Part 6 · Chapter 6

Approvals & Permissions Safety

AT A GLANCE

Token approvals let contracts move your assets; unmanaged approvals are a common loss vector. You will learn how to grant, limit, and revoke permissions safely.

ERC-20 ApprovalsNFT PermissionsPermit SignaturesRevocation ToolsWallet Separation

Who Is This For?

Everyday DeFi users signing transactions
NFT traders approving marketplaces

Learning Objectives

Explain how ERC-20/721 approvals work
Set sensible spending limits
Use revoke tools and separate wallets

🚨 Why this matters: Token approvals are the #1 mechanism used by drainer contracts. Most wallet drains happen because you signed an approval that gave a malicious contract permission to take your tokens.

Section 1

How Approvals Work

🔍 Approval Type Explorer

🪙

ERC-20 Token Approval

approve(spender, amount)

Grants a contract permission to transfer up to a specified amount of a specific token from your wallet.

Step by Step:

1.You want to swap USDC for ETH on Uniswap

2.Uniswap's router needs permission to move your USDC

3.You sign the approval transaction

4.Router can now call transferFrom() to move your USDC

5.The swap executes

Your Wallet

🔑 USDC

Amount you set

Spender

📋 Uniswap Router

⚠️ Danger

If you approve UNLIMITED (MAX_UINT256), the contract can drain ALL of that token at ANY future time.

✅ Safe Practice

Approve only the exact amount needed. Re-approve for future transactions — the gas cost is cheap insurance.

🧪 Approval Request Analyzer

Uniswap: Swap 500 USDC

approve(0x68b3...Swap, MAX_UINT256)

Decoded: UNLIMITED approval for ALL your USDC

Trusted DEX but unlimited access. What to do?

Section 2

Limiting Risk

📊 Approval Risk Calculator

Total active approvals

Of those, unlimited?

Risk Level65%

🚨 High exposure. Immediate cleanup recommended.

🏗️ Wallet Separation Strategy

🔥 Hot Wallet — Daily interactions, approvals, dApps

🔐 Cold Storage — Hardware wallet, never connects

🖼️ NFT Wallet — Marketplace interactions and minting

🗑️ Burner Wallet — Untrusted mints, airdrops, new protocols

💰 DeFi Wallet — Lending, staking, liquidity

🚨 Insufficient separation. Start with hot/cold split.

Section 3

Revoking Permissions

🔄 Revocation Habits

Bookmarked revoke.cash and Etherscan approval checkerSetup

Monthly calendar reminder to review approvalsHabit

Revoke after each DeFi session on unfamiliar dAppsHabit

Revoke approvals to contracts no longer usedAction

Replace unlimited with exact-amount approvalsAction

Revoke approvals to deprecated protocol versionsAction

Review and revoke unnecessary setApprovalForAllAction

Check approvals on ALL chains you useCompleteness

🚨 Approvals accumulating unchecked. Audit today.

🔎 Approval Audit Simulator

Review and decide: Keep, Reduce, or Revoke?

Uniswap V3 RouterActive, verified

Token: USDC · Amount: Unlimited · 8 months ago

Unknown: 0x3f1a...9c2dUnverified

Token: ALL NFTs (Bored Ape) · Amount: setApprovalForAll · 3 months ago

Aave V3 Lending PoolVerified, audited

Token: WETH · Amount: 2.5 WETH (exact) · 2 weeks ago

SushiSwap Router V1Deprecated

Token: DAI · Amount: Unlimited · 2 years ago

OpenSea SeaportVerified marketplace

Token: ALL NFTs (Pudgy Penguins) · Amount: setApprovalForAll · 1 month ago

🏆 Permission Hygiene Scorecard

Always approve exact amounts when possible×3

Read what you are approving — check token, amount, spender×3

Use separate wallets for daily vs. storage×3

Monthly approval review and revocation×3

Avoid setApprovalForAll except on verified marketplaces×2

Verify contract addresses against official docs×2

Treat permit requests with same caution as transactions×2

Revoke after use on unfamiliar dApps×2

Track approvals across all chains×2

Use burner wallets for new protocols×2

Hygiene Score0%

Watch Out

Common Mistakes

♾️

Approved unlimited USDC months ago — but I trust the DEX

Trust does not make unlimited approvals safe. Even Uniswap could have bugs. Reduce to exact amounts.

🌐

I closed the browser tab, so my approval is gone

Approvals are ON-CHAIN — they persist forever until explicitly revoked.

💰

I use my main wallet with $50K for everything

One bad approval = total loss. Use hot wallet for interactions, hardware for storage.

👥

Our team multi-sig has unlimited approvals

Multi-sig offers no protection if the approved protocol is exploited. Use exact amounts.

🔑 Golden Rule: Every approval is a standing permission for a contract to take your tokens — forever, until you explicitly revoke it. Treat approvals like house keys.

Test Yourself

Knowledge Check

What does a token approval allow?

See contract code

Permits contract to move your tokens

Locks tokens permanently

Creates new tokens

Why are unlimited approvals risky?

Cost more gas

If compromised, attackers drain all funds

Slow transactions

Not supported

How to reduce approval exposure?

Use same wallet

Low allowances, separate wallets, regular revokes

Only DeFi on weekends

Approve unlimited

What happens when you close the dApp tab?

Auto-revoked

Persist until explicitly revoked

Expire after 24h

Transfer to new wallet

Why is setApprovalForAll dangerous?

Costs more gas

Blanket permission to transfer ANY NFT in collection

Only works on mainnet

Requires two transactions

Next Steps

→Continue learning: Explore CryptoLens research reports

→Hands-on: Run monthly approval audit with revoke.cash