WiiMee.eth ๐ŸŸฆ๐ŸŸฅ Profile picture
๐Ÿ›ก Wallet Security enthusiast โœ Content & Community @RevokeCash ๐Ÿ‘จโ€๐Ÿซ Coaching @BoringSecDAO and beyond

Oct 13, 2022, 14 tweets

Intimidated by the new ๐ŸฆŠ warning?

The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".

Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.

๐Ÿงต/1

2/
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain

Let's jump into it. ๐Ÿ”

3/
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request?

4/
The first thing you want to look out for:
Origin aka the requesting URL.
It's always shown in the little bubble on top of the request.

If this is NOT the marketplace you want to list on: ๐Ÿšฉ.

URL is legit? โœ…

5/ Origin is correct - next, we're looking at:
"Allow access to and transfer all of your NFT"

We already learned, approvals are per collection - so this can't access all our NFTs.

This is an displaying error by MM. Click the blue word NFT, you'll see..

6/
Something like this (1) on Etherscan.
Double check:
On Etherscan, click the contract address on the right, it shows (2).

Make sure this is the NFT / token you want to list / sell.โœ…

The displaying error is either because it's an ERC1155 token / a OS shared storefront item.

7/
Origin correct, Collection correct? โœ…
The last thing you want to check is the actual contract address that's calling the request.
Click the arrow in the little greyed area to show the contract on Etherscan.

8/
Probably looks like an empty page - Again, click the contract address shown on the right side of Etherscan (1).

After that, you should be seing the label of - in this case - Opensea: Conduit.

These labels are curated BTW - so you can't just give yourself an Opensea label.

9/
Origin, collection and contract to approve are correct? โœ…

Last thing I want you to do - make this a habit!
Expand the full transaction details / data tab in MM by clicking here.

10/
MM ๐ŸฆŠ sums up, what we just checked in detail:
- Right URL? (permission request origin)โœ…
- Right token? (approved asset) โœ…
- Right contract? (granted to) โœ…

Pro Tip:
The data tab shows this will call set approval for all to true.
IF you've done the checks above -> safe.

11/
That's it! Now you know how to safely approve an asset to a marketplace (here: Opensea).

Listing the item will bring up a signature request and requires no gas fee at all. That's the beauty of the approval you just gave (but also dangerous).
Listing will look like this:

12/ If you liked this ๐Ÿงต make sure to give it a share and follow @Wii_Mee + @BoringSecDAO for more on wallet security! #SaferNFTs ๐Ÿ›ก

Bonus: Here's the video to explain the thread visually:



Tweet /13 is another bonus with popular marketplace contracts.

13/
Popular contracts:

Opensea Conduit:
0x1E0049783F008A0085193E00003D00cd54003c71

Looksrare:
0xf42aa99F011A1fA7CDA90E5E98b277E306BcA83e

X2Y2 ERC721:
0xF849de01B080aDC3A814FaBE1E2087475cF2E354

0x Exchange (used by Coinbase NFT):
0xDef1C0ded9bec7F1a1670819833240f027b25EfF

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling