What is an ERC-20 token approval?

An ERC-20 token approval is a method of allowing a smart contract or another address to withdraw funds from the address sending the transaction. In most cases, this has to be done before a token trade or depositing funds into a smart contract like adding liquidity. Most protocols have users approve an infinite amount of tokens so they would never need to approve the asset again, but this can be dangerous.

How can an ERC-20 token approval compromise my wallet?

Once an approval is granted, some smart contracts may be able to execute transactions without further approval or action from the wallet owner. Another method scammers use is having users give a token approval to the scammer's address so the scammer can steal legitimate tokens later.

Is it enough to "disconnect" my wallet instead of revoking allowances?

No. Disconnecting your wallet does not do anything to protect you from allowance exploits - or most other exploits. The only thing that happens when disconnecting your wallet from a website is that that website cannot see your address any more. But your allowances stay active.

Can hardware wallets save me from allowance exploits?

No. In general, hardware wallets are much safer than mobile or browser-based wallets because the wallet's keys are securely stored on the device, making it impossible to steal the keys without proper access to the device. But with allowances no one needs to steal your keys to take your tokens. And because of that hardware wallets offer no extra protection against allowance exploits.

How can I revoke these token approvals if my wallet has been compromised?

We suggest using https://revoke.cash/ which works across all Polkadot EVM networks to revoke token approvals.

v 1.1