There is a potential risk when a user needs to authorize a DApp the first time they interact with it. If the DApp is subsequently attacked, it can be used to steal the user's assets. When a user makes a transaction in a DApp contract, there is an Authorise button on the DApp's page, and the user must authorize the transaction, which means that the DApp contract has permission to transfer your assets. In the event of a breach in the contract, or if the contract administrator gets greedy, all tokens in the user's authorized wallet will be transferred.

AScoin advises users not to over-authorize when interacting with on-chain protocols, and to regularly de-authorize unused Dapps to avoid losing assets. Therefore, you need to regularly clear out unused dApp permissions or set a limit on the amount of tokens you can transfer.