How to revoke smart contract allowances/token approvals

Note: smart contract allowances are different from simply connecting your wallet to a dapp. For information on disconnecting your wallet from dapps, see here

Smart contract allowances, also referred to as approvals, involve you allowing dapps to access and move tokens in your wallet on your behalf. When you use a DEX (decentralized exchange), for example, you'll need to sign an approval that allows its smart contract to take tokens to complete your requested trades. Whilst this sounds inherently risky, bear in mind that giving dapps at least some allowance is always necessary. If you want to use Web3, you won't be able to avoid them. 

Revoking approvals vs. disconnecting apps: what's the difference?

It's easy to confuse these two processes, but they are fundamentally different:

  • Disconnecting your wallet from a dapp involves cancelling permission for it to see your public address and your token balances, and, depending on what you originally consented to, stopping it from initiating transactions (although not executing them) and viewing past activity. See our article for more info.
  • Revoking an approval/allowance means a dapp can no longer access the contents of your wallet and move them around.

See also: our Twitter thread covering the distinction between these two actions.

How do I revoke approvals?

The good news is there are several ways to keep track of your existing approvals and easily revoke them:

Look, we know how it is: there's always a new dapp to try. Those juicy yields and new games aren't going to find themselves. The only problem is that this can quickly rack up a long list of token allowances, potentially making you vulnerable to hackers or scams. This is why it's a good idea to develop a habit of regularly checking your token approvals--e.g. monthly--and weeding out any you're unhappy with.

Unfortunately, token approvals are a common attack vector for both hackers and scammers: the former can sometimes locate and exploit vulnerabilities in a smart contract's code (this happened to Wormhole, an Ethereum <-> Solana bridge, for example) and the latter can occur through rugpulls.

This is because token approvals often request unlimited access to your tokens. If a hacker or fraudulent smart contract owner is able to leverage this, they can theoretically drain your wallet of the tokens you've allowed access to. To this end, MetaMask allows you to customize token permissions

For a more in-depth look at token approvals and dapp permissions, check out our blog post, or this article from the creator of the Revoke app mentioned above.

Was this article helpful?
48 out of 89 found this helpful

Articles in this section

See more
MetaMask Support on Twitter
Beware of scam Twitter accounts. Never give anyone your Secret Recovery Phrase!
MetaMask YouTube
Fow how-to and support videos please visit our channel