To use your web3 wallet with DeFi protocols you must approve individual smart contracts for each token you want to stake, swap, or use in a liquidity pool. Every protocol has smart contracts you must approve and every contract approval costs gas. Sometimes a site will ask you to "sign" a transaction, this type of interaction does not cost gas and serves as way to prove ownership or control of the wallet you're connecting with. On the user end, these are all simple clicks.
What you need to know is that every contract you approve, remains approved until revoked. Contract approvals are as they sound, you are approving a contract to use your token. Some contracts will approve a set amount of tokens, others will be "infinite approvals", approving unlimited access until revoked; infinite approvals increase vulnerability to risk.
A contract exploit is when code is compromised by an existing loophole or glitch. Warning signs for unsafe contracts include unlocked liquidity, unlimited mint functions, and other transparent issues in the code. Smart contract security audits will show a detailed analysis of these functions and are publicly available to users. See audits under Certik in research tools.
Mitigate the impact of potential contract exploit by revoking your approvals and avoiding smart contract interactions with unreliable protocols. Read more about smart contract exploit in risk.
Hardware wallets like Trezor and Ledger¹ increase security when interacting with smart contracts by putting private keys on a physical device, this protects you from unauthorized transactions taking place as you navigate through smart contracts. It is important to note if you approve a malicious contract, a hardware wallet will not stop the approval, however if you approve an infinite approval contract, it will prevent you from further damage by preventing secondary request.
Learn more: What is a Hardware Wallet?, Trezor
Trezor and Ledger are both compatible with Metamask and can be used to navigate web3, Metamask is compatible with ETH and all EVM chains.
¹Trezors, Ledgers and all hardware wallets should be purchased from the official websites only. Never buy a hardware wallet from a third party like Amazon or Best Buy, it is safest to always double check the URL and purchase from the original manufacturer.
DeFi is subject to risk including risk related to smart contracts. Please practice due diligence.
All 3rd party sites are provided for convenience only, if you choose to access any such site, you do so at your own risk.
These resources are intended for general guidance and educational purposes only. I am not an investment or financial advisor, and make no representation regarding the advisability of investing.
For convenience only, this website may provide links or pointers to third party sites. While all information is provided in good faith, I make no representations about any other websites that may be accessed from this website. If you choose to access any such sites, you do so at your own risk.
Decentralized Finance is subject to significant risk, including risk related to smart contracts.