I've always felt that “infinite contract authorization” is pretty much the same as sleeping without locking the door: you might not lose anything right away, but if you do, don’t ask why. Especially with new token launches—on the first step, they get you to approve; on the next, they tweak the contract permissions or switch the route, and the money just slips through the opening you handed them... The more I watch the path of funds, the more I see that the most common issue isn’t that hackers are so amazing—it’s that everyone is too lazy to revoke permissions.

Revoking permissions isn’t exciting, and it won’t earn you followers, but it can be lifesaving. Anyway, after every interaction, I treat it like “wash your hands + lock the door,” and I just trim any authorization I don’t need, so I can sleep soundly. The recent NFT royalty debate feels similar too: everyone talks about creators’ income and liquidity, but nobody wants to admit that the biggest problem is often “too much default trust.” I don’t need to be understood, but I also don’t want to wake up in the middle of the night to find my wallet has been “understood.” That’s it for now.