibility. One misstep could see you lose your assets. Everyone knows to keep their wallet’s seed phrase safe, but protecting your seed phrase is only half of the battle. Any transaction you make has the potential to be dangerous, even when using a hardware wallet. So it is crucial to understand the basics of Ethereum transactions, smart contracts, and token approvals so you can keep you and your assets safe.
When someone says they “own” a CryptoMorie, that means that they have a token (NFT) issued by the CyptoMories smart contract. The contract is what ultimately controls which wallet owns the token and who is “approved” to control it. By default, contracts only approve control to the token owner. But it is possible to “approve” additional wallets or contracts, allowing them to control the token as well. This is necessary in order to sell on marketplaces like OpenSea, but if your token’s approval falls into the wrong hands it is as good as gone. To check or remove approval for your tokens you can use sites like revoke.cash and etherscan token approval.
To protect your token approvals it is crucial to understand the details of the transactions you make. There are two general types of transactions: “sending ETH” and “contract interaction”. ETH is native asset of the Ethereum network, so no smart contract is needed to transfer it. All other Ethereum network interactions involve a smart contract.
When initiating a contract interaction, metamask will show three key things from top to bottom: contract address, “function type”, and data/details tabs. Clicking the contract address in metamask will allow open it in etherscan and allow you to explore further. If in doubt, you should verify the correct contract address via a project's twitter or discord and confirm you are interacting with the correct one.
The arrow shows “function type” which indicates the action that will be taken on the contract. And the “data” tab is where you can see additional details of what the transaction will communicate to the contract. Always always check the “function type”, ideally it should be a phrase corresponding to what you want to do (“mint”, “buy”). If the “function type” ever reads “approve”, “setApprovalForAll”, or anything similar, stop immediately and double check you are doing what you expect.
When you control your own assets you must remain vigilant. Paying close attention to the contracts addresses and function types of the transactions you are sending, it will go a long way to securing your assets.