I'm an artist, I make pencil arts and Watercolor arts too...
I love football and I am a basketball 🏀 player too... Crypto freak as well 

How does this work? Shouldn't the DEX just do it's normal thing of showing you swap value and then you accept or not? How does a token modify the DEX logic to drain a wallet?

Someone help us understand how a scam airdrop token will drain your wallet https://warpcast.com/cryptocellaris/0x4db2c9f9

> I get airdropped $getRICH and see it in my wallet or a block explorer
> I go to swap via Rainbow or using a DEX like Uniswap or Matcha
> ???
> Drained 💸 ?

to transact with a token, you have to call the approve() function, which lets the token smart contract access your *wallet*, not just that token

then when you go to sign the suggested tx, that smart contract likely has hidden malicious functions 

c1…

connector 🫂 vulnerability is strength 💪 building @unofficial, /design

so you could have two very different functions in functionality but the same exact signature:

transfer (token, receiving address)
…

anything that comes after the ellipses doesn’t affect the signature of that function

most onchain security platforms work through analyzing the smart contract’s function signatures which are a 4 byte hash representing the function’s name and parameters that pass through it

HOWEVER

most do not fully deconstruct the code that’s within a function 

c2