An update that many people have been waiting for. Using Metamask will become easier and safer with the 10.18.0 update. This update adds a new feature that now requires you to grant permissions to the wallet instead of doing it automatically. Scams will be made more complicated to perform.
Using Metamask: some reminders
Metamask is one of the main “hot wallet” used in the world of Blockchain, whether for DeFi (decentralized finance) or buying NFTs. It is now one of the leading digital wallets with over 21 million active users.
Metamask supports many networks (Ethereum, BNB Chain, Avalanche, Matic..) and many token formats (ERC20, ERC-721, ERC-1155…). It allows to connect to decentralized applications (Dapp) and to interact with smart contracts.
This digital wallet was created in 2016 and many updates have been added since then, including the famous 10.18.0 update, which we come back to just below.
You can download the latest version of this free app from Google Play (4.5 out of 110,000 reviews, 10 million downloads).
It works on your mobile or tablet (Android and Apple). If you are on the computer, you need to use Google Chrome as your browser to use the extension (it doesn’t work on other search engines like Firefox or Safari on Mac). Remember to set Chrome as your default web browser.
After downloading the plugin on your desktop, open your browser window and configure it.
For the most curious among you (yes, there are surely some!), you can find the source code of Metamask on Github by clicking here. You will see that it is regularly updated.
Using Metamask without being scammed
Since the bull run of 2021 on cryptos and in particular on NFT, many smart people have taken the opportunity to scam people. This is called in the jargon of the Blockchain “scams”.
To understand how these scams can take place, we must already understand what FOMO (Fear of Missing Out) is: it is the fear of missing out on a great opportunity.
Often, NFT projects played on this fear to create a sense of urgency and encourage people to buy NFTs from a collection. This can be very tempting because by buying as soon as the collection is released, it is possible to resell x3 (or much more) a few days later.
But a lot of requests means not enough space for everyone. So, whitelists have been set up. So far, nothing unusual.
Except that, many clever people have made scams pretending to be the official project. They use Twitter accounts and websites that strongly resemble the official project.
In the smart contract of these fake projects, there is an option that gives the scammers full access to crypto and NFT. Some people have lost millions of dollars in these scams. And that’s where the Metamask update comes in.
In fact, back in June, Alex Donesky (software engineer at Metamask) wrote on Github about the problems that persisted in the NFT world.
“There is an urgent need to release something because this method is so commonly used.”
Alex Donesky, software engineer at Metamask
Alex Donesky asked for it, Metamask did it.
How the update works
In a recent post on Github (the go-to site for developers), they posted screenshots that explain how this new security feature works. The software introduces a setApprovalForAll permission.
The first screenshot contains an initial caveat that says “Do you grant permission to access ALL your BAYCs?”. A second caveat appears just below it (you can never be too careful) “By granting authorization, you are authorizing the next account to access all of your funds”.
If you’re a normal person and have all your mental capacities, these security measures should prevent you from mindlessly clicking the button, even with FOMO.
So Metamask users now have an extra layer of security when interacting with a smart contract. And this is no small update, let’s face it: instead of automatically granting access to all your digital assets (fungible tokens or not), you have to give your permission. This will prevent many people from getting ripped off by mistake. Let’s hope that Metamask users are more careful when they sign their transaction.
Besides the security aspect, this update of Metamask has the merit to question us about the “best practice” in the web3 world. To use Metamask, keep in mind that understanding what you are doing is the best way to protect yourself. That’s why at Coinpri we also write guides to help you understand everything and make the best choices.
Coming from a teaching background, I’ve become passionate about the world of Blockchain. I’m eager to learn more and share the fruit of my research through my articles.