撤銷令牌許可是必須做的安全實踐

在當今世界，惡意演員有多種方法來獲得未經授權的資金訪問。大多數用戶盔甲中的主要縫隙之一是權限。

In the burgeoning realm of cryptocurrency, where malicious actors are constantly devising new ways to gain unauthorized access to funds, security remains a paramount concern. As we navigate this evolving landscape, it’s crucial to be aware of the common pitfalls that users often fall prey to.

在新興的加密貨幣領域中，惡意演員不斷地設計新的方法來獲得未經授權的資金訪問，安全仍然是最重要的問題。當我們瀏覽這一不斷發展的景觀時，重要的是要意識到用戶經常落下的常見陷阱。

One major chink in the armor of most crypto users is an excess of permissions. Many users inadvertently grant too many permissions to platforms they barely use, or worse yet, malicious apps disguised as legitimate ones.

大多數加密使用者的盔甲中的一個主要縫隙是權限超過的權限。許多用戶無意間授予他們幾乎不使用的平台的權限太多，或者更糟糕的是，惡意應用程序被偽裝成合法的應用程序。

Once these permissions are granted, they tend to linger long after they’re needed, leaving the user’s wallet vulnerable to unnecessary risk.

一旦授予這些權限，它們傾向於在需要後很長時間徘徊，從而使用戶的錢包容易受到不必要的風險。

To fully appreciate the importance of revoking old token permissions, let’s first understand what they are and how they work.

要充分欣賞撤銷舊令牌許可的重要性，讓我們首先了解它們是什麼以及它們的工作方式。

What Are Token Permissions?

什麼是代幣許可？

When you connect your crypto wallet (e.g., MetaMask) to a dApp (decentralized application) like a decentralized exchange or a lending platform, you’re asked to approve a transaction.

當您將加密錢包（例如MetAmask）連接到DAPP（分散的應用程序）（例如分散的交換或貸款平台）時，您要求您批准交易。

This "approval" isn't just about agreeing to a swap or deposit; it's also about giving that dApp permission to access your tokens. Sometimes these permissions are set to an unlimited amount.

這種“批准”不僅僅是同意交換或存款；這也是要授予DAPP訪問您的令牌的權限。有時，這些權限設置為無限量。

The process of granting token permissions occurs through smart contracts, which require your signature (e.g., MetaMask's password) to transfer your tokens in transactions like trading, staking, borrowing, or lending.

授予令牌權限的過程是通過智能合約發生的，智能合約需要您的簽名（例如，metamask的密碼）將您的令牌轉移到交易，存放，借貸或貸款等交易中。

However, unlike traditional bank accounts, you need to manually revoke these permissions later; they don't expire on their own. This means that even if you’re done using the dApp, it could still access your tokens.

但是，與傳統的銀行帳戶不同，您需要在以後手動撤銷這些權限；他們不會自己過期。這意味著即使您使用了DAPP，它仍然可以訪問您的令牌。

In any scenario where the dApp gets hacked (or was even malicious from the start), your funds are at risk.

在任何情況下，DAPP被黑客入侵（或從一開始都是惡意的），您的資金處於危險之中。

Granting token permissions is like giving the plumber the keys to your house to fix a sink. When this task is done, you need to retrieve the keys. If you don'

授予令牌許可就像給水管工為您的房屋固定水槽的鑰匙。完成此任務後，您需要檢索鍵。如果你不