Token Approvals

What is an ERC-20 token approval?

An ERC-20 token approval is a method of allowing a smart contract or another address to withdraw funds from the address sending the transaction. In many cases, this is done before executing a smart contract like a swap or adding liquidity. Most protocols have users approve an infinite amount of tokens so they would never need to approve the asset again, but this can be risky.

Talisman token spend settings

Talisman sets token approvals to the exact amount held in the wallet by default, rather than granting an unlimited allowance as many platforms do. This reduces exposure to unauthorized or excessive token spending.

An example of how Talisman displays a token spend approval:

How can an unlimited ERC-20 token approval be risky?

After a token approval is granted, certain smart contracts can execute transfers up to the approved amount without any further interaction from the wallet owner. If that contract is later compromised or behaves maliciously, the wallet’s approved tokens remain exposed to unauthorized transfers. For this reason, token approvals should be limited to the minimum necessary amount and revoked once they are no longer needed. This reduces the window in which a compromised or malicious contract could access approved funds.

What happens to my token approvals when I "disconnect" my wallet?

Disconnecting your wallet from a website does not affect existing token approvals or provide protection against allowance exploits. Disconnecting only prevents that site from viewing your wallet address or requesting new interactions. Any allowances you previously granted to smart contracts remain active until they are reduced or revoked on-chain.

How does this work with hardware wallets?

Hardware wallets significantly improve security by keeping your private keys isolated on a dedicated device. This prevents attackers from extracting your keys even if your computer or browser is compromised.

However, token allowances operate differently from key custody. Once you grant a smart contract permission to spend tokens, it can transfer up to the approved amount without further signatures from your wallet. Because of this, hardware wallets do not provide additional protection against misuse of existing allowances.

The most effective protection remains the same: approve only the amount you need and revoke allowances when they are no longer required.

How can I revoke token approvals?

You can use a dapp like https://revoke.cash/ which works across all Substrate (Polkadot, Bittensor) and Ethereum Network to revoke token approvals. Please verify that you are on a secure dapp when interacting with it.

How to set a custom spending limit in Talisman?

By default, many protocols request an unlimited token approval. This allows the smart contract to spend any amount of the selected token from your wallet until the approval is revoked.

Instead of approving an unlimited amount, you can manually set a custom spending limit before confirming the transaction.

1. When a dapp requests a token approval, Talisman will display the following transaction screen. Click the icon outlined in red to edit the spending limit.

1. Enter a custom limit and select “Set Limit”.

Note: In the spending limit field, enter the maximum amount of tokens you want the contract to be able to spend. For example:

• Enter the exact amount required for the transaction

• Or enter a slightly higher amount if you expect multiple interactions

v 3.1.16