A recent modus operandi for phishing involves the hacker actually receiving a wallet address owner's approval to spend their tokens. Once approval is received, drying of funds ensues.
If you are an avid user of decentralized exchanges (DEX) or are a degen, then clicking Confirm on a pop-up such as the above may well be a routine for you right now. Utilizing a DEX or partaking in a yield farming pool involves interacting with a smart contract that does most of the work behind-the-scenes for you.
But before a DEX or a yield farming pool is able to do anything, it first needs access to your funds. Hence, the above pop-up. After allowing the smart contract access to your funds, only then can it work its magic of moving your tokens around to execute a trade, stake tokens in a 1000% APY pool or exchange a cool shiny NFT for a cute wiggly one.
In an ideal world, there should be no repercussions from this simple act. But we know the world is far from ideal. When allowing these smart contracts access to your funds, by default, they are allowed to spend an unlimited amount of a token from your wallet address. There is then a possibility that they will in return be able to withdraw any amount of tokens from your wallet at any time they want without you knowing it.
That is exactly what some ill-intentioned projects have done when given the trust - with one case reporting a loss of $140,000 worth of a token due to this exploit.
This is where our latest tool comes in.
With our Token Approvals feature, you have a clear view of all the smart contracts and corresponding tokens you have allowed to spend on your behalf. Should you notice any suspicious contracts allowed to spend staggering amounts of tokens or want to 'spring clean' your approvals, you can easily revoke their approval or decrease the approved amounts.
Using this feature is devoid of hassle and only requires you to connect to your Web3 wallet to revoke or edit approvals. If you'd just like a quick glance at an address's approvals, just insert the address or ENS name into the search bar and press enter!
How to use the Token Approval tool
- Open the Token Approval page.
- Enter your address into the search bar and click the search button.
- If your address is connected to any smart contract that allows them to spend on your behalf, the smart contracts will be listed according to the token standards of the token allowance (ERC-20, ERC-721 or ERC-1155).
- Click on the 'Connect to Web3' button to connect your wallet. Do take note that only the address owner is allowed to revoke the connected smart contracts.
- Once connected, click the 'Revoke' button to revoke the approval of the intended smart contract. Every connected smart contract will have their own 'Revoke' button. Thus, only revoke the approval of the smart contract(s) that you wish to disconnect.
With this feature rolled out, we hope the community can keep better track of token approvals and collectively reduce our funds lost to phishing!