Revoking Token Approvals: How to Secure Your Crypto Assets
![Illustration featuring multiple crypto assets for revoking token approvals](https://assets-global.website-files.com/62dfb77ec1bdcba6bd3a413c/64ba7885ea0a30cccbc04d43_revoking-token-approvals-hero.webp)
On Ethereum, token approvals are permissions given to a smart contract which enable it to move a certain amount of tokens on your behalf. These are also called token allowances. They apply to all token types:
These approvals are common in decentralized applications (dApps), such as decentralized exchanges, lending platforms, or yield farming protocols, where you need to approve a smart contract to use your tokens.
Here’s what that looks like when you use our Chrome extension to simulate transactions:
The same is true when it comes to trading NFTs: You give the smart contract permission to move the NFT to another wallet once it sells.
Token approvals might look scary to beginners, but they’re just a manual version of what you do outside of web3 as well: If you give your money to a bank, you’re giving them approval to lend your money out to others or to invest it and earn a return.
While banks bury these things in terms of service nobody reads, crypto makes this more transparent by giving those approvals manually.
But while you can’t revoke that access for a bank (except by closing your bank account), you can always revoke ERC-20 token approvals.
If you trust someone with the keys to your house and they abuse that trust, you’d take the keys back from them. The same is true in crypto with token approvals. There are various reasons you should consider revoking token approvals in situations:
Note: Many wallets make it hard to spot if you’re giving a token approval based on the wallet transaction pop-up. That’s why we created Fire - a free Chrome Extension that simulates all transactions and tells you exactly what’s leaving your wallet and what approvals you’re giving—before you sign the transaction. Install today and never sign something you don’t understand!
Found a token approval you want to remove? Here’s how:
In Coinbase Wallet, revoking token approvals involves interacting with the smart contract of the token:
And that’s it! Your tokens will never be accessed by that smart contract again!
Some wallets enable you to revoke token approvals right from within the wallet (specifically, smart contract wallets based on ERC-4337). So far, MetaMask doesn’t have a built-in feature to revoke token allowances.That’s why you need an external dApps to revoke approvals. The two most popular are revoke.cash and Etherscan.
Both support any Ethereum wallet that you connect to dApps with.
Revoke.cash is a simple popular tool to revoke token approvals. It supports almost all EVM wallets, including MetaMask, Rainbow and others:
Etherscan is a block explorer that gives you all the details on a transaction. While its blockchain data can be complicated, revoking a token allowance isn’t:
Here’s what a Fire transaction simulation of revoking token approvals looks like:
While all of that’s easy enough when it’s one token on one smart contract, it gets laborious if you need to revoke many tokens. This is not just inconvenient: It can also be crucial to your safety:
Let’s say a smart contract which has multiple approvals gets exploited. The more time scammers have to move your assets, the more they can take. But if you could revoke all token approvals at once, you’re much more likely to stay safe, even when that worst case scenario actually happens. That might be reality soon:
One of the most revolutionary concepts in web3 is account abstraction. The innovation is based on ERC-4337 and gives wallets the powers of smart contracts. Among other things, this means wallets can do more things autonomously you previously had to do manually. One of those is revoking all token approvals.
Account abstraction wallets can execute multiple transactions in one click. That means they could:
While it’s an annoying topic, the importance of revoking token approvals should not be underestimated. By understanding what token approvals are, being aware of the instances in which they should be revoked, and knowing how to do so across different platforms, users can ensure the security of their assets.
Thankfully, advancements like account abstraction in web3 technologies are making this process simpler and safer.
As we continue to navigate and evolve in the crypto space, staying abreast of these developments is crucial. Keep a vigilant eye on your token approvals, exercise prudence, and leverage new technologies to safeguard your digital assets.