Token Approvals

A recent modus operandi for phishing involves the hacker actually receiving a wallet address owner's approval to spend their tokens. Once approval is received, drying of funds ensues.

If you are an avid user of decentralized exchanges (DEX) or are a degen, then clicking Confirm on a pop-up such as the above may well be a routine for you right now. Utilizing a DEX or partaking in a yield farming pool involves interacting with a smart contract that does most of the work behind-the-scenes for you.

But before a DEX or a yield farming pool is able to do anything, it first needs access to your funds. Hence, the above pop-up. After allowing the smart contract access to your funds, only then can it work its magic of moving your tokens around to execute a trade, stake tokens in a 1000% APY pool or exchange a cool shiny NFT for a cute wiggly one.

In an ideal world, there should be no repercussions from this simple act. But we know the world is far from ideal. When allowing these smart contracts access to your funds, by default, they are allowed to spend an unlimited amount of a token from your wallet address. There is then a possibility that they will in return be able to withdraw any amount of tokens from your wallet at any time they want without you knowing it.

That is exactly what some ill-intentioned projects have done when given the trust - with one case reporting a loss of $140,000 worth of a token due to this exploit.

This is where our latest tool comes in.

With our Token Approvals feature, you have a clear view of all the smart contracts and corresponding tokens you have allowed to spend on your behalf. Should you notice any suspicious contracts allowed to spend staggering amounts of tokens or want to 'spring clean' your approvals, you can easily revoke their approval or decrease the approved amounts.

Using this feature is devoid of hassle and only requires you to connect to your Web3 wallet to revoke or edit approvals. If you'd just like a quick glance at an address's approvals, just insert the address or ENS name into the search bar and press enter!

With this feature rolled out, we hope the community can keep better track of token approvals and collectively reduce our funds lost to phishing!

  • Raja C
Updated