mm-swap-tips.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Connecting MetaMask to dApps & DeFi

Stephanie Sullivan Stephanie Sullivan
Try Tangem secure wallet →

Who this guide is for

This page explains how to connect dApp to MetaMask and how to connect MetaMask to web3 sites. If you use a software wallet on desktop or phone to trade, stake, swap, or interact with DeFi, this is for you. I’ve been using MetaMask daily for months and I’ll share practical steps, real pitfalls, and small fixes I’ve learned the hard way.

Who should look elsewhere? If you prefer cold storage for daily funds or rely exclusively on hardware wallets for signing, parts of this guide (mobile dApp browser tips, WalletConnect flows) won't apply. See the hardware wallet integration and smart-contract wallets / AA pages for other flows.

How MetaMask connects to dApps (overview)

There are three common connection flows you’ll see when a web3 site asks to connect:

  1. Injected provider (browser extension) — the site detects window.ethereum and shows a “Connect” button.
  2. Mobile in-app dApp browser — tap a link on your phone that opens the wallet’s browser and connects directly.
  3. WalletConnect (QR / deep link) — desktop site shows a QR code; you scan it with your mobile wallet.

Each path results in the site gaining permission to request transactions and read your public account addresses. But permissions are not the same as ownership. Always confirm the network (mainnet, L2, or a testnet) before approving.

Try Tangem secure wallet →

Connection prompt screenshot placeholder

Connecting via the browser extension (step-by-step)

This is the injected provider flow many DeFi sites expect. Steps below assume you already have the extension installed (see install extension).

  1. Open the website you want to use.
  2. Click the site’s "Connect" button. The site should call the injected provider (window.ethereum).
  3. MetaMask will show an account selection and a permission request. Choose the account and click Approve.
  4. Check the network in the extension UI. If the dApp expects an L2 or other network, switch networks (or add it) via add custom network.

If the site doesn’t detect the wallet, try a hard refresh or open the extension then the site. Why does this happen? Sometimes the site checks for window.ethereum before the extension is ready.

Mobile: in-app dApp browser vs WalletConnect

Mobile is where most users interact with DeFi. There are two main patterns.

Mobile in-app dApp browser

  • Open the URL inside the wallet’s built-in browser. The wallet injects a provider so the site can call the injected provider API directly.
  • This is fast for repeated use and for dApps that expect an injected provider.

WalletConnect (QR / deep link)

  • Use WalletConnect when the site displays a QR or link. Scan it from the wallet app and approve the session.
  • Good for connecting your phone to a desktop dApp.

And yes, the mobile dApp browser behaves differently from desktop. Some sites assume an injected provider and others prefer WalletConnect, so you’ll often see both options.

See walletconnect guide and connect-walletconnect for more details.

Connection methods compared

Method How it works Best for Security trade-offs
Injected provider (extension) Site sees window.ethereum and requests accounts Desktop users who want fast interactions Easier to click-approve unwanted txs if not careful
Mobile dApp browser Wallet opens website with injected provider Phone-first users who use many dApps Phishing via in-browser redirects is possible
WalletConnect QR or deep link session between site and mobile wallet Desktop site + mobile wallet pairing Session persists until revoked; check connected sites
Hardware wallet (via extension) External signer authorizes transactions Users who combine convenience & security Extra steps to sign each tx (safer, slower)

Developer notes: injected provider & site integration

If you’re a developer trying to connect MetaMask to my website, use the EIP-1193 provider methods. Example (minimal):

// quick example
if (window.ethereum && window.ethereum.isMetaMask) {
  const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' });
  console.log('Connected', accounts[0]);
}

Also handle chain changes and account changes (listen to 'chainChanged' and 'accountsChanged'). If your site depends on a specific chain, detect it and prompt the user to switch (see connect-to-networks and add-custom-network). For libraries, check connect-web3-react and metamask-api-connect.

Common issues and troubleshooting

  • Site does not detect the wallet: refresh, allow the extension to load, or open the extension before the page.
  • “Wrong network” errors: switch the network or add it via the wallet UI (add-custom-network).
  • Transactions stuck: check the nonce and gas settings (EIP-1559 base + priority fees). If one tx is pending, a replacement tx with higher priority fee can clear it.
  • Connection persists after closing site: remove the connection in Settings > Connected sites (extension) or Settings > Connections (mobile).

If a connection button is unresponsive, see connect-button-troubleshoot and troubleshoot-dapp-connections.

Security checklist before approving a dApp

  • Confirm the URL matches the dApp you expect. Phishing sites copy interfaces. Look at the domain.
  • Approve read-only permissions first (if possible) and avoid unlimited token allowances. But be careful: many DeFi flows ask for unlimited approvals to reduce UX friction.
  • Use the Connected Sites list to audit active sessions regularly. Revoke ones you no longer use.
  • Revoke token approvals when you finish using a protocol — learn how on token approvals & revoke.
  • Consider a hardware wallet for larger balances. See connect-ledger for details.

I once approved a malicious contract because I skipped checking the transaction calldata. Don’t repeat my mistake.

FAQ

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for daily DeFi activity. They are not as secure as cold storage. Keep only what you need for day-to-day use in a software wallet and store long-term funds offline.

Q: How do I revoke token approvals? A: Use the wallet’s Connected Sites page to disconnect, and a permission-revoker tool or the protocol UI to revoke token approvals. See token-approvals-revoke for step-by-step guidance.

Q: What happens if I lose my phone? A: If you have your seed phrase (recovery phrase) backed up, you can restore your wallet on a new device. If not, funds tied to that private key are unrecoverable. See backup & recovery for options. And if you didn’t back up, that’s a hard lesson — I learned that early on.

Q: Why won’t the dApp see my wallet on desktop? A: Common causes are blocked extensions, popup blockers, or sites that require HTTPS. Try a refresh, disable blockers, or test in a fresh browser profile.

Conclusion and next steps

Connecting MetaMask to dApps is straightforward once you understand the three main flows: injected provider, mobile dApp browser, and WalletConnect. Each has trade-offs between convenience and security. When you first connect, double-check the site, the requested permissions, and the network.

Want to get started? If you don’t have the extension or mobile app yet, see install extension and install mobile app. Need to create or restore a wallet first? See create or restore wallet. For security best practices, visit security best practices.

If you have a specific connection error, check troubleshoot dApp connections or ask on the developer guides at developer connect.

Ready to connect a dApp? Start small. Approve one read-only permission, test a tiny transaction, and then expand your activity as you gain confidence.

Try Tangem secure wallet →