Can someone please confirm whether approving an infinite amount of a token on a contract (e.g. a DEX) gives permission to the contract (and/or its owner) to spend my token any time they want WITHOUT my further interaction? E.g. could a malicious owner of a DEX wake up one morning and start spending approved tokens without the user initiating a trade?
What I am trying to understand is, is it necessary to limit the approval only to the amount of the trade (and keep approving 2-3 times per day for trades), or is it fine to just approve max amount once to avoid approving all the time?). Assume that there is no way for us to verify the code and see if the contract has any checks/limitations that require the interaction to come from the user's address.
Nov 27, 2021, 4:19 PM
They can
But who trades on an unverified dex anyway...
Ooh nvm. People use dxsale :)
Nov 27, 2021, 4:31 PM
It is verified, but who trusts verifications if you cannot verify by yourself.
Nov 27, 2021, 4:31 PM
Umm check code on etherscan?
Nov 27, 2021, 4:32 PM
If I could verify the code I wouldn't need to ask the question :P
Nov 27, 2021, 4:32 PM
.
Don't trust it? don't use it
There will be alternatives, always
*verified alternatives
Nov 27, 2021, 4:34 PM
The point is, even with 2 audits I still don't know if the audits confirmed that the owner cannot spend my tokens, I mean, it requires my approval so they might think it is "expected". But I expect the contract to spend only if I am the one initiating the trade, not the owner of the contract
Nov 27, 2021, 4:34 PM
If there is no malicious functions, then owner can't magically take it
And if the auditing company is good, they'd figure that out in the first look itself
Nov 27, 2021, 4:36 PM
So for example if the contract simply lacks a check to see if I am the one initiating the approved trade, would that be immediately flagged as malicious by the auditors?
Nov 27, 2021, 4:38 PM
It would be
Who did the audit?
Nov 27, 2021, 4:39 PM
https://docs.traderjoexyz.com/main/audits/dex
https://docs.traderjoexyz.com/main/audits/lending
https://docs.traderjoexyz.com/main/audits/lending
The above DEX is the biggest on Avalanche I think
Nov 27, 2021, 4:41 PM
Done by hashex
They are pretty good at this bizness. So don't worry about malicious contents
And its a fork of uniswap. ctrl + h, ETH -> AVAX :)
Nov 27, 2021, 4:45 PM
Thank you
If I may interrupt you one last time, is there site to view/revoke token approvals other than debank.com? I am just trying to verify that debank revokes approvals correctly without shady stuff (I am not aware of any audits)
Nov 27, 2021, 4:58 PM