TOZM
Home FAQ dApp FAQ Discord X YouTube

TOZM's dApp Safety FAQ

Disclaimer: This dApp safety FAQ is for general information only and is not legal, financial, or investment advice. It focuses on safer use of TOZM's Hedera dApps. It may not apply to other blockchains and does not cover all wallet security topics. Using dApps involves risk, including possible loss of funds.

There is also a TOZM dApp Safety FAQ Video that discusses through these FAQ.

What is a dApp?

A dApp is a decentralized application (e.g., a web application on tozm.io) that connects to your wallet (e.g., HashPack) and interacts with smart contracts on a network like Hedera.

What is the recommended way to use dApps like TOZM safely?

Use a separate or low-value Hedera account when trying new dApps, especially dApps like TOZM's that haven't been audited or extensively battle-tested.

If I use a separate account for each dApp, am I totally safe?

No. Separate accounts serve to shrink the attack radius and isolate the damage that can be caused by a malicious dApp, but the funds in that specific account are still at risk, so you still need to be careful about what you approve.

What are typically the two most important fields to pay attention to on the approval page?

The Contract ID (the smart contract you're interacting with) and the Requested HBAR amount (how much HBAR the contract wants to transfer from your account).

If the Requested HBAR amount is 0 ℏ, is it always safe to approve?

No. While your HBAR balance should be safe (aside from network fees), these 0 ℏ transactions can still put your fungible tokens, NFTs, or other stored assets at risk.

If the "Contract ID" has no allowances and the "Requested HBAR" is 0, is the transaction safe to approve?

Usually, but risks remain if the contract holds an asset of yours (like an NFT in a marketplace). For example, a malicious dApp could trick you into changing a listing price from 1,000 ℏ to 1 ℏ.

Will my wallet alert me if a transaction is asking for an allowance?

Yes. When a transaction creates or increases an allowance (permission to spend your tokens), your wallet should display an "Allowance Approve" message along with the token ID, spender ID, and allowance amount.

Can I view all the allowances my account has granted?

Yes. You can see allowances on explorers like HashScan. Also, wallets like HashPack enable you to view, grant, and revoke allowances.

If I completely trust a particular Contract ID, is it safe to give it a large, indefinite allowance?

No. Large, indefinite allowances can be risky, as a malicious dApp could trick you into calling the trusted contract and misusing the allowance in unintended ways.

Is it safe to trust a smart contract with a large allowance or high HBAR request?

Yes, the ability to trust smart contracts is what makes them so useful; however, full trust requires a careful review (or audit) of the contract's code, and of the specific transaction your wallet is asking you to approve. Without reviews that you trust, it is safer to assume a contract can do whatever it wants with the tokens and HBAR you approve it to take from your wallet.

How can I review a contract's code?

Smart contracts can be "Verified" on explorers like HashScan.io, which makes their code public. TOZM smart contracts are typically verified so the community can examine the code logic. However, you probably only want to approve low value amounts of HBAR and token allowances when interacting with non-audited dApps.

What is a brief summary of steps you can take to try to lower risks when using dApps like TOZM?

  1. Use a separate or low-value account for playing TOZM to isolate and minimize risk.
  2. When approving contract calls, always check the Contract ID and the Requested HBAR amount.
  3. Be mindful of contracts that either have allowances to spend from your account or are holding your assets (like NFTs or balances).
  4. Be extra careful whenever approving an allowance, and regularly revoke any unnecessary allowances that could be misused.


Home   FAQ   Discord   X   YouTube   Terms   Privacy   Contact

Disclaimer: TOZM tokens are part of a game created for entertainment purposes and are not intended as an investment. We make no guarantees or warranties and acknowledge that errors may occur, such as sending incorrect token amounts or distributing tokens to the wrong accounts. By participating, you understand and accept that you do so at your own risk. The value of TOZM tokens may become worthless when the game ends, which may occur at any time, for any reason, at our sole discretion, and without prior notice. Please enjoy playing responsibly!