Your First 90 DaysAcademy
Act III · The Judgment · Week 9 · Checkpoint 18

Security as Judgment

By the end of this you will run four questions before signing anything, treat every signature as a decision instead of a reflex, and size the check to what is at stake.

11 steps~22 min3 nodes for your map
01 · Twenty seconds, two outcomes

Two people met the same wallet popup on the same night. One was tired and clicked approve to make it go away. The wallet emptied within the hour. The other felt the same pull to just get it done, and instead paused for twenty seconds to read what was in front of them. They walked away whole.

Nothing separated them but those seconds. Not skill, not luck, not better tools. In the last checkpoint you learned the predators by name. This one gives you the short routine that turns recognizing danger into reliably not being caught by it.

02 · From patterns to procedure

The catalog of scams is useful, but attackers change costumes faster than any list can keep up. A fixed list of known tricks goes stale. A way of thinking does not.

So borrow the idea pilots live by. They do not trust how they feel about a flight; they run the same short pre-flight check every time, calm or rushed, first flight or thousandth. You are about to learn the four-question pre-flight check you run before you sign anything. The threats will keep changing. The check stays the same.

03 · The four-question pre-flight check

Here is the whole check on one board, the list you will run before any signature for the rest of your time here. It is four plain questions, and their power is that they are boring and fixed. You do not improvise them.

WHAT am I signing. WHO am I interacting with. WORST case if this is malicious. WHY am I being rushed. The next four steps take each one in turn, then you will run all four on a live prompt yourself.

04 · Question one: what am I signing

Start with what is actually in your hand. A signing prompt can be one of three very different things, and they do not feel different at the moment you tap. A transfer moves coins out right now. A message just proves you are you and moves no funds. An approval is the one to slow down for: it grants a contract permission to spend your tokens later, by itself, without asking again.

From the last checkpoint you know the approval drainer lives exactly here. So you read the prompt instead of the button. Wallets preview what a transaction will do, and simulation tools exist that show the outcome before you sign. The point of question one is simple: never sign a thing you cannot name.

05 · Question two: who am I interacting with

Question two refuses to take the other side on faith. The impersonation predator from the last checkpoint wins entirely on looks: a familiar logo, a near-perfect domain, a sponsored ad that sits above the real one. Looks are the cheapest thing in the world to copy.

So you verify instead of trust. Tap each station on the board to see how you confirm who is really on the other end.

0 of 3 checks revealed
06 · Question three: what is the worst case

Question three asks the one thing the prompt never volunteers: if this is a trap, what is the most it can take? A signature is not pass or fail, it is an amount of exposure, and you decide whether that amount is acceptable before you sign.

Picture two prompts wearing the same approve button. One is a small mint for a specific game you chose to use. The other is an unlimited approval over your entire stablecoin balance. The first risks a known, tiny amount. The second hands a contract the right to drain everything, forever, in one tap. Sizing the worst case is what turns approve from a reflex into a decision.

07 · Question four: why am I rushed

Question four is the one that catches you on your worst night. Every predator in the last checkpoint shares one move: they manufacture a clock. Claim in ten minutes. Only the first hundred. The pressure is not part of the offer. The pressure is the attack, designed to push you past the first three questions before you think.

So the rule is short and absolute. Nothing legitimate expires in ten minutes. A real opportunity is still real after you have read what you are signing, checked who you are dealing with, and sized the worst case. If the deadline cannot survive your pre-flight check, the deadline was the trap.

A mint page shows a countdown: 9 minutes left to claim. What does the clock itself tell you?
08 · Approval hygiene, the standing permissions

Question one taught you that an approval grants future spending. This step is what you do about that. When a contract asks for permission, you can grant only the amount you actually need rather than the unlimited default it often requests. A limited approval caps the damage if that contract is ever compromised.

And approvals do not expire on their own. A permission you signed months ago for a site you forgot is still live, still spendable, today. Revoking exists: you can withdraw approvals you no longer use, and doing a sweep now and then is plain hygiene. You would not leave spare keys to your house with every shop you ever visited.

09 · Run the full check

Here is a real-shaped prompt, sitting in front of you with the clock running. A site you reached from a reply in your notifications wants you to connect your wallet and approve unlimited spending of your USDC. A countdown reads under ten minutes.

You are not guessing anymore. You have all four questions: what, who, worst case, why rushed. Run the whole check and say what it tells you to do.

Scenario
A site from a notification link wants unlimited USDC approval, with a sub-ten-minute countdown. What does the pre-flight check tell you?
10 · Where the check scales

It is easy to walk out of here and freeze, running a full investigation before every tiny action until you do nothing at all. That paralysis is its own failure, and it is not what judgment means.

Limit test
A friend says: "After this lesson I am going to block-explorer-verify every single signature, even a coffee-sized mint, every time." Where is he overreaching?
11 · What you carry out

So that is the procedure you keep for good. Before any signature you run four questions: what am I signing, who am I interacting with, what is the worst case if this is malicious, and why am I being rushed. You grant approvals limited to what you need, and you revoke the old ones you have stopped using. The habit stays constant while the depth scales with what is at stake.

You can now protect your own wallet against the people who target it directly. But the money in this space does not only leave through your signatures. Sometimes an entire protocol, audited and trusted, loses everything overnight while every user did nothing wrong.

Which raises the question that opens the next checkpoint: how do protocols actually get hacked, and what can an audit really promise? Next: why protocols get hacked.

your balance2,400
BANK_DBowner: the bank
you2,400
what the app is actually showing you
BANK_DBowner: the bank
you2,400their pen
you hold a claim. they hold the pen.
your digital life
BANK · you2,400the bank ✍
INSTAGRAM · you2.1M followersMeta ✍
STEAM · you134 gamesValve ✍
AIRLINE · you58,200 milesthe airline ✍
four tables. zero pens that are yours.
BANK_DBowner: the bank
you2,400
DENIED
try both pens
PLATFORM_DBowner: the platform
her · 8 years2,000,000 followers
one automated decision away
BANK_DB · you · 2,400intentcompetencecontinuity
your row stands on all three
FTX_DBowner: FTX
you5 BTC
the backing vault●●●●●
the row stayed. the backing did not.
CARD_DBowner: your bank ✍
TV you never bought−1,100
fraud reversal+1,100
someone holds the pen, so someone can fix it
?_DBowner: nobody
youstill yours?
?
can a table exist that nobody owns?
?
?_DBowner: ̶n̶o̶b̶o̶d̶y̶
you100
no owner, no pen, no trust?
keeper 1
you100
keeper 2
you100
keeper 3
you100
keeper 4
you100
keeper 5
you100
no THE copy, only copies.
keeper 2
you100
keeper 3
you100
keeper 4
you100
keeper 5
you100
your copy
you100
five copies. one of them is yours.
one attacker
one attacker, ten thousand faces.
real machinesburned wattsnext page, sealed
writing costs watts. faking voters buys nothing.
cost paid OUTSIDE: hardware and power
proof of work, burn energy to vote.
page 1you · 100page 2you · 100page 3you · 100page 4you · 100
rewrite one line, break every lock after it.
office lunchtrusted keeperconsensusfive keepers, real cost
the price buys trustlessness. the office already has trust.
?
ownerless ledger
you?
a key, not a login?
nobody owns the table. so who owns your row?
signing-judgmentapprovals-hygienethreat-thinking

Three new nodes on your map

signing-judgment · approvals-hygiene · threat-thinking · +10 Lynx