撤销令牌许可是必须做的安全实践

在当今世界，恶意演员有多种方法来获得未经授权的资金访问。大多数用户盔甲中的主要缝隙之一是权限。

In the burgeoning realm of cryptocurrency, where malicious actors are constantly devising new ways to gain unauthorized access to funds, security remains a paramount concern. As we navigate this evolving landscape, it’s crucial to be aware of the common pitfalls that users often fall prey to.

在新兴的加密货币领域中，恶意演员不断地设计新的方法来获得未经授权的资金访问，安全仍然是最重要的问题。当我们浏览这一不断发展的景观时，重要的是要意识到用户经常落下的常见陷阱。

One major chink in the armor of most crypto users is an excess of permissions. Many users inadvertently grant too many permissions to platforms they barely use, or worse yet, malicious apps disguised as legitimate ones.

大多数加密使用者的盔甲中的一个主要缝隙是权限超过的权限。许多用户无意间授予他们几乎不使用的平台的权限太多，或者更糟糕的是，恶意应用程序被伪装成合法的应用程序。

Once these permissions are granted, they tend to linger long after they’re needed, leaving the user’s wallet vulnerable to unnecessary risk.

一旦授予这些权限，它们倾向于在需要后很长时间徘徊，从而使用户的钱包容易受到不必要的风险。

To fully appreciate the importance of revoking old token permissions, let’s first understand what they are and how they work.

要充分欣赏撤销旧令牌许可的重要性，让我们首先了解它们是什么以及它们的工作方式。

What Are Token Permissions?

什么是代币许可？

When you connect your crypto wallet (e.g., MetaMask) to a dApp (decentralized application) like a decentralized exchange or a lending platform, you’re asked to approve a transaction.

当您将加密钱包（例如MetAmask）连接到DAPP（分散的应用程序）（例如分散的交换或贷款平台）时，您要求您批准交易。

This "approval" isn't just about agreeing to a swap or deposit; it's also about giving that dApp permission to access your tokens. Sometimes these permissions are set to an unlimited amount.

这种“批准”不仅仅是同意交换或存款；这也是要授予DAPP访问您的令牌的权限。有时，这些权限设置为无限量。

The process of granting token permissions occurs through smart contracts, which require your signature (e.g., MetaMask's password) to transfer your tokens in transactions like trading, staking, borrowing, or lending.

授予令牌权限的过程是通过智能合约发生的，智能合约需要您的签名（例如，metamask的密码）将您的令牌转移到交易，存放，借贷或贷款等交易中。

However, unlike traditional bank accounts, you need to manually revoke these permissions later; they don't expire on their own. This means that even if you’re done using the dApp, it could still access your tokens.

但是，与传统的银行帐户不同，您需要在以后手动撤销这些权限；他们不会自己过期。这意味着即使您使用了DAPP，它仍然可以访问您的令牌。

In any scenario where the dApp gets hacked (or was even malicious from the start), your funds are at risk.

在任何情况下，DAPP被黑客入侵（或从一开始都是恶意的），您的资金处于危险之中。

Granting token permissions is like giving the plumber the keys to your house to fix a sink. When this task is done, you need to retrieve the keys. If you don'

授予令牌许可就像给水管工为您的房屋固定水槽的钥匙。完成此任务后，您需要检索键。如果你不