Token Approval is the permission you grant a smart contract to use specific tokens in your wallet. Many DeFi and NFT operations require approvals, but if you approve a malicious contract or leave idle approvals unrevoked for too long, your assets could be at risk of theft. Before using on-chain tools, it's recommended to learn the basics on Binance official website, and get the Binance official app. Apple users can refer to the iOS installation guide to manage assets securely.
What Does Token Approval Mean?
When you swap USDT for ETH on Uniswap, the Uniswap contract cannot directly access your USDT — it needs you to "approve" it first. That's what Token Approval does.
The essence of an approval is you telling the blockchain: "I allow this contract address to use up to X amount of a certain token." Common approval types include:
- Limited approval: Only approves a specific amount; you need to re-approve once it's used up
- Unlimited approval: Approves the contract to use your entire balance of that token (most DApps request unlimited approval by default)
- Single NFT approval: Allows the contract to transfer one specific NFT
- Full NFT approval (SetApprovalForAll): Allows the contract to transfer all NFTs from a specific collection
Unlimited approvals are convenient (no need to approve every time) but riskier — if the contract is hacked or is itself malicious, all your tokens of that type could be drained.
How to Check All Approvals in Your Wallet?
There are several tools to check token approvals:
Using Revoke.cash
- Go to revoke.cash
- Connect your wallet or enter your wallet address
- Select the blockchain to check (Ethereum, BSC, Polygon, etc.)
- The page will list all token approval records, including:
- The approved contract address
- Token type approved
- Approved amount (limited/unlimited)
- Approval time
Using Etherscan
- Go to etherscan.io/tokenapprovalchecker
- Enter your wallet address
- Check ERC-20, ERC-721 (NFT), and ERC-1155 approvals separately
Other Tools
- DeBank: Shows high-risk approvals in the wallet overview
- Rabby Wallet: Has built-in approval management features
- Chain explorers: BscScan, PolygonScan, etc. all have similar Approval Checkers
How to Revoke Risky Token Approvals?
Steps to revoke approvals via Revoke.cash:
- Open revoke.cash and connect your wallet
- Review the approval list and identify approvals that need revoking
- Find the target approval and click the "Revoke" button on the right
- MetaMask will pop up a transaction confirmation — click confirm
- Wait for the on-chain transaction to confirm, and the approval is revoked
Revoking an approval requires a small Gas fee — this is a necessary cost for on-chain operations.
Steps to revoke via Etherscan:
- Find the approval to revoke in the Approval Checker
- Click "Revoke"
- Connect your wallet and confirm the transaction
Which Approvals Are High Risk?
The following approvals should be revoked as a priority:
- Unrecognized contract addresses: Contracts you don't remember approving
- Unlimited approvals to non-mainstream protocols: Smaller projects' contracts are more vulnerable to attacks
- DApps you no longer use: Protocols you've stopped using but still have active approvals
- Unlimited approvals for high-value tokens: Unlimited approvals for stablecoins like USDT and USDC carry the highest risk
- SetApprovalForAll: This approval allows the contract to transfer all your NFTs — make sure the approved party is trustworthy
How to Build Good Approval Habits?
Here are measures you can take in daily operations to reduce approval risk:
- Use limited approvals: Only approve the amount needed for each transaction — don't default to unlimited
- Check regularly: Use Revoke.cash to review your approvals weekly or monthly
- Revoke promptly: Revoke approvals immediately after you're done with a DApp
- Separate wallets: Use a dedicated wallet for new projects; only interact with trusted protocols on your main wallet
- Read approval details: When MetaMask pops up an Approve request, carefully review the token and amount being approved
FAQ
Can I Still Use the DApp After Revoking Its Approval?
After revoking an approval, the DApp can no longer use your tokens. You'll need to re-approve next time you use it. This does not affect the assets in your wallet.
How Much Gas Does Revoking an Approval Cost?
Revoking one approval typically costs 30,000-50,000 Gas. At a Gas Price of 30 Gwei, that's approximately 0.001-0.002 ETH. While it costs money, the expense is negligible compared to the risk of asset theft.
What's the Difference Between Token Approval and Wallet Connection?
A wallet connection (Connect Wallet) only lets the DApp read your address and balance — no asset transfers are involved. A token approval (Approve) actually allows the contract to use your assets, making it far riskier.
What's the Difference Between Approve and Permit?
Approve is an on-chain transaction that requires Gas. Permit is an off-chain signature that doesn't require Gas but still grants token usage permissions. Permit is more subtle and can be tricked into signing unknowingly.
I've Never Checked My Approvals — Is It Too Late?
It's not too late. Check immediately using Revoke.cash and revoke all unnecessary approvals. If you find a large number of suspicious approvals, consider transferring your assets to a new wallet.
Security Reminders
- Never approve a contract address you don't trust
- When using centralized platforms like Binance official website, token approvals are not needed — assets are custodied by the platform
- Store high-value assets in a hardware wallet to minimize on-chain interactions
- Install security plugins like Pocket Universe to automatically detect malicious approval requests
- If you discover suspicious approvals, revoke immediately and transfer your assets
- Never sign any transaction or message you don't understand