How can I revoke token approvals and permissions on Ethereum?

This article explains how to revoke token approvals on your crypto wallet. This may apply to you if:

1. You recently interacted with a dApp with a vulnerability, and you don't intend to use a dApp again or in the near future.
2. You don't plan on buying, selling, or transferring an NFT. 

What are token approvals?

Token approvals are permissions granted to decentralized apps (dApps) to access tokens in your crypto wallet. Token approvals are applicable to ERC-20 tokens like USDC and DAI - as well as NFTs (ERC-721 and ERC-1155). You can think of a token allowance as giving a dApp permission to perform an action with your tokens.

All dApps require permission from non-custodial crypto wallets (like MetaMask) before they can interact with any tokens in the wallet. You also grant token allowances to OpenSea to be able to take certain actions using our service, like listing an NFT for sale.

For NFTs, revoking token allowances means an NFT cannot be bought, sold, or transferred using OpenSea's services without first approving the allowance. Both revoking and approving a token allowance on Ethereum are actions that require a gas fee.

How can I manage and revoke token approvals?

There are a number of third-party tools you can use to revoke token approvals entirely. For this tutorial, we'll be using Etherscan's Token Approval tool. Keep in mind that these are third parties and we cannot make any guarantees about their service. Revoking token approval will result in a gas fee.

1. Navigate to https://etherscan.io/tokenapprovalchecker.
2. Press Connect to Web3 to connect your wallet.
   
3. Navigate through the ERC-20, ERC-721, or ERC-1155 tabs until you see the token approval you would like to revoke. 
4. Press Revoke to revoke the token approval. This will prompt a signature request in your wallet. 
   
5. Once the transaction has been completed, the token approval will be revoked. 

Managing ERC-20 token allowances

Moving forward, you can also manage your ERC-20 token allowances each time you interact with a dApp or take certain actions on OpenSea. If you're using MetaMask, we recommend you avoid unlimited spend limits when approving transactions on dApps.

To do so, click Edit Permission and enter your desired amount in Custom Spend Limit. By default, most dApps ask for an unlimited spend limit. By setting a spending limit, you reduce the risk of having your ERC-20 funds drained by a malicious actor.