OpenSea users reportedly had over $1.7M worth of NFT assets stolen from them through a phishing attack, as users grant DApps smart contracts unlimited access to their wallets and funds.
Why Do You Need To Revoke Permissions And Token Approval?
One thing that the recent OpenSea crisis tells us is that decentralized apps, as impressive as they are, come with their own set of problems – the first being the high tendency of being hacked. The nascency of smart contract-enabled applications, coupled with the lack of industry standards, makes it a lot easier for hackers to capitalize on security loopholes.
For instance, you must have granted OpenSea permissions to access, list and transfer the NFTs in your wallet before you can use the platform to trade NFTs. And so, whenever the smart contracts of DApps you have interacted with are under attack, chances are that the attackers can withdraw the tokens in your connected wallet. This is also why rug pulls are rampant in the crypto industry.
In light of this existing threat, it is imperative to occasionally review the smart contracts or DApps that have been authorized to conduct sensitive transactions on your behalf. You need to revoke the permissions granted to DApps you no longer trust or those undergoing smart contract upgrades. Also, it is always advisable to do the same to DApps that you have not used in a while. You can easily re-sign the permissions whenever you want to start using them again. Ultimately, this will limit the risks your wallet is exposed to at each given time.
Having highlighted the importance of constantly reviewing the number of DApps permitted to initiate sensitive actions on your behalf, below is how to revoke token approvals.
How To Revoke Token Approvals On MetaMask
We have tailored this guide for MetaMask users because it is arguably the most popular wallet service provider among DApp users. Also, revoking token approval comes at a cost. You will have to pay a gas fee to complete the process.
With that said, here are the steps you need to take to revoke token approvals or permissions.
- First, you should head to the block explorers for the DApp networks you usually utilize. For instance, Ethereum users should head to Etherscan, Polygon users to Polygonscan, while BSCscan is the ideal explorer for those using BSC-based dapps. In this guide, we will be focusing on Etherscan.
- On the Etherscan blockchain explorer, navigate to the Approval Checker section. Here is the link for the approval review portal for Etherscan.
- While at the approve checker page, click on Connect to Web3 to trigger the Choose a Wallet window. Here, choose the MetaMask option and follow the prompt to connect your wallet to the portal. Note that your MetaMask wallet must be online to connect successfully.
- Once you are connected, navigate through the Ethereum token standards tabs (including ERC-20, ERC721, and ERC-115) until you find the token approval you wish to revoke. For each token on your wallet, you will be able to see the smart contracts that have the approval to either access it or submit transactions on your behalf. You can select the specific approval you want to cancel from here.
- Next, click on Revoke to cancel the token approval. By doing so, you will trigger a signature request in your wallet. Approve this request and pay the appropriate gas fee to complete the process.
You can as well manage the approval of each token while interacting with dapps. This is possible when implementing certain actions or approving transactions on DApps. Rather than enabling unlimited spending limits when approving transactions, it is advisable to opt for a custom spending limit.