This is an automated archive.

The original was posted on /r/cryptocurrency by /u/kirtash93 on 2023-08-30 20:13:18+00:00.

TL;DR: Use tools to revoke token approvals and use “disposable” hot wallets to interact with third parties to add another security layer between your main wallet and third parties.

I believe that one of the most efficient ways to avoid falling into scams is knowledge, that’s why I bring you this post explaining how Token Approvals work and how to stay safe and avoid them.

Security

Token Approval

I am going to explain how token approvals works:

  • Approve() function: It gives permission to third parties to use some tokens on your behalf and it needs basically three things:
  1. The address of the token owner
  2. The address of the one who gets the tokens
  3. The amount of tokens to be moved
  • transferFrom() function: Checks that the spender has enough tokens to send and has enough permissions from the token owner. If both are true, it makes the transaction and reduces the amount the spender can move in the future by the moved amount.

Infinite Token Approval

Infinite token approval is a contract that allows third parties to act instead of having to approve one by one.

Sometimes there are apps that ask for approval contracts that allow them to move infinite amount of tokens and this is exactly where hacker focus their efforts. This are some ways they try to make us sign a malicious approval contract:

  • Most common one is sending phishing emails or with fake websites that tries to impersonate the legit app or project. This ones use to ask to approve infinite amount of tokens and then drain your wallet.
  • Exploiting a vulnerability in a smart contract. Basically finding a bug of a backdoor that allow hackers take advantage of it.

How To Protect From Infinite Token Approval

  • Only approve this kind of contracts if you really need too and if you are 200% sure that the app is legit.
  • Stay updated on security news and alerts. Twitter and r/CryptoCurrency are really good places
  • Use tools to revoke token approvals like or Etherscan’s Token Approval tool (Tutorial: )
  • Always use “disposable” hot wallets to interact with third parties. This way you create another security layer between your main wallet and third parties.
  • Avoid phishing links from search engines using AdBlock or better, Brave Browser with its integrated AdBlock.

It may seem that taking these security measures is exhausting and an extra effort but I assure you that it is worth it and eventually you get used to it.

Better safe than sorry.