Your wallet assets are always under your control. A DApp or smart contract can only access them if you explicitly allow it. That’s why you’re asked to “approve” a transaction whenever permission is needed.
Approving a transaction means creating a rule for the DApp’s contract—defining which token it can use and how much it’s authorized to spend.
This process is a core security feature of Web3. It ensures you stay in full control, with your assets only used within the exact limits you’ve approved.