Dapp permissions and token approvals

Since token approval requests usually ask for unlimited access to your token balance, if there is a security vulnerability, all of the assets in your wallet could be exposed. Depending on how severe the security vulnerability is, disconnecting your wallet from a dapp may not be enough to fully protect your assets.

To minimize this risk, we suggest that you build a habit of checking your existing token approvals. You can revoke or set a spend limit on your existing token approvals. In both cases, this will trigger an additional confirmation to complete a transaction.

Reasons to revoke token approvals

• Limit the risk of your wallet being exposed if there’s a security vulnerability

• You don’t plan on using that dapp anytime soon

• You no longer trust the dapp or its smart contract

• You did not intend to connect to that dapp

Note: You will have to pay a gas fee when you revoke or set a spend limit on a token approval.

To revoke token approvals:

1. From a web browser, go to Revoke.cash.

2. Click Connect wallet.

3. Click Revoke by the token approval you’d like to revoke, or enter your desired max spending limit in the empty field and click Update.

4. This will trigger a confirmation (also referred to as a “signature”) prompt to pop up in your wallet from the browser to approve the action and pay a gas fee.

Once the transaction is complete, then your token approval will be revoked. If you set a spend limit on a token allowance, then any dapp transactions that exceed your spend limit will need to be approved.

Keep in mind that you can always update your token approvals on the dapp if you reuse it in the future.