如何撤销智能合约授权(保障安全)2026
安全指南

如何撤销智能合约授权(保障安全)2026

防止无限代币授权威胁你的加密资产。学习如何检查并撤销危险授权。

10 min read

为什么这很重要

已有超过 20 亿美元因被利用的代币授权而被盗。如果你曾使用过 DEX、跨链桥或 DeFi 协议,你很可能仍有处于激活状态的授权,可能让你的资金面临风险。

推荐码

TRADEOFF20

首次交易前请确认 TRADEOFF20 的费用条款

立即注册

Next steps

把加密货币放在交易所安全吗?2026将加密货币移出交易所:2026年自托管钱包使用指南什么是助记词存储?2026年最佳金属板评测

推荐码

TRADEOFF20

首次交易前请确认 TRADEOFF20 的费用条款

立即注册

什么是代币授权?

当你与 DeFi 协议交互时,你必须授予它们转移你代币的权限。这种权限称为 allowance 或 approval。

运作方式

  1. 1你想在 Uniswap 上将 USDC 兑换为 ETH
  2. 2Uniswap 请求授权访问你的 USDC
  3. 3你签署一笔授权交易
  4. 4Uniswap 现在可以使用你的 USDC 进行兑换

问题所在

大多数协议为了方便都会请求无限授权。这意味着:

  • 该合约可以转走你所有代币
  • 授权会一直持续,直到你主动撤销
  • 如果协议被黑,攻击者将获得完全访问权限
  • 大多数用户会忘记旧授权的存在

为什么无限授权很危险

并非所有授权的风险都相同。以下是评估你风险敞口的方法。

critical

Unlimited Approval

Spender can pull any current or future balance of that token

Approve MAX_UINT256 to a router you may never use again
high

Large Amount Approval

High-value approval where amount, spender, or domain is unclear

Approve 10,000 USDT from a copied mint or a new DEX
medium

Old Unused Approval

Approval to a spender, bridge, or marketplace you no longer use

Approval from 2 years ago to defunct project
low

Trusted Protocol Approval

Small, limited approval to a verified spender on the right domain

Approve 100 USDC to Aave

如何检查你的授权

使用这些可信工具查看和管理你的代币授权。

Recommended
R

Revoke.cash

Many EVM chains chains

  • Free to use
  • Multi-chain support
  • Batch revocations
  • Browser extension
Visit Tool
Recommended
E

Etherscan Token Approval

Ethereum + L2s chains

  • Official tool
  • Detailed history
  • ERC-20/721/1155
  • Transaction details
Visit Tool
U

Unrekt.net

Multiple chains chains

  • Simple interface
  • Quick check
  • Popular chains
  • Mobile friendly
Visit Tool
Recommended
R

Rabby Wallet

Many EVM chains chains

  • Built-in wallet
  • Pre-sign check
  • Risk alerts
  • Auto detection
Visit Tool

分步撤销指南

选择你偏好的工具,并按照步骤撤销危险授权。

1

访问 Revoke.cash

前往官方网站

  • Type revoke.cash directly or use a trusted bookmark
  • Check the exact domain before connecting; fake revoke sites can request malicious signatures
  • The site can show basic information before you sign anything
2

连接你的钱包

连接 MetaMask 或其他钱包

  • Click "Connect Wallet" button
  • Select your wallet provider (MetaMask, WalletConnect, etc.)
  • Approve only the site connection; never enter a seed phrase or private key
3

选择网络

选择要检查的区块链

  • Click the network selector dropdown
  • Choose Ethereum, Polygon, Arbitrum, or other chain
  • Repeat for each network you have used because approvals are chain-specific
4

查看授权

检查所有有效授权

  • Wait for the page to load all approvals
  • Sort by value at risk, date, token, and spender
  • Flag unlimited approvals, unknown spenders, copied domains, and contracts you no longer recognize
5

撤销不需要的授权

移除有风险的权限

  • Click "Revoke" next to approvals that are unnecessary, unlimited, or tied to suspicious spenders
  • Confirm the transaction in your wallet
  • Pay the gas fee to remove future spending permission
6

确认撤销

确认授权已被移除

  • Wait for transaction confirmation
  • Refresh the page to verify removal
  • The approval should no longer appear; past transfers cannot be reversed by revoking

Gas 成本说明

撤销授权需要支付 gas。以下是各网络的预估成本。

Ethereum

Often highest

Varies by gas

Polygon

Usually lower

Network dependent

Arbitrum

Usually lower

Network dependent

Optimism

Usually lower

Network dependent

BSC

Usually lower

Network dependent

Base

Usually lower

Network dependent

专业提示:节省 Gas

在周末或 UTC 清晨撤销授权,gas 费用通常会低 30-50%。可使用 Etherscan Gas Tracker 等 gas 跟踪工具找到更合适的时机。

何时应撤销授权

了解何时应采取行动来保护你的资产。

High

After using a new DeFi protocol

New protocols and cloned frontends are where phishing approvals often start

High

When you stop using a protocol

Unused spenders should not keep future permission over your tokens

Medium

After interacting with NFT mints

Mints and marketplaces can request broad collection approvals

Medium

Monthly or after-heavy-use review

Set a cadence so old approvals do not become invisible risk

Critical

After news of protocol hack

Act quickly if the affected spender still has permission

Low

Before large token transfers

Check the receiving wallet before parking a larger balance

代币授权最佳实践

遵循这些准则,尽量降低你的风险敞口。

使用精确金额

只授权交易所需的精确金额,不要授予无限额度。

签名前先检查

务必仔细阅读授权请求。使用像 Rabby 这样会显示风险警告的钱包。

定期审查

每月检查一次你的授权。为定期审查设置日历提醒。

使用独立钱包

将主要资产保存在冷钱包中。DeFi 操作使用资金有限的热钱包。

验证合约

只与已验证的合约交互。检查合约是否经过审计。

使用后撤销

在使用完某个协议后立即撤销授权,尤其是新协议。

常见问题

关于代币授权与撤销的常见问题。

推荐码

TRADEOFF20

首次交易前请确认 TRADEOFF20 的费用条款

立即注册

推荐码

TRADEOFF20

首次交易前请确认 TRADEOFF20 的费用条款

立即注册

Next steps, in order

Check exchange risk, set custody boundaries, back up the seed, and review key ownership before you approve anything else.

01

把加密货币放在交易所安全吗?2026

Check the venue risk before you keep approving anything.

全面分析交易所安全性与自托管的差异。了解储备证明和 SAFU 基金。

Review exchange risk
02

将加密货币移出交易所:2026年自托管钱包使用指南

Move long-term funds out of the approval surface.

自托管钱包完整指南。比较热钱包与冷钱包,保护您的助记词和加密资产。

Set custody boundaries
03

什么是助记词存储?2026年最佳金属板评测

Back up the seed phrase before you move a larger balance.

终极助记词备份指南。比较 Cryptosteel 和 Billfodl 等金属助记词存储板。

Back up the seed
04

公钥与私钥详解

Understand which key actually controls the wallet.

了解公钥和私钥如何保护你的加密资产。包含交互式密钥生成器和签名演示。

Learn key ownership
CryptoDeals - 在 DeFi 中保持安全
首页Blog
© 2026 CryptoDeals. All rights reserved.
分享:

Analytics preferences

We use Google Analytics 4 (GA4) to measure traffic and CTA performance. In the EEA, UK, and Switzerland, analytics stays off until you accept. You can change this later from Cookie Settings.

Current region: unknown (consent required)

Privacy Policy