I am talking about security of login and private keys. I am undecided between coinbase wallet and torus wallet. I have some questions: when you log into Aave with coinbase, when you interact with Aave then are your funds at the mercy of the aave smart contract? Let’s assume you use it for borrowing, funds sit there..then what? Let’s assume you interact with aave with a coinbase wallet and someone has your login to your coinbase account
pretty sure coinbase wallet has a private key like any other wallet and isn’t directly connected to your coinbase exchange account in the way you’re referring.
When you interact with Aave you will have to do an approval transaction before doing the real transaction. This grants the aave smart contract permission to spend your funds. If you are worried you can revoke the approval at any time using something like [Zapper](https://zapper.fi/revoke) or [etherscan](https://etherscan.io/tokenapprovalchecker)
All wallets should be equally secure as long as they don’t expose your private keys (which they won’t). It’s moreso about the UX you prefer.
If youre worried about security, get a hardware wallet.
First things first, no1 access your wallet unless your computer is compromised or you give away your seed.
​
Second, you don’t “log in” to aave. You access smart contracts deployed by Aave to the blockchain. Aave can’t just do as they please. They have the code of law through smart contracts. The code is there for you to use. Give them max uint256 approval on your ERC20 and they can’t do anything, it won’t matter. Why? because it’s coded that one. Only the msg.sender (sender of data) can do anything. The only possible issue is the contracts are upgradeable, but only upgradeable through governance so if the founder went rouge, they couldn’t upgrade the contracts to manually transfer funds from anyone who has approvals and hasn’t acted on them yet.
​
The best advice i can give is, if you have free time, learn how to code so you can undersatnd the contracts. Really, though. Defi is not production ready so understanding the code gives you an edge of not requiring blind trust.
​
**Security**
Create a defi profile on chrome that you only have metamask installed on. Click your chrome logo top right corner, make a new profile. Open that browser and install metamask. Only use it from there.
Don’t click on random emails, don’t trust DMers, giveaways aren’t real, airdrops don’t exist on Twitter (for the most part).
​
Personally, I have a metamask profile. The one i use social media, email, etc. is separate.
​
Storing your data is another thing and depends on secure you want to be. Creating a cipher and storing the data offline, usb, paper, and metal, lol, but really.
Metamask goes with anything; Aave, DAFI Protocol, 1Inch, Tetu, whatever DeFi. And if you want to take it a step further in security, sync your ledger with it. Perfect.
The only way to actually answer your question would be to ask if you are referring to the self-custodial coinbase wallet or if you are referring to the in-exchange app Dapp wallet.
The self-custodial wallet has all the security of a standard web3 wallet like MetaMask, Brave, or any of the others with your seed phrase.
The Dapp wallet which can be accessed through the coinbase app on your phone and I believe it is also accessible through the website. With this Dapp wallet, Coinbase stores half your seed phrase while you store the other half. From what I have researched.
Personally, I would say the separate Coinbase wallet which is its own thing separate from the exchange app and the website would be safer. I use it for my transactions with Aave and many other web3 Defi projects.
All that being said though if you are looking for the safest way to interact with web3 sites I would suggest getting some form of hardware wallet.
Short answer -> Ledger, Trezor etc.. Non custodial, keys never touch the net.
Why not MetaMask, it’s the most common wallet by far for EVM based smart contract platforms (which every chain you can use on AAVE is).
By far the biggest risk to your private keys isn’t in the choice of wallet, it’s in you doing something daft like saving it in plaintext on your computer, emailing it to yourself, or entering into a dodgy website.
When you interact with AAVE or any other smart contract you will need to give it permission to use the asset you’re wanting to deposit/swap/whatever. You don’t have to accept the default unlimited request though and can (in MetaMask at least, but probably most wallets) edit the approval before you sign it. If you have 100 DAI and want to use 20 DAI in a particular DeFi platform, the contract will ask for approval to use all your DAI, but you can change it to just use 21. It also won’t be able to use any of your other tokens, so even if the smart contract goes evil, it won’t be able to steal your WETH or whatever else you haven’t approved.
As for logins, I don’t know because I don’t use Coinbase wallet, but I didn’t think it uses your account, does it?