# Token Approvals

#### What is an ERC-20 token approval?

An ERC-20 token approval is a method of allowing a smart contract or another address to withdraw funds from the address sending the transaction. In many cases, this is done before executing a smart contract like a swap or adding liquidity. Most protocols have users approve an infinite amount of tokens so they would never need to approve the asset again, but this can be risky.

#### Talisman token spend settings

Talisman sets token approvals to the exact amount held in the wallet by default, rather than granting an unlimited allowance as many platforms do. This reduces exposure to unauthorized or excessive token spending.

An example of how Talisman displays a token spend approval:

<div align="left"><figure><img src="/files/dpjDOctSJxm8FWBxZW3u" alt="" width="375"><figcaption></figcaption></figure></div>

#### How can an unlimited ERC-20 token approval be risky?

After a token approval is granted, certain smart contracts can execute transfers up to the approved amount without any further interaction from the wallet owner. If that contract is later compromised or behaves maliciously, the wallet’s approved tokens remain exposed to unauthorized transfers.  For this reason, token approvals should be limited to the minimum necessary amount and revoked once they are no longer needed. This reduces the window in which a compromised or malicious contract could access approved funds.

#### What happens to my token approvals when I  "disconnect" my wallet?

Disconnecting your wallet from a website does not affect existing token approvals or provide protection against allowance exploits. Disconnecting only prevents that site from viewing your wallet address or requesting new interactions. Any allowances you previously granted to smart contracts remain active until they are reduced or revoked on-chain.

#### How does this work with hardware wallets?

Hardware wallets significantly improve security by keeping your private keys isolated on a dedicated device. This prevents attackers from extracting your keys even if your computer or browser is compromised.

However, token allowances operate differently from key custody. Once you grant a smart contract permission to spend tokens, it can transfer up to the approved amount without further signatures from your wallet. Because of this, hardware wallets do not provide additional protection against misuse of existing allowances.

The most effective protection remains the same: approve only the amount you need and revoke allowances when they are no longer required.

#### How can I revoke token approvals?

You can use a dapp like  <https://revoke.cash/> which works across all Substrate (Polkadot, Bittensor) and Ethereum Network to revoke token approvals. Please verify that you are on a secure dapp when interacting with it.&#x20;

#### How to set a custom spending limit in Talisman?

By default, many protocols request an unlimited token approval. This allows the smart contract to spend any amount of the selected token from your wallet until the approval is revoked.

Instead of approving an unlimited amount, you can manually set a custom spending limit before confirming the transaction.

1. When a dapp requests a token approval, Talisman will display the following transaction screen. Click the icon outlined in red to edit the spending limit.

<div align="left"><figure><img src="/files/UxLLcAwdQjsovvwBkrf6" alt="" width="375"><figcaption></figcaption></figure></div>

2. Enter a custom limit and select “Set Limit”.

Note: In the spending limit field, enter the maximum amount of tokens you want the contract to be able to spend. For example:

* Enter the exact amount required for the transaction
* Or enter a slightly higher amount if you expect multiple interactions

<div align="left"><figure><img src="/files/doiTjw1CluCsRJlvsDM1" alt="" width="375"><figcaption></figcaption></figure></div>

v 3.1.16


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.talisman.xyz/talisman/wallet-features/using-talisman-with-a-website-dapp/token-approvals.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.