邦卡
邦卡

Banka 邦卡 Facebook 粉絲團:https://www.facebook.com/Banka1987 邦卡部落格:https://banka.com.tw/

NFT Bangka Says: Types of Interactive Contracts for Blockchain

Every time I use a cryptocurrency wallet to sign a contract, I will see a variety of different messages. I often don’t understand it, and I am not sure whether the thing I signed is safe or not. Today, I will introduce you to the possibility of running around in the blockchain. The type of interactive contract that will be encountered.

Proof that blockchain is still in the early stages of development

At present, many functions and interfaces of cryptocurrency wallets are still quite rough. Just like in the early days of smartphone development, when installing many APPs, even these APPs do not know what permissions they require to access the smartphone. Nowadays, the mobile device APP is a highly developed field, and with the rise of information security and privacy awareness, all installed APPs must first inform the user what permissions it will access. If the requested permissions are unreasonable, the user can directly Refuse to use this app.

I believe that with the continuous development of the blockchain, we can expect that the screen displayed before signing the contract will have a more user-friendly interface and information to inform the user what permissions will be given after signing the contract, but at that stage Before, you can only fully enrich your knowledge base to understand what different types of interactive contracts there are.

Types of Interactive Contracts

On the blockchain, as long as you do any behavior that will cause the data on the chain to change, you need to pay a fee to the miners, and ask the miners to help complete these behaviors on the chain. Interaction requires the cryptocurrency wallet to sign some interactive contracts to continue the actions you want to perform. In today's era of rampant scams and traps, do you know what the content and function of the contract you signed?

In fact, like many people, I do not come from a technical background, so many contents are often incomprehensible. In addition to doing a good job of "cryptocurrency wallet security classification" to diversify risks, we can also identify the types of interactive contracts. What permissions do these contracts require from our cryptocurrency wallet.

Further reading:The importance and methods of cryptocurrency wallet management and security classification

At present, according to the permissions required by the interactive contract and the different actions to be performed, it can be roughly divided into the following four types:

  1. Signature request contract
  2. Transfer contract
  3. Approve contract
  4. Set Approval for all contract

Signature request contract

This type of contract is usually the first type of contract that pops up when connecting to a website or DAPP. It is used to confirm whether the signer is a cryptocurrency wallet holder. Usually, the data does not need to be on the chain, so signing such contracts usually does not require consumption. handling fee.

This type of contract will display "Signature request" on the screen. If you are using the Chinese version of Metamask, it will display "Signature contract". Depending on the method used, it can be divided into 3 different types of Signature request contracts. :

Type 1 Personal Sign

This method is most common with linked sites, where it is clear what to sign.

Personal Sign

Type 2 EIP712 Sign

This is a more secure form of signing a contract, adding detailed information requirements so that the signer can know what to sign to whom, to that address, and to what.

EIP712 Sign


Type 3 eth_sign

This is an early signature method, and it is also a potentially risky signature method. Therefore, it can be seen that Metamask is very considerate to mark the text of this signature message in red. This signature method will import a file from the outside for signature. Because you are not sure of the content that may be entrained, unless you are a very trusted third party, it is recommended not to sign this type of signature with red words. If you really want to sign, it is recommended to sign with a hot wallet that can be discarded.

eth_sign

Transfer contract

This type of contract is used to transfer assets. If you want to transfer your NFT from wallet A to wallet B, you will see this type of contract, and you can find the word "Transfer" on the screen.

Some scam traps will also package the Transfer contract into a minting contract. When the original intention is to mint NFT, but the transfer is displayed on the screen, you should realize that this is a scam and you need to terminate the transaction immediately!

Transfer

Approve contract

This is an authorization contract, which is most commonly encountered when using Defi-related DAPPs. Signing this contract will allow a third party to gain access to an asset in the cryptocurrency wallet. The following figure is to authorize a third party. Can deposit and withdraw USDC in cryptocurrency wallets.

Usually, in order to avoid the need for users to frequently grant permissions, most contracts will default to Unlimited, which can avoid paying another handling fee when the user's authorization exceeds the upper limit, but the disadvantage is that if the contract is hacked , the amount they can use will also be unlimited, so you can also click "Edit Permission" in the picture above to set the maximum limit that can be withdrawn by a third party, so that even if the third party is malicious or hacked, Your loss will also have an upper limit. The following figure is a schematic diagram of the amount of permission to be granted by the editor.

Edit the amount of permissions to be granted

Further reading: How to revoke a contract authorization from a cryptocurrency wallet

Set Approval for all contract

The last type of contract is the most dangerous one, because it grants the highest authority, and the other party can do anything with your cryptocurrency wallet. For example, if you list NFT on Opensea, you will need to sign this contract, so that Opensea can Transfer to the buyer after your NFT is sold.

Therefore, unless it is a very trusted third party, when you sign any contract with "Set Approval for all", if the other party is malicious, you should be prepared to say goodbye to your assets. Do not sign any contract that requires "Set Approval for all".

Fully Licensed Contract

This article was simultaneously published on the Banka blog: https://banka.com.tw/the-type-of-contract/

CC BY-NC-ND 2.0

Like my work?
Don't forget to support or like, so I know you are with me..

was the first to support this article

Recommendations

Comment