All in blog

Understanding Token Approvals


Dec 6, 2023

Interacting in Web3, you will come across different signature requests. For example, when connecting your wallet to a dApp or confirming transactions. Granting token approvals is one of the common requests too, having its own hidden hazards. So, what do you need to keep in mind?

Unibot, that Telegram crypto trading bot, just lost a whopping $560 thousand to a token approval exploit. This accident is a reminder for us all to take a second look at what we're approving, don't you think?

So, if you want to refresh your understanding of token approvals or hear about them for the first time, you came across our article just in time.

What is a token approval?

What is a token approval.jpg

Picture this: You're on OpenSea, looking to sell a few of your NFTs. When you put them up for sale, a message pops up asking you to permit the platform to handle the NFTs for you.

This is a token approval request. When you grant it, dApps like NFT marketplaces and decentralized exchanges can access and manage your tokens on your behalf: perform token swaps, sell NFTs, add liquidity to pools, and more. This process is integral to the functionality of these platforms, as it allows for seamless execution of transactions.

However, handing over these token management rights can leave your assets vulnerable to potential scams. That's why it's really important to be careful about the type and amount of tokens you give your approvals to. This way, you will ensure that the dApp can't use more tokens than is allowed.

If you decide you no longer want the dApp to have access to your tokens, you can revoke your token approvals.

Token approvals safety practices

Token approvals safety practices.jpg

If you plan to actively trade in Web3, granting token approvals is inevitable. In contrast, running into problems with these approvals is totally preventable.Just stick to these safety practices:

Limit approval amounts — never grant unlimited access to your tokens, only approve the amount necessary for the transaction. This minimizes potential losses if the dApp is compromised or malicious.

Make regular reviews — make it a habit to regularly check your token approvals, revoking any that you don't need anymore.

Use trusted dApps only — never grant token approvals to platforms that you do not trust 100%. Otherwise, you could end up discovering that your wallet misses all of the approved tokens. Or even worse, if the approval request you signed contained malicious logic.

Stay informed and quick — keep up-to-date with news and updates about the dApps you use. By doing so, if there's a security breach or vulnerability, you'll be able to act fast and revoke your approvals before scammers can get your tokens.

Beware of phishing attempts — be cautious of phishing links and messages asking for your token approvals. Always double-check URLs and the authenticity of the dApp.

Pay attention to W3A reports — any time you get an approval signature request, the Web3 Antivirus extension will check the address you interact with for any signs of suspicious activity. You will see a warning if it spots anything fishy.

How does Web3 Antivirus help manage token approvals?

How does Web3 Antivirus help manage token approvals.jpg

You can effortlessly manage your token approvals and get safety recommendations right in the Web3 Antivirus Dashboard.

The Dashboard lays out all the approvals you've given to various dApps, detailing the token type, the amount approved, its USD value, and the approved spender. W3A estimates how risky each approval is and advises whether it's safe to leave it be or safer to just revoke it.

And the best part? You can revoke approvals directly in the Dashboard, no extra software is needed.

What does the process look like? A few simple steps:

  1. You click a “Revoke” button next to the token approval.
  2. The Dashboard prompts you to connect your wallet.
  3. The Dashboard generates a revoke approval transaction between your wallet and the platform you gave the approval.
  4. You sign the request.
  5. Your token approval is revoked.

Latest articles

Subscribe to our newsletter

Be the first to know about new threats, features & updates

🎉 You’re in! Thank you for subscribing. 🎉

No spam
No commitment
Opt out anytime