Token Approvals
Last updated
Last updated
An ERC-20 token approval is a method of allowing a smart contract or another address to withdraw funds from the address sending the transaction. In most cases, this has to be done before a token trade or depositing funds into a smart contract like adding liquidity. Most protocols have users approve an infinite amount of tokens so they would never need to approve the asset again, but this can be dangerous.
Once an approval is granted, some smart contracts may be able to execute transactions without further approval or action from the wallet owner. Another method scammers use is having users give a token approval to the scammer's address so the scammer can steal legitimate tokens later.
No. Disconnecting your wallet does not do anything to protect you from allowance exploits - or most other exploits. The only thing that happens when disconnecting your wallet from a website is that that website cannot see your address any more. But your allowances stay active.
No. In general, hardware wallets are much safer than mobile or browser-based wallets because the wallet's keys are securely stored on the device, making it impossible to steal the keys without proper access to the device. But with allowances no one needs to steal your keys to take your tokens. And because of that hardware wallets offer no extra protection against allowance exploits.
We suggest using https://revoke.cash/ which works across all Polkadot EVM networks to revoke token approvals.
v 1.1