In the fascinating Web3 world, it is becoming more and more common to be rewarded by projects just for being part of the space, for instance by using an NFT marketplace like OpenSea, or by making transactions on a decentralized exchange (DEX).

While these are being called airdrops, they don’t technically fit the description. Rather than tokens being transferred to eligible wallets, users have to interact with a smart contract, pay the gas fee, and collect their rewards.

The amount of tokens distributed would depend on different factors.

Example: OpenDAO ($SOS) Airdrop 

Let’s take as an example the OpenDAO ($SOS) airdrop.

Users were rewarded based on their trading volume on OpenSea (the most popular NFT marketplace) and the total number of transactions. In order to collect their rewards, users were required to visit their official website, connect their ETH wallet, and press collect. This would interact with the smart contract and call the function claim which is shown below (available at Etherscan):

As inviting as this all sounds (who does not like free magic internet money?), this trend opens the door for multiple scams, where users interact with a smart contract and sign a request they might not fully understand.

Web3 Safety Concerns

​In order to be secure in the Web3 world, and especially when interacting with a smart contract, the following points should be considered:

Inspect the source code

As tokens need to be claimed from a smart contract, it is vital to do due diligence and inspect the source code (or wait for some reputable source to inspect it for you), before interacting with it.

Look if the contract is verified – A contract’s code can only be inspected if it is verified. If verified, review the source code or wait for a reputable source to review it. Below is how a verified contract looks like on Etherscan.

Check for suspicious functions

mint function – Can the owner mint extra tokens for themselves?

freeze function – Can the owner freeze assets?

self destruct – Can the owner destruct the contract and take away all of the tokens?

Check the liquidity in the liquidity pool

Is there enough liquidity to trade the token? – Low liquidity bot war 

Check Token Sniffer

Check on TokenSniffer.com if the contract is there or has similarities with other malicious contracts.

Check the Token Supply

Is most of the token supply in the hand of one address which is not the smart contract?

Use a Throw-Away Wallet

Finally, it is always recommended to use a throw-away wallet for interacting with unknown contracts. The throw-away wallet should only contain the required funds to pay for the gas fee and no other tokens.

You signed an unknown request on your Web3 wallet. Now what?

If you signed a request you should not have with your Web3 wallet on the Ethereum network, and you want to make sure that your tokens are safe, within Etherscan it is possible to view and revoke all approvals given for both ERC20 and ERC721 tokens.

Head over to Etherscan, connect your Web3 wallet and revoke approvals for all the spenders you are unsure about or you do not need anymore. This guide by OpenSea shows the whole process with videos.

Other EVM compatible chains would provide similar services, for instance:

Examples

In recent months, the following projects released their own tokens, and some of them have been more successful than others.

  • $SOS – https://www.gasdao.org/
  • $YEAR – This project eventually “rugged” and their Twitter account was deleted. Holders who claimed the token only lost the GAS fee if they didn’t sell the tokens on time
  • $LOOKS – https://looksrare.org/
  • $GAS – https://www.gasdao.org/
  • $DAPPRadar – https://dappradar.com/

Links for further reading:

Disclaimer

This article should not be considered as an endorsement for any of the mentioned projects, as well as not being financial advice. Be safe in this crazy world.

Alessandro Cara
03.07.2022