Token Allowance Checker on Ethereum: What is token allowance? 

Vance Wood

Vance Wood

November 8, 2023

24 分鐘閱讀

article cover

Keeping digital assets secure and guarded against potential threats is a bit of a challenge even for crypto pros, let alone beginners. Token allowance checkers, however, are simple instruments beneficial to both experts and newcomers in the space.

In this article, we're diving deep into the concept of ​​token approval checker for Ethereum, exploring their significance, and introducing you to the tools that will empower you to protect and manage your digital assets effectively.

Token allowance checkers on Ethereum: Highlights

In the Web3 world, it's important to regularly check and cancel token permissions. This keeps the wallet holdings safe by stopping unauthorized access and lowering the risk of attacks.

  • Token approvals are requested by smart contracts powering decentralized applications to grant them certain token management rights;
  • Token allowance should be distinguished from dApp permissions which will only connect a wallet to a website or application to identify the user with the public address;
  • Decentralized applications will implement unlimited token approvals to facilitate the user experience and make interactions more convenient.
  • While inherently it is a common practice, token approvals are the heart of many exploits and scams;
  • There are special tools that help with identifying and managing these approvals: Etherscan token approval checker, Revoke, and CoinTool are some of the widely used services;
  • To stay safe, it’s a good practice to check exactly what you’re signing when interacting with websites and apps and periodically review your existing token approvals;

In this article, we’ll focus on Ethereum token allowance checkers, specifically. However, you're likely to find similar tools for each and every blockchain you may be using.

What is token allowance

With Ethereum at the heart of the DeFi and NFT movements, ERC tokens are an integral part of daily decentralized activities for millions of users. While most tokens are circulating via direct fund transfers, token allowance comes into play when a blockchain application is given permission to move tokens on a user's behalf.

For the curious, here is the difference in codes relevant to each method of transfer.

Direct transfer:

function transfer(address to, uint256 amount) public {
    require(balances[msg.sender] >= amount, "message");
    balances[msg.sender] -= amount;
    balances[to] += amount;
}

Transfers with approvals:

function approve(address spender, uint256 amount) public {
    allowance[msg.sender][spender] = amount;
}

function transferFrom(address from, address to, uint256 amount) public {
    require(balances[from] >= amount, "message");
    require(allowance[from][msg.sender] >= amount, "message");
}

MetaMask's approval window may already be a recognizable feature for you. It's the notification that appears when users grant permission to a crypto application like PancakeSwap to utilize your tokens. Once allowed, the exchange can automate the transactions.

Every time the approval method is called, ERC contracts have to update the allowance variables on-chain, which incurs some gas fees. For user convenience and cost-efficiency, many dApps request single, unlimited access, eliminating manual approvals and transaction expenses each time users interact with the platform.

Signing_Token_Approvals_on_MetaMask

Image from MetaMask

In the example above, PancakeSwap is asking for management rights for an infinite amount of tokens to be able to handle future transactions, sparing users from the inconvenience of repetitive requests.

Why do we need token allowance checkers?

Many prominent players in the DeFi and NFT sectors opt for unlimited approvals. However, it's important to note that it also increases the risk of potential theft from your crypto wallet.

Generally, there are two types of risks associated with improper management of allowances:

  1. When a trusted dApp is compromised, attackers may leverage the initially granted permissions to gain control of funds. In this case, users remain in the unknown as the approval is already settled;
  2. Malicious actors may trick crypto holders into granting unlimited token approvals on a maliciously set-up dApps or contract that is designed to look like a trustworthy service.

With this in mind, it is essential to periodically assess the smart contracts and dApps that hold permission to manage transactions on your behalf, especially for apps you no longer trust or planning to use. Should you decide to use them again, access is easily reauthorized.

Token allowance checker tools

The main purpose of services that are dubbed token approval checkers is to show users what access is granted to which smart contracts and applications and be able to revert permissions. This action will let the dApp know that they can no longer access and move tokens, which is extremely handy when it comes to discontinuing suspicious approvals.

Some of the most popular services that offer this functionality completely free of charge are briefly reviewed below.

Etherscan Token Approval Checker

A recently added feature of a popular Ethereum explorer makes it easy to track ERC20, ERC-721, and ERC-1155 token management permissions directly via the website by connecting a MetaMask account.

Revoke.cash Allowance Checker

Created by Rosco Kalis, a software developer with a background at Truffle and Bitcoin.com, the website is designed to let users trace access third parties obtain to the tokens and NFTs across all EVM chains.

CoinTool Token Approve Tracker

The ETH token allowance checker works similarly to the previous website, while also providing an extra feature to view previous records of interacting with the revoke function.

Ethallowance

Another tool recommended by Ethereum that is straightforward to use. However, unlike the aforementioned web applications, ETH Allowance does not offer a preview and only works after connecting the wallet.

In-wallet Allowance Managers

More and more Web3 wallet developers equip their dApps with the code enabling token allowance checker functionality, where users can modify permissions given earlier. Coinbase and Crypto.com wallet are examples of such storage solution providers.

While there are various services offering similar features, these are widely referred to by MetaMask and OpenSea as go-to options.

How to revoke token approvals on Ethereum

In this section, we will dive into a detailed guide on how to proficiently handle approvals for tokens within the Ethereum blockchain including NFTs. We'll look at a range of options, from utilizing Etherscan to dedicated websites tailored for revoking approvals, and even hands-on control through smart contracts.

Revoking token approvals on Etherscan

  1. Navigate straight to the Etherscan website, and in the top menu, locate the 'More' section. Click on 'Token Approvals' under the ‘Services’ category to access the dedicated page.
Etherscan_Explorer_Menu

Image from Etherescan

  1. Here, you can input your wallet address into the search bar to preview the list of contracts with access to your tokens. You have the flexibility to switch between various token standards to get a comprehensive overview.

Be sure to take note of any flagged items, as they represent unverified contracts. You can also click on the address and evaluate specific contracts in more detail.

Etherscan_Token_Allowance_Tool

Image from Etherescan

  1. To activate the revoke button, you’re required to connect a wallet by simply clicking on ‘Connect to Web3’ on the top left. Once you do so, you’ll be able to see the details of an operation and proceed. Finally, confirm the action from your wallet accepting the small gas fee.
Revoking_Token_Approvals_on_Etherscan

Image from Etherescan

How to use token allowance checker tools

Using websites that help to manage approvals is not completely different from the Etherscan procedure. To demonstrate, let’s go to Revoke.cash tool and go through the process together.

  1. You have a couple of options to begin using the website: immediately connect your wallet to the website or simply enter the address in the search bar to preview the list beforehand. Different login options aside from Metamask, including Ledger, WalletConnect, or CoinBase wallets are available.
Revoke.cash_Token_Allowance_Tool

Image from Revoke

  1. In the next step, you’ll be shown which NFTs and ERC20 tokens have approvals on the connected wallet. Feel free to switch between available networks and token types or filter out limited access and zero balances.

  2. Sort out the approvals you want to discontinue and click the ‘revoke’ button to see a MetaMask notification pop up. Make sure your account has a bit of ETH to cover gas fees and confirm the action.

Revoking_Token_Approvals_on_MetaMask

Image from MetaMask

  1. Wait for unlimited allowance to change for ‘no approvals’. Repeat the procedure as many times as you need.
Revoke.cash_Revoking_Token_Allowance

Image from Revoke

Revoke token approvals on OpenSea

OpenSea: Conduit is the protocol, where users provide their approvals prior to listing NFTs for sale on the marketplace via the setApprovalForAll function. By signing the permission, thus, users grant access to every NFT in the collection aside from the one that is being listed.

Therefore, removing the contract from your list of token approvals is a good idea once the sale is successfully finalized. This can be either performed through Etherscan or Revoke.cash as recommended by OpenSea following exactly the same steps as shown above.

Revoking_OpenSea_Allowances_on_Etherscan

Image from Etherescan

Additionally, you can safely revoke OwnabaleDelegateProxy and OpenSea: Wyvern Token Transfer Proxy even if you're actively trading since these are the older contracts that are not currently used.

Revoke token approvals using a smart contract

It is possible to interact with smart contracts directly via Etherscan without having to use third-party ETH token allowance checkers by navigating to the token contract and updating the approvals to ‘0’.

To stay on the safe side, make sure to look at the code and see what it actually does before triggering transactions. This will also require connecting a wallet and paying transaction fees as in any other regular transaction.

Interacting_with_Token_Allowance_Functions_on_Etherscan

Image from Etherescan

Context Banner

Wrapping up

Using token allowance checkers while using Ethereum for daily decentralized financial activity is the definition of a proactive approach that effectively minimizes the potential risks to any wallet's security. They are free and handy tools giving users more control over their decentralized experiences.

On the other hand, Ethereum smart contract and application developers must adhere to best practices while constructing their products. For a seamless and secure development experience, you can give GetBlock's RPC node services a try. Sign up for access to a diverse selection of 50+ blockchain protocol endpoints!

常问问题

  • What is a Token Allowance Checker on Ethereum, and why is it important?

    plus
  • What are the main Token Allowance Checker tools available on Ethereum, and how do they work?

    plus
  • How can users revoke token approvals on Ethereum, and what are the different methods available?

    plus
  • How can users protect their assets by monitoring and managing their token allowances effectively?

    plus
Vance Wood

Vance Wood

November 8, 2023

24 分鐘閱讀

twittertwittertelegramtelegramLinkedinLinkedin