Check Your Token Approvals using Etherscan

A brief on Ethereum token approvals, and why you should clean them regularly.

Often, when you use a decentralized exchange (DEX) to trade tokens, engage in yield farming / liquidity mining with DeFi projects, or interact with NFT projects, you are asked to confirm or approve certain transactions. If you have done this frequently enough, you may be accustomed to clicking approve without really looking into the specifics of the transaction (not that different from clicking on those pesky cookie approvals or mobile app terms & conditions, eh?). So what, you may ask.

Well, behind the scenes, when you click approve, the application uses smart contracts to execute the necessary transactions on your behalf. But before the smart contracts can run, they need access to your funds. Depending on how well the smart contracts are written, they may only ask for access to the tokens involved in the transaction. But, if the smart contracts are malicious or poorly written, they may ask for unlimited access. When you unknowingly click approve to the latter, a malicious actor can take advantage of the "pre-approval" and drain the remaining tokens from your wallet.

Image source: Etherscan Token Approvals
Image source: Etherscan Token Approvals

This is why the good folks at Etherscan created the Token Approval Checker. If you provide your Ethereum wallet address or ENS domain name, you can quickly check if you have granted any unlimited token approvals in the past. If you have, you can "clean" those grants by revoking the approvals from the same tool. Granted, this may not make sense for small amounts where Ethereum gas fees end up being greater than the value of your tokens, but it sure does make sense if you have larger amounts in your wallet. In the least, you should check whether your wallets are subject to this risk or not. Stay safe!

Subscribe to alphasec

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.