Claiming a “Send by Link” token happens on a blockchain where pending transactions are publicly visible in the mempool.
If claiming took just one step, an attacker could copy your transaction and outbid you on gas to grab the token first. This is a common risk known as a front-running attack.
To protect against this risk, the claiming process is designed with two steps:
- Commit: The first step is the commit. It marks your address as the token’s only recipient but keeps the important details hidden—so attackers can’t take advantage of them.
- Claim: Once the commit is confirmed, you finish with the “claim.” The contract knows your address is the rightful one and releases the funds only to you—automatically blocking any front-running attacks.
Put simply, the commit step is what keeps you safe. It locks in your right to the funds before you claim them, so they can’t be stolen and end up safely in your account.