How safe is granting approval to namewrapper?

Hey guys,

When I click setApprovalForAll on the ENS namewrapper or resolver, what exact permissions am I giving and how safe is it? Is there any way for an attacker to get access to domains on a registrar which has been approved by the namewrapper?

Also, when I setApprovalForAll, does the registrar actually have access to the 2LD or just to the subdomains?


If you call setApprovalForAll on the Name Wrapper, then you are giving full access to all wrapped names that you own, to whatever account/contract.

This is something that marketplace sites often do, for example. If you do that, it’s best to have a separate account specifically for selling/trading, and then transfer only the NFTs you plan on listing to that account. Then only approve the marketplace contract from that separate account.

So let’s say I call setApprovalForAll with my custom registrar as the address, that would me I am giving the namewrapper access to all the domains which I setup on the registrar by calling setupDomain right?

If this is the case, then how exactly does the wrapper have access to the wrapped names, since I never ‘transfer’ the domains to the registrar in the first place?

Also, what exactly do you mean by account? I assume you mean wallet.

It’s just standard token approval workflow that you find on any erc721 / 1155. The contract stores a mapping of owners => approved addresses.

Metamask SetApprovalForAll Info

Any logic for authenticating transfers, burning fuses etc. needs to be done in the contract that has been given approval or the tokens would be at risk of being stolen or irreversibly changed.

1 Like