Why allow unlimited to edit allowance? #128
Comments
|
Hey, thank you for your feedback! The message you are seeing is actually quite misleading. What happens is the following:
So in reality there is no approval done for TAC. Rather you are changing the approval for some other site. The problem is that Metamask can not know who is the owner of the spender address that TAC is changing the approval for, so they assume that the spender address belongs to the current website. This question keeps coming up recently, so i raised an issue with Metamask to see if there is a way to improve the message, as it is really confusing. You can follow the issue at MetaMask/metamask-extension#9721. I will also add a clarification to TAC why you see this warning. I fully agree with you that it sounds frightening. |
|
More specific MetaMask issue: |
I've recently discovered this project and it is great for listing allowances, but when I thought I'd check out the edit allowance feature the first transaction that I get in my Metamask is a transaction to allow your very site to spend an unlimited amount of that particular token. This is exactly what I'm trying to avoid.
Is it not possible to do this simply through the contract that has received the allowance? Why is this step necessary, and what is the next step (which I don't dare to do because I find this step rather frightening)?
Also, very specifically, what function in which contract is called to do the actual zeroing of a particular allowance?
This is the first transaction I'm asked to accept:
As I'm writing this I realize that you might actually only be requesting a 0 spending limit, but Metamask appears to be suggesting "Unlimited". The details of the permission is as follows:
Spend limit requested by Https://tac.dappstar.io
0 <TOKEN>
Any clarification on understanding this would greatly help in trusting this project. It might also be useful in a documentation.
The text was updated successfully, but these errors were encountered: