Must someone send their ADA/tokens to a smart contract address in order for the ADA/tokens to be used in the contract OR, for example with Nami wallet connected on a web page, is it possible for a user to allow some code to execute via some website button which automatically spends some of the UTxOs in their wallet? The latter can be if and only if the user accepts some terms and conditions.

No, if you dont sign the transaction nobody can spend any of the UTXO in your adress... if the Nami wallet ask you to do it and you trust the page and sign some tx done by a bad behaved the web-app yes.. they can make spend your UTXOs.

So you should only interact with recognized decentralized web-apps :) .


I don't know the exact technical details of this question because I have just started studying Cardano blockchain development but what I can say is this:

Let's say in this situation, someone has a hardware wallet. We know the private keys never leave the hardware wallet and every transaction using your wallet requires physical interaction by you, the user. (I assume this should hold true for Daedalus and Yoroi wallets) With that said, you would have to do the same in this case. Therefore you could not just allow a smart contract to make, sign and send transactions from your wallet without approving all transactions. I.e., for the hardware wallet, physically reviewing the transaction on the wallet and approving it.

So I would assume from this that transferring money to the smart contract wallet would be how this works.

Anyone, if I am missing anything with this, please correct me.


I think you're asking two separate questions here:

  1. Must someone send their ADA/tokens to a smart contract address in order for the ADA/tokens to be used in the contract
  2. Is it possible for a user to allow some code to execute via some website button which automatically spends some of the UTxOs in their wallet

For the first, it's probably useful to discuss how smart contracts on Cardano work. Unlike other blockchains where the smart contract takes on an active role directing calls to various interfaces. Smart contracts on Cardano (otherwise known as validators) have a much more limited role. On Cardano, smart contracts answer the yes or no question, Can these assets be spent in this way?

Because the validator (smart contract) is only checked when the assets are spent, the answer is yes, tokens must first be sent to the smart contract address BEFORE the smart contract does any work.

As for the second question, it's easy enough for a website to direct Nami to send funds to any address you specify. This can be done without a smart contract and will still prompt the user to confirm and sign the transaction.

