Recently, I went back to re-check the authorizations on my wallet and found that, in the past, to save a couple of steps, I’d clicked “Unlimited” a few times. To put it plainly, it’s like handing the key to the door to a stranger and still hoping they won’t come in and rummage through drawers… Revoking permissions is as important as sleep: you don’t really notice it day to day, but if something really goes wrong, it’s too late to fix. Now I do the same for my small-scale arbitrage experiments—once the route finishes running, I promptly pull the authorization back. It’s a hassle, but no matter how optimized the fee structure is, it can’t beat the downside of being emptied out in a single incident.

By the way, people outside often compare RWA and US Treasury yield rates to chain-based yield products. I actually look first to see whether the contract permissions and risk controls are written in a way that actually makes sense.

Last night, my mom even asked me, “Are you giving the platform your bank card password?” I said it was pretty much like that—so if you don’t have to set it to Unlimited, then don’t set it to Unlimited.