Token Approvals

One of the modus operandi for phishing involves the hacker actually receiving a wallet address owner's approval to spend their tokens. Once approval is received, drying of funds ensues.

If you are an avid user of decentralized exchanges (DEX) or are a degen, then clicking Confirm on a pop-up such as the above may well be a routine for you right now. Utilizing a DEX or partaking in a yield farming pool involves interacting with a smart contract that does most of the work behind-the-scenes for you.

But before a DEX or a yield farming pool is able to do anything, it first needs access to your funds. Hence, the above pop-up. After allowing the smart contract access to your funds, only then can it work its magic of moving your tokens around to execute a trade, stake tokens in a 1000% APY pool or exchange a cool shiny NFT for a cute wiggly one.

In an ideal world, there should be no repercussions from this simple act. But we know the world is far from ideal. When allowing these smart contracts access to your funds, by default, they are allowed to spend an unlimited amount of a token from your wallet address. There is then a possibility that they will in return be able to withdraw any amount of tokens from your wallet at any time they want without you knowing it.

That is exactly what some ill-intentioned projects have done when given the trust - with one case reporting a loss of $140,000 worth of a token due to this exploit.

This is where our tool comes in.

Token Approval Tool Overview

  1. Connect to Web3: Click on this to connect to your MetaMask, WalletConnect, or Coinbase Wallet. Do take note that only the address owner is allowed to revoke the connected smart contracts.
  2. Amount & NFT(s) at Risk: This shows the total value & NFT(s) in the address that is at risk due to the token approvals granted to smart contracts.
  3. Token Standards: Navigate between different token standards to view the token approvals granted to smart contracts for a particular token standard. The token standards include ERC-20, ERC-721, and ERC-1155.
  4. Total Token Approvals Found: This shows the summary total of token approvals granted to smart contracts.
  5. Show All Approvals: Toggle off to view the token approvals granted for all tokens currently held at the address. Toggle on to view all previously granted token approvals, irrespective of whether the tokens are currently held at the address.
  6. Filter By: Use this to easily filter for all the token approvals granted for a particular asset.
  7. Txn Hash: This shows the transaction that has granted the token approval for the asset.
  8. Last Updated (UTC): This shows the date and time the token approval was granted. Can be toggled with Age to show how long ago the token approval was granted.
  9. Assets: This shows the asset that has token approval granted by the address.
  10. Approved Spender: This shows the smart contract that was granted the token approval.
  11. Original Allowance: This shows the initial amount of tokens the Approved Spender is allowed to spend on behalf of the address.
  12. Revoke: Click on this button to revoke the approval of the intended smart contract. Every connected smart contract will have their own 'Revoke' button. Thus, only revoke the approval of the smart contract(s) that you wish to disconnect.

Upon clicking on the Revoke button, you will be able to view the current allowance of a particular asset (as shown below):

  1. Current Allowance: The current amount of tokens that are allowed to be spent by the Approved Spender. For example, the owner may approve an initial amount of 100,000 tokens, and the Approved Spender subsequently spends 95,000 tokens, leaving only 5,000 tokens that are allowed to be spent by the Approved Spender.

With our Token Approval tool, you have a clear view of all the smart contracts and corresponding tokens you have allowed to spend on your behalf. Should you notice any suspicious contracts allowed to spend staggering amounts of tokens or want to 'spring clean' your approvals, you can easily revoke their approval or decrease the approved amounts.

Using this tool is devoid of hassle and only requires you to connect to your Web3 wallet to revoke or edit approvals. If you'd just like a quick glance at an address's approvals, just insert the address or ENS name into the search bar and press enter!

How to use the Token Approval tool

  1. Open the Token Approval page.
  2. Enter your address into the search bar and click the search button.
  3. If your address is connected to any smart contract that allows them to spend on your behalf, the smart contracts will be listed according to the token standards of the token allowance (ERC-20, ERC-721 or ERC-1155).
  4. Click on the 'Connect to Web3' button to connect your wallet. Do take note that only the address owner is allowed to revoke the connected smart contracts.
  5. Once connected, click the 'Revoke' button to revoke the approval of the intended smart contract. Every connected smart contract will have their own 'Revoke' button. Thus, only revoke the approval of the smart contract(s) that you wish to disconnect.

With this feature rolled out, we hope the community can keep better track of token approvals and collectively reduce our funds lost to phishing!

Raja Amir
Raja Amir
Last updated:

Related Articles

Address Poisoning Attacks
ENS Text Records
Inscriptions on EVM Chains
Discontinuation of a Block Explorer
Proxy Contracts
Featured Listing

Still Have Questions?

Contact Us

Our support team's ready for your questions, anytime.

Priority Support

A Paid Service for priority handling of your needs and queries.

Developer Docs

In-depth explanations on technical issues faced by developers.