Intimidated by the new 🦊 warning?
The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".
Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.
🧵/1
The FIRST time you list a collection (item) to a marketplace, you'll have to use "Set Approval For All".
Why?
The marketplace needs your permission to be able to transfer the NFT / token on your wallet address' behalf if a sale happens.
🧵/1
2/
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain
Let's jump into it. 🔍
Keep in mind - Approvals are per:
- Collection
- Service (marketplaces, exchanges etc.)
- Wallet address
- Blockchain
Let's jump into it. 🔍
3/
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request?
Let's break this request from Opensea down as an example.
How do we tell if this is actually a legit and safe approval request?
4/
The first thing you want to look out for:
Origin aka the requesting URL.
It's always shown in the little bubble on top of the request.
If this is NOT the marketplace you want to list on: 🚩.
URL is legit? ✅
The first thing you want to look out for:
Origin aka the requesting URL.
It's always shown in the little bubble on top of the request.
If this is NOT the marketplace you want to list on: 🚩.
URL is legit? ✅
5/ Origin is correct - next, we're looking at:
"Allow access to and transfer all of your NFT"
We already learned, approvals are per collection - so this can't access all our NFTs.
This is an displaying error by MM. Click the blue word NFT, you'll see..
"Allow access to and transfer all of your NFT"
We already learned, approvals are per collection - so this can't access all our NFTs.
This is an displaying error by MM. Click the blue word NFT, you'll see..
6/
Something like this (1) on Etherscan.
Double check:
On Etherscan, click the contract address on the right, it shows (2).
Make sure this is the NFT / token you want to list / sell.✅
The displaying error is either because it's an ERC1155 token / a OS shared storefront item.
Something like this (1) on Etherscan.
Double check:
On Etherscan, click the contract address on the right, it shows (2).
Make sure this is the NFT / token you want to list / sell.✅
The displaying error is either because it's an ERC1155 token / a OS shared storefront item.
7/
Origin correct, Collection correct? ✅
The last thing you want to check is the actual contract address that's calling the request.
Click the arrow in the little greyed area to show the contract on Etherscan.
Origin correct, Collection correct? ✅
The last thing you want to check is the actual contract address that's calling the request.
Click the arrow in the little greyed area to show the contract on Etherscan.
8/
Probably looks like an empty page - Again, click the contract address shown on the right side of Etherscan (1).
After that, you should be seing the label of - in this case - Opensea: Conduit.
These labels are curated BTW - so you can't just give yourself an Opensea label.
Probably looks like an empty page - Again, click the contract address shown on the right side of Etherscan (1).
After that, you should be seing the label of - in this case - Opensea: Conduit.
These labels are curated BTW - so you can't just give yourself an Opensea label.
9/
Origin, collection and contract to approve are correct? ✅
Last thing I want you to do - make this a habit!
Expand the full transaction details / data tab in MM by clicking here.
Origin, collection and contract to approve are correct? ✅
Last thing I want you to do - make this a habit!
Expand the full transaction details / data tab in MM by clicking here.
10/
MM 🦊 sums up, what we just checked in detail:
- Right URL? (permission request origin)✅
- Right token? (approved asset) ✅
- Right contract? (granted to) ✅
Pro Tip:
The data tab shows this will call set approval for all to true.
IF you've done the checks above -> safe.
MM 🦊 sums up, what we just checked in detail:
- Right URL? (permission request origin)✅
- Right token? (approved asset) ✅
- Right contract? (granted to) ✅
Pro Tip:
The data tab shows this will call set approval for all to true.
IF you've done the checks above -> safe.
11/
That's it! Now you know how to safely approve an asset to a marketplace (here: Opensea).
Listing the item will bring up a signature request and requires no gas fee at all. That's the beauty of the approval you just gave (but also dangerous).
Listing will look like this:
That's it! Now you know how to safely approve an asset to a marketplace (here: Opensea).
Listing the item will bring up a signature request and requires no gas fee at all. That's the beauty of the approval you just gave (but also dangerous).
Listing will look like this:
12/ If you liked this 🧵 make sure to give it a share and follow @Wii_Mee + @BoringSecDAO for more on wallet security! #SaferNFTs 🛡
Bonus: Here's the video to explain the thread visually:
Tweet /13 is another bonus with popular marketplace contracts.
Bonus: Here's the video to explain the thread visually:
Tweet /13 is another bonus with popular marketplace contracts.
13/
Popular contracts:
Opensea Conduit:
0x1E0049783F008A0085193E00003D00cd54003c71
Looksrare:
0xf42aa99F011A1fA7CDA90E5E98b277E306BcA83e
X2Y2 ERC721:
0xF849de01B080aDC3A814FaBE1E2087475cF2E354
0x Exchange (used by Coinbase NFT):
0xDef1C0ded9bec7F1a1670819833240f027b25EfF
Popular contracts:
Opensea Conduit:
0x1E0049783F008A0085193E00003D00cd54003c71
Looksrare:
0xf42aa99F011A1fA7CDA90E5E98b277E306BcA83e
X2Y2 ERC721:
0xF849de01B080aDC3A814FaBE1E2087475cF2E354
0x Exchange (used by Coinbase NFT):
0xDef1C0ded9bec7F1a1670819833240f027b25EfF
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
