Metamask, a web-based cryptocurrency wallet that enables users to interact with the ETH blockchain, It functions as a plugin to enable users to manage their tokens and interact with dapps.
Although the metamask wallet hasn't reported any major hacks on its network in recent years, by major i mean MAJOR like DDOS kinda major however users of this web based wallet are still subject to risks during usage. Fellow reputable steemians have written on the various security risks metamask possesses and a good friend of mine asked if i can also write on this issue and of course how to avoid these risks, so....lets go.
USING UNPOPULAR SWAPS
There have been cases of users waking up to find their metamask wallets wiped clean. In such cases, it's very easy to heap the blame on meta mask for having a thin rope as security claiming you stored your keys safely. This scenario is particularly common to users who invest in NFT's and gaming coins.
The process for purchasing some of these coins especially if you want to get early access to them involves a series of steps. Buying from the exchange, transferring to the wallet, swapping on various swap sites and the same steps I reverse order in the scenario of selling.
Users should take notice of the swap sites they claim to use, metamask is a crypto wallet however it collects private information about users (it doesn't have access to this information though but someone else can) therefore depending on your activity you might be the cause of a hack to your wallet.
SECURITY- Simply put, stick to your common swap exchanges, uniswap, pancakeswap,spookyswap e,t,c, and if you must use any other swaps ensure you DYOR. My advise here, it's not worth losing your assets trying to chase coins early, stick to the common swaps!!
MALICIOUS SMART CONTRACTS
Whenever you initiate a transaction on metamask and the confirmation message "allow metamask to spend your ---" shows up". If you're probably like me, you click confirm before actually reading the message. But if you navigate to the link view full transaction details you'll realize that the default permission for ethereum smart contracts on metamask is set to unlimited permission to spend coin.
Now, this might not be a problem with trusted apps like uniswap and Aave but if you're using an application where you have no idea who the founders are.
In this instance, it's very easy for malicious actors to take advantage of the "unlimited spend" feature and rug your coins. YES! The easiest way to get rugged and you're just discovering, right?
SECURITY - Now I can just scream "stick to common swaps" but instances, where we'd have to deviate and use the unpopular ones, would always suffice. To avoid getting rugged, whenever the contract trigger shows up, navigate to view full transaction details as shown below and change the default spend limit permission from unlimited to custom spend limit.
This way you can set a specified amount you're willing to spend or in the worst-case scenario, Lose.
If you read to this point, you're an absolute gem :)
