How to revoke smart contract allowances/token approvals

Note: smart contract allowances differ from simply connecting your wallet to a dApp. For information on disconnecting your wallet from dapps, see the article: Disconnect wallet from a dApp

 

Smart contract/token allowances also referred to as approvals, involve you allowing dapps to access and move tokens in your wallet on your behalf. For example, when you use a DEX (decentralized exchange), you’ll need to sign an approval that allows its smart contract to take tokens to complete your requested trades. While this sounds inherently risky, remember that giving dapps at least some allowance is always necessary. If you want to use Web3, you won’t be able to avoid them.

 

1.Revoking approvals vs. disconnecting apps: what’s the difference?

 

It’s easy to confuse these two processes, but they are fundamentally different:

• Disconnecting your wallet from a dApp involves canceling permission to see your public address and your token balances and, depending on what you initially consented to, stopping it from initiating transactions (although not executing them) and viewing past activity. See our article for more info.
• Revoking an approval/allowance means a dApp can no longer access the contents of your wallet and move them around.

 

2.How do I revoke approvals?

 

The good news is there are several ways to keep track of your existing approvals and easily revoke them:

 

Head to the ‘approval checker’ section of the block explorer for the network you’re using. For example, Etherscan, BscScan, and Polygonscan all have a token approval checker function.

 

Etherscan: https://etherscan.io/tokenapprovalchecker

BscScan: https://bscscan.com/tokenapprovalchecker

Polygonscan: https://polygonscan.com/tokenapprovalchecker

 

Use a platform such as:

Revoke (Ethereum mainnet): https://revoke.cash/

Unrekt (multiple networks): https://app.unrekt.net/

approved.zone (Ethereum mainnet): https://approved.zone/

Cointool (multiple networks): https://cointool.app/approve/eth

beefy.finance (BSC/BNB Smart Chain): https://allowance.beefy.finance/

 

3.Gas fees

 

Since token approvals are conducted on-chain, revoking the approval must also be on-chain. This means you need to pay gas fees for each revocation.

 

Look, we know how it is: there’s always a new dApp to try. The only problem is that this can quickly rack up a long list of token allowances, potentially making you vulnerable to hackers or scams. This is why it’s a good idea to check your token approvals habitually–e.g., monthly–and weeding out any you’re unhappy with.

 

Unfortunately, token approvals are a common attack vector for hackers and scammers: the former can sometimes locate and exploit vulnerabilities in a smart contract’s code. This is because token approvals often request unlimited access to your tokens. If a hacker or fraudulent smart contract owner can leverage this, they can theoretically drain your wallet of the tokens you’ve allowed access to.