PlainCoin
Nº 09 Field notes

I connected my wallet and hoped that was enough.

dApps looked like normal websites until I learned what actually happens when you click "Connect wallet" — and what still can't touch your money.

Field notes · concepts
The short version
  • A dApp is an app whose core logic runs on a blockchain via smart contracts, not on a company's private server.
  • The frontend can be hosted anywhere (even a CDN); decentralization refers to the contract layer and who controls upgrades.
  • Connecting your wallet lets the dApp propose transactions — you still approve each one in your wallet.
  • Not your keys, not your coins: the dApp never holds your funds unless you deposit into its contracts.

Prefer the straight guide? Read the guide →

The first dApp I used looked like any fintech site: clean fonts, a chart, a big green button. I connected MetaMask because the tutorial said to. I did not understand that I had just given a stranger’s JavaScript the ability to ask my wallet to move money — not take it, but ask, repeatedly, until I clicked yes on something stupid.

01

Website in the front, contracts in the back

A dApp splits in two. The pretty interface lives on a normal web server. The rules that hold funds live in smart contracts on-chain. Uniswap’s website could disappear tomorrow; the contracts would still run if someone else built a new front door.

That split clarified a lot. “Decentralized” doesn’t mean the homepage is hosted on magic internet dust. It means the money logic isn’t solely on one company’s database.

02

Connect wallet ≠ hand over keys

Connecting shares your public address and opens a communication channel. Every swap, deposit, or approval is a separate transaction you sign. The dApp proposes; your wallet disposes.

Where I got burned in spirit (not yet in wallet): token approvals. Some interfaces ask for unlimited permission to spend a token so you don’t confirm every time. Convenient. Also how people lose everything when they approved a malicious contract six months ago and forgot.

The scariest dApp is a perfect copy of a real one with one character different in the URL.

03

Decentralized is a spectrum

Some protocols have admin keys. Some can be upgraded by a multisig. Some have been running unchanged for years. “It’s a dApp” tells you where the logic lives — not whether you should trust it with rent money.

I bookmark official links. I verify contract addresses against docs. I revoke approvals I don’t use. Boring habits. Less boring than explaining to yourself why you clicked “unlimited.”

⚑ One honest flag

Connecting a wallet to a phishing site doesn’t drain you instantly — but one careless signature can. Read the transaction preview like it’s a bank transfer. Because it is.

dApps stopped feeling like a different species once I separated the website from the contracts. The website is marketing. The contract is the law.

If this cleared something up, you can buy me a coffee.

Buy me a coffee Set your handle in src/components/TipJar.astro
← All field notes