What are Approvals for?
The system contract that hold the "TAU" token on the Lamden Network is called the currency contract.
The currency contract will let YOU the owner of the account do what you wish with your TAU, because you can sign the transaction to the currency contract with your account keys. All you as the owner of the account needs to do is sign a trasnaction to the "transfer" method of the currency contract and it will execute that for you, no "approval" needed because it knows you are you.
DAPPS have their OWN smart contract and will "import" the currency contract into their contract to execute transfers.
When a DAPP's contract calls the currency contract, from within itself, the currency contract sees this as the DAPP's contract calling it, not YOU; even though you signed the transaction to the DAPPS's contract intially. This is obvioulsy for security as without this anyone could call the currency contract "as you" and take your TAU.
To put it simply, if the con_cool_dapp contract calls currency.transfer from within itself, the currency contract see that as as con_cool_dapp initiating the transfer, not you.
How do I Approve a DAPP?
What DAPPS need to do is first is have YOU give them permission to spend your TAU. They do this by having you send an "approve" transaction to the currency contract, that they initate through the Lamden Wallet API. This lets the currency contract know you are allowing a specific person, or contract spend some of your TAU. Then the DAPP calls another function called "transfer_from" which allows the currncy contract to check that the calling contract, con_cool_dapps has been approved to transfer funds out of your account.
How does the Lamden Wallet keep me safe?
In general you never want to give anyone or any contract access to your TAU unless you are sure they are using it in your best interest. Maybe you are paying TAU to buy something or maybe the DAPP is using it on your behalf to facilitate a process. Either way, the responsibility is on you, the owner of the TAU to understand why you are giving permission and if that party is trustworthy. If you are unsure you can always ask in our Telegram Group.
As a Lamden Wallet user you have a few safe guards but ultimatly none of these will help you if you give permission to a malicious DAPP.
- The DAPP can only send approvals for its own approved smart contract. Meaning, you cannot accidentally approve the DAPPS owner's account account address and then they spend your TAU. So if you trust all methods of the the DAPP's contract then you can be sure that the approval is always good when you see the popup.
- You will see the approval popup EVERYTIME even if you have enabled automatic transactions by setting the Linked Account as trusted. The DAPP cannot sneak in an approval that you did not authorize.