Alessandro Cara
March 7th, 2022
In the fascinating Web3 world, it is becoming more and more common to be rewarded by projects just for being part of the space, for instance by using an NFT marketplace like OpenSea, or by making transactions on a decentralized exchange (DEX).
While these are being called airdrops, they don’t technically fit the description. Rather than tokens being transferred to eligible wallets, users have to interact with a smart contract, pay the gas fee, and collect their rewards.
The amount of tokens distributed would depend on different factors.
Let’s take as an example the OpenDAO ($SOS) airdrop.
Users were rewarded based on their trading volume on OpenSea (the most popular NFT marketplace) and the total number of transactions. In order to collect their rewards, users were required to visit their official website, connect their ETH wallet, and press collect. This would interact with the smart contract and call the function claim which is shown below (available at Etherscan):
As inviting as this all sounds (who does not like free magic internet money?), this trend opens the door for multiple scams, where users interact with a smart contract and sign a request they might not fully understand.
In order to be secure in the Web3 world, and especially when interacting with a smart contract, the following points should be considered:
As tokens need to be claimed from a smart contract, it is vital to do due diligence and inspect the source code (or wait for some reputable source to inspect it for you), before interacting with it.
Look if the contract is verified – A contract’s code can only be inspected if it is verified. If verified, review the source code or wait for a reputable source to review it. Below is how a verified contract looks like on Etherscan.
mint function – Can the owner mint extra tokens for themselves?
freeze function – Can the owner freeze assets?
self destruct – Can the owner destruct the contract and take away all of the tokens?
Is there enough liquidity to trade the token? – Low liquidity bot war
Check on TokenSniffer.com if the contract is there or has similarities with other malicious contracts.
Is most of the token supply in the hand of one address which is not the smart contract?
Finally, it is always recommended to use a throw-away wallet for interacting with unknown contracts. The throw-away wallet should only contain the required funds to pay for the gas fee and no other tokens.
If you signed a request you should not have with your Web3 wallet on the Ethereum network, and you want to make sure that your tokens are safe, within Etherscan it is possible to view and revoke all approvals given for both ERC20 and ERC721 tokens.
Head over to Etherscan, connect your Web3 wallet and revoke approvals for all the spenders you are unsure about or you do not need anymore. This guide by OpenSea shows the whole process with videos.
Other EVM compatible chains would provide similar services, for instance:
In recent months, the following projects released their own tokens, and some of them have been more successful than others.
This article should not be considered as an endorsement for any of the mentioned projects, as well as not being financial advice. Be safe in this crazy world.