How to Revoke Smart Contract Allowances (Stay Safe) 2026
Protect your crypto from unlimited token approvals. Learn to check and revoke dangerous allowances.
Why This Matters
Exploited token approvals are a recurring loss path in DeFi. If you have ever used a DEX, bridge, NFT marketplace, or lending protocol, you may have active approvals that still expose funds.
Referral Code
TRADEOFF20
Check TRADEOFF20 fee terms before your first trade
What Are Token Allowances?
When you interact with DeFi protocols, you must grant them permission to move your tokens. This permission is called an allowance or approval.
How It Works
- 1You want to swap USDC for ETH on Uniswap
- 2Uniswap asks for approval to access your USDC
- 3You sign an approval transaction
- 4Uniswap can now move your USDC for swaps
The Problem
Most protocols request UNLIMITED approvals for convenience. This means:
- The contract can drain ALL your tokens
- Approval persists forever until revoked
- If hacked, attackers get full access
- Most users forget about old approvals
Why Unlimited Allowances Are Dangerous
Not all approvals carry the same risk. Here is how to assess your exposure.
Unlimited Approval
Spender can pull any current or future balance of that token
Large Amount Approval
High-value approval where amount, spender, or domain is unclear
Old Unused Approval
Approval to a spender, bridge, or marketplace you no longer use
Trusted Protocol Approval
Small, limited approval to a verified spender on the right domain
How to Check Your Allowances
Use these trusted tools to view and manage your token approvals.
Revoke.cash
Many EVM chains chains
- Free to use
- Multi-chain support
- Batch revocations
- Browser extension
Etherscan Token Approval
Ethereum + L2s chains
- Official tool
- Detailed history
- ERC-20/721/1155
- Transaction details
Rabby Wallet
Many EVM chains chains
- Built-in wallet
- Pre-sign check
- Risk alerts
- Auto detection
Step-by-Step Revocation Guide
Choose your preferred tool and follow the steps to revoke dangerous approvals.
Visit Revoke.cash
Go to the official website
- Type revoke.cash directly or use a trusted bookmark
- Check the exact domain before connecting; fake revoke sites can request malicious signatures
- The site can show basic information before you sign anything
Connect Your Wallet
Link MetaMask or other wallet
- Click "Connect Wallet" button
- Select your wallet provider (MetaMask, WalletConnect, etc.)
- Approve only the site connection; never enter a seed phrase or private key
Select Network
Choose the blockchain to check
- Click the network selector dropdown
- Choose Ethereum, Polygon, Arbitrum, or other chain
- Repeat for each network you have used because approvals are chain-specific
Review Allowances
Check all active approvals
- Wait for the page to load all approvals
- Sort by value at risk, date, token, and spender
- Flag unlimited approvals, unknown spenders, copied domains, and contracts you no longer recognize
Revoke Unwanted Approvals
Remove risky permissions
- Click "Revoke" next to approvals that are unnecessary, unlimited, or tied to suspicious spenders
- Confirm the transaction in your wallet
- Pay the gas fee to remove future spending permission
Verify Revocation
Confirm approval is removed
- Wait for transaction confirmation
- Refresh the page to verify removal
- The approval should no longer appear; past transfers cannot be reversed by revoking
Gas Costs Explained
Revoking approvals costs gas. Here are estimated costs per network.
Ethereum
Often highest
Varies by gas
Polygon
Usually lower
Network dependent
Arbitrum
Usually lower
Network dependent
Optimism
Usually lower
Network dependent
BSC
Usually lower
Network dependent
Base
Usually lower
Network dependent
Pro Tip: Save on Gas
Use a current gas tracker before cleanup. Revoke urgent high-risk approvals immediately, and batch lower-risk cleanup when network fees are acceptable.
When to Revoke Allowances
Know when to take action to protect your assets.
After using a new DeFi protocol
New protocols and cloned frontends are where phishing approvals often start
When you stop using a protocol
Unused spenders should not keep future permission over your tokens
After interacting with NFT mints
Mints and marketplaces can request broad collection approvals
Monthly or after-heavy-use review
Set a cadence so old approvals do not become invisible risk
After news of protocol hack
Act quickly if the affected spender still has permission
Before large token transfers
Check the receiving wallet before parking a larger balance
Best Practices for Token Approvals
Follow these guidelines to minimize your risk exposure.
Use Exact Amounts
Approve the exact amount needed when possible, and treat unlimited approvals as temporary convenience, not a default.
Check Before Signing
Read the spender, token, amount, and domain before signing. Wallet warnings help, but they do not make phishing safe.
Regular Audits
Review approvals monthly, after new protocols or NFT mints, and any time exploit news mentions a protocol you used.
Use Separate Wallets
Keep savings in a cold wallet and use a smaller DeFi wallet so one bad approval cannot reach your main holdings.
Verify Contracts
Verify the official domain, spender address, and contract label. Audits help, but a fake frontend can still trick you.
Revoke After Use
Revoke after high-risk or one-time use, but balance the gas cost against the value actually exposed.
Frequently Asked Questions
Common questions about token allowances and revocation.
Referral Code
TRADEOFF20
Check TRADEOFF20 fee terms before your first trade
Next steps, in order
Check exchange risk, set custody boundaries, back up the seed, and review key ownership before you approve anything else.