Loading prices…

How to Revoke Smart-Contract Approvals (and Why You Should)

Dormant token approvals are a top attack vector. Here is a monthly routine to find, classify, and revoke risky allowances across Ethereum and L2s.

How to Revoke Smart-Contract Approvals (and Why You Should)

What a token approval actually is, and why it outlives the trade

When you swap a token on a decentralized exchange, lend assets on a money market, or stake through a DeFi dashboard, you do not hand your tokens to a person. You sign a message that asks the token's smart contract to let a different smart contract move a specific number of your tokens on your behalf. That signed message is the approval, and it lives on-chain indefinitely until you or someone explicitly cancels it.

This is the part most beginners misunderstand. The approval is not tied to a single trade. It is a standing permission. The DEX or lending protocol you interacted with in 2023 can, in principle, still move tokens out of your wallet today, because the token contract itself recorded that it is allowed to.

There are two flavors you will see in a tool like Etherscan. A 'limited' approval sets a ceiling, for example 100 USDC, after which the contract has to ask you to sign again. An 'infinite' approval (technically the maximum value representable in a uint256, which is a 256-bit unsigned integer, or a number so large it might as well be unlimited) sets no ceiling. Most DeFi front-ends default to infinite because it spares the user an extra signature on every future trade, and because paying gas twice for the same dapp feels wasteful.

The trade-off is real: an infinite approval is convenient for you, and it is also convenient for anyone who later takes control of that contract.

The risk: how a forgotten approval becomes a drain

The failure mode is rarely a clever new hack. It is almost always one of three older patterns, and all of them are made worse by approvals that have been sitting on-chain for months.

1. The contract itself gets compromised. A developer key is phished, a multisig wallet is hijacked, or the protocol suffers a governance attack where attackers pass a proposal that upgrades the contracts to a malicious version. Once the contract is hostile, every still-active approval it holds is a loaded weapon pointed at the user's wallet. The user does not need to interact with anything new. The contract simply calls transferFrom on its own.

2. The protocol is abandoned but the contract is not paused. Many DeFi projects ship, raise money, lose interest, and quietly wind down. The contracts keep running. If a vulnerability is later found and there is no team to patch it, attackers can drain every wallet that ever approved that address. This has happened repeatedly with old staking and yield-aggregator contracts from the 2020 to 2021 cycle.

3. You approved a phishing site that looked like a real dapp. A fake Uniswap or Aave interface signs an approval to a contract the attacker controls. The user thinks they are trading, but they have actually handed a stranger permission to drain a specific token. In this case revoking is urgent, and it is also the only fix, because the signed approval is already on-chain.

Notice what is missing from this list: you do not need to be 're-hacked' for the drain to happen. The vulnerability is the approval itself, sitting in cold storage on the blockchain, waiting for a future event to activate it.

How to see what you have already approved

The first step is inventory. Connect your wallet to one of three tools, all of which read the same underlying blockchain data and present it in slightly different ways.

Revoke.cash is the most beginner-friendly. You land on the site, connect your wallet, and it lists every approval you have signed across the chains it supports, which today includes Ethereum, Arbitrum, Optimism, Base, Polygon, BNB Chain, and most other major EVM (Ethereum Virtual Machine) networks. Each row shows the token, the spender (the contract that can move the token), the allowance (how much it can move), and a 'Revoke' button. It also flags contracts that have not been used in a long time as potentially dormant.

The Etherscan token-approval tool lives at etherscan.io/tokenapprovalchecker. It is rougher around the edges than Revoke.cash but it is run by a team with a long public track record, and it sometimes catches edge cases Revoke.cash misses. The workflow is the same: connect, review, revoke.

Rabby's built-in approval manager is the only on-chain option that does not require visiting a third-party site. Rabby is a wallet (a browser extension and mobile app) that itself reads your approvals and surfaces a 'dangerous approvals' list inside the wallet UI. If you already use Rabby, this is the lowest-friction path. The data is the same data; the interface just lives somewhere you already trust.

Whichever tool you pick, use only one per session. The risk of juggling multiple approval-checker tabs is that you lose track of which site is connected to your wallet, which is itself a mild phishing risk.

How to tell which approvals are actually dangerous

Once you have the list, you do not need to revoke everything. A good first pass prioritizes the riskiest entries.

Infinite approvals come first. Sort or filter the list for any row that shows a huge number, often displayed in scientific notation like 1.15792e+59, which is the encoded form of the maximum uint256. These are the highest-leverage cleanups. Each one is a contract that can move 100 percent of that token from your wallet without asking again.

Limited approvals to contracts you no longer use are next. If you approved a staking contract for exactly 500 tokens two years ago and you no longer use it, that approval is still live. It is a smaller blast radius than an infinite one, but it is still a loaded gun pointed at a contract you do not monitor.

Dormant contracts deserve scrutiny. Most approval tools show a 'last used' timestamp or mark contracts that have not transacted in over a year. These are the approvals most likely to belong to abandoned projects, and abandoned projects are the approvals most likely to be exploited later. Revoke them.

Active contracts you still use can wait. If you actively trade on Uniswap and lend on Aave, you can keep those approvals open. Revoking and re-approving every trade wastes gas and adds signature fatigue, which is its own security risk. The point of a monthly cleanup is not zero approvals; it is zero stale approvals.

The mechanics of revoking, and what it actually costs

Revoking is itself an on-chain transaction. You are calling the approve function on the token contract and setting your allowance for that spender to zero. The token contract records the new allowance, and from that block forward, the spender can no longer move your tokens.

On Ethereum mainnet, a single revoke typically costs somewhere between one and five dollars in gas depending on congestion. If you have twenty stale approvals, that is a non-trivial bill. On layer-2 networks (L2s) like Base, Arbitrum, or Optimism, the same call costs cents, sometimes fractions of a cent, because L2s batch transactions and inherit security from Ethereum while charging much lower fees. If you are choosing where to do your monthly cleanup, doing it on the L2 you actually use is almost always the right call.

There is a small but real footgun. When you submit a revoke transaction, the wallet still has to pay gas, and the gas must come from the native asset of that chain, meaning ETH on Ethereum and Arbitrum, MATIC on Polygon, BNB on BNB Chain. If your wallet only holds stablecoins and the native asset balance is zero, the revoke will fail. Keep a small amount of the native token in any wallet you intend to clean up, on the order of a few dollars' worth.

Another footgun: revoking is irreversible in the sense that you cannot get the gas back, but it is also trivially reversible in the sense that you can re-approve the same contract the next day. There is no penalty for revoking a contract you later decide to use again; you will just have to sign a new approval, pay gas for it, and move on.

What revoking does not do

Revoking prevents future drains from the contract you revoked. It does not, and cannot, undo a drain that already happened. If your wallet was emptied in March and you revoke in May, the tokens from March are gone, and the revoke transaction is unrelated to the theft in any legal, forensic, or recoverable sense.

Revoking also does not protect you from a new approval you sign tomorrow. If you visit a phishing site, sign an approval to a malicious contract, and then try to clean up, the new approval is the problem, and revoking your old Uniswap allowance does nothing to address it.

Revoking does not move your tokens. It does not require a swap, a signature from a third party, or any interaction with the spender contract. It is a single function call to the token contract itself, telling it to zero out one row in its allowance ledger.

A monthly routine you can actually keep

The single biggest reason people never revoke is that it feels like a one-time chore, which guarantees it never gets done. The most reliable fix is to anchor it to a calendar event. The first Sunday of the month is a popular choice because weekends are quiet and you are less likely to be mid-trade; some people pick the day their credit-card statement closes for the same reason. The specific day does not matter. The repetition does.

On cleanup day, the workflow is short. Open Revoke.cash, Etherscan, or your Rabby approval manager. Connect the wallet you actively use. Sort for infinite approvals first and revoke those. Then scan for dormant contracts, which the tool usually marks, and revoke those. Leave the active contracts you still use alone. Confirm each transaction, wait for it to settle, and close the tab.

Time cost on an L2: roughly five to ten minutes. Time cost on mainnet: similar, plus a few dollars in gas. The habit, once installed, takes less time than checking your bank statement and pays for itself the first time it blocks a drain.

How to follow wallet-security news the smart way

Wallet-security incidents move fast, and the difference between a 'manageable hack' and a 'total loss' is almost always how quickly a user hears about a vulnerable contract and revokes their approval before an attacker sweeps it. Tracking every protocol's governance forum, audit reports, and post-mortems by hand is a losing game. Zippfeed surfaces wallet-security and DeFi exploit headlines with sentiment scoring (bullish, neutral, or bearish) and an importance rating, so you can revoke the right approvals before the next drain, not after it.

Frequently asked questions

Is it safe to use Revoke.cash?
Revoke.cash is one of the most widely used approval-management tools and it is read-only by default: connecting your wallet lets the site read your approvals, but it cannot move funds without a transaction you sign. That said, the standard risks of any dapp apply, so always double-check the URL, bookmark it rather than searching for it, and never sign a transaction you do not understand. Education, not financial advice: using a reputable tool is a good habit, but no tool eliminates the need to read what you are signing.
How does an ERC-20 approval actually work?
When you sign an approval, you are calling the approve function on a token's smart contract, telling it to allow a specific spender address to move up to a specified amount of your tokens. The token contract records that allowance, and the spender can call transferFrom on your behalf up to that limit. The approval lives on-chain until you set it back to zero. This is why an approval to a long-defunct contract is still a live risk years later.
Should I revoke every approval I have?
You do not need to revoke everything, and trying to do so usually wastes gas and adds signature fatigue. Prioritize infinite approvals to contracts you no longer use, then dormant contracts, then limited approvals to old protocols. Keep approvals open for protocols you actively use, because revoking and re-approving every trade costs money and offers no real security benefit. The goal of a cleanup is zero stale approvals, not zero approvals.
Will revoking an approval refund me if I was already drained?
No. Revoking an approval is a forward-looking action: it prevents the revoked contract from moving your tokens in the future, but it cannot reverse, refund, or recover tokens that were already stolen. If you have been drained, your path is incident response, not approval cleanup: move remaining funds to a fresh wallet, document the transactions, and report to the relevant project and to blockchain analytics firms. Approval hygiene is prevention, not a refund mechanism.