For quest 4, you will be learning how to secure your assets and revoke approvals with the help of https://revoke.cash/ .
For ERC20/ERC1155/ERC721 tokens, ONLY the owner of the token is able to transfer them directly. However, smart contracts (such as marketplaces) need to be able to move tokens on behalf of users. For example, if you list an NFT on a marketplace and someone successfully buys it, the marketplace needs to be able to transfer the token from your wallet into the buyers wallet.
This is where approvals come in. Owners of tokens can give approvals to smart contracts and other wallets to move tokens on their behalf. Traditionally, users would give marketplaces approval to move all of their tokens on their behalf for a given collection. This allows token owners to list any tokens they want of a collection and allows the marketplace to seamlessly fulfill sales.
Without approvals, you would either need to send your token to the marketplace or manually transfer your token on every sale, not very ideal. Approvals are a crucial mechanism for tokens and smart contracts.
NOTE: Approvals are per collection, meaning you give approvals to smart contracts or wallets PER collection. So if you give approval to a smart contract to move tokens on your behalf for collection A, the contract cannot move tokens from contract B.
While approvals are great, they are also risky. Imagine you give an approval to a marketplace and it gets hacked. The hacker now can move all your tokens (that you gave approval for) into their own wallet.
So, it’s good security practice to remove approvals from applications and smart contracts that you haven’t used in a while. Thus, even if an application were to get hacked, your assets for given collections would be safe.
**Revoke.cash** is a product that shows ALL the approvals you have given to applications and smart contracts. It surfaces them in an easy to use UI where you can monitor your approvals and revoke them.