mm-swap-tips.com
Login
Independent review. This site is not the official website and is not affiliated with, endorsed by, or operated by the wallet vendor reviewed here. Never enter your seed phrase or private keys on any third-party site.

Token Approvals & How to Revoke Them

Stephanie Sullivan Stephanie Sullivan
Try Tangem secure wallet →

Why token approvals matter

When you connect MetaMask to a dApp and approve a token, you are allowing a smart contract to transfer a specified amount of that token from your account. That permission is called a token approval or token allowance. Approvals are what enable fast swaps, automated strategies, and other DeFi interactions without requiring a signature for every single transfer.

But there is a trade-off. Unlimited token allowance can give a contract near-permanent permission to move tokens you hold (up to the approved amount). I learned this the hard way: I approved a utility token for unlimited spending to avoid repeat confirmations, then later had to revoke it when a related contract behaved oddly. You can fix this, though. And yes, revocation itself is an on-chain transaction that costs gas.

How token approvals work on EVM chains (quick technical)

Most tokens on EVM-compatible chains follow the ERC-20 pattern. Two functions matter here:

  • approve(spender, amount): lets you give the spender permission to move your tokens up to amount
  • allowance(owner, spender): returns the current approved amount

Unlimited allowances are typically represented by the maximum uint256 value. That makes repeat approvals unnecessary for frequent trading. It also means the contract could move very large balances if it becomes malicious or is compromised.

Try Tangem secure wallet →

What I've found is that understanding these two functions makes revocation straightforward: set the allowance back to zero (or a small number) by calling approve(spender, 0) for that token contract.

How to check token allowance MetaMask and on-chain

Does MetaMask show every allowance? Not always. MetaMask will show connected sites (who can prompt interactions) and some versions expose a token approvals manager, but many users will still need to check allowances on-chain.

Here are practical options:

  • Quick check via MetaMask: open Settings > Security & Privacy > Connected sites (or Permissions). This tells you which websites have a live connection to your account. It does not always report exact allowance amounts.
  • On-chain check (reliable): use a block explorer for the network you use. Open the token contract, go to Read Contract and use allowance(owner, spender). Enter your address and the contract address you suspect (the DEX router, bridge, or other dApp).
  • Token approval scanner tools: many open-source tools will scan your address and list approvals for you (see Third-party approvals managers below).

Want a direct how-to for checking allowance on a block explorer? See the step-by-step revoke section below.

Revoke token approval in MetaMask (if your version supports it)

Some MetaMask releases include a built-in token approvals list. If you see it, revoking is often the simplest option because MetaMask builds and signs the revoke transaction for you.

Typical steps (may vary by release):

  1. Open MetaMask (extension or mobile) and go to Settings or Account details.
  2. Find Security & Privacy or a Token Approvals section.
  3. Scan the list, find the dApp or spender you want to remove, and tap Revoke.
  4. Confirm and pay gas in MetaMask.

If you don’t see a Token Approvals manager, use the on-chain method below. Either way, keep in mind that a revoke is a normal transaction on the blockchain.

Revoke approvals on-chain via a block explorer (step-by-step)

This is the most universal method and does not require trusting third-party approval managers.

Step-by-step guide:

  1. Identify the spender address. Check the dApp UI, your transaction history, or the approval event in your wallet activity to find the spender (the contract address that was approved).
  2. Open the block explorer for the network (for example the explorer for the network you used) and search for the token contract.
  3. On the token contract page, open Read Contract and locate allowance. Enter your wallet address as owner and the spender address as spender. This shows the current allowance.
  4. If allowance is greater than zero, open Write Contract on the token page and find approve. Connect your MetaMask wallet when prompted.
  5. Call approve with the spender address and 0 as the amount. Submit and sign the transaction in MetaMask.

That sends a standard approve transaction that sets the allowance to zero. Expect it to take a short amount of time and to cost gas.

Third-party approvals managers: pros and risks

There are user-facing tools that scan your address and list all approvals, often letting you revoke many approvals from one interface. They are convenient for busy DeFi users.

Pros: single UI, batch revokes in some cases, easier than manual contract calls. Risks: you must connect a hot wallet and approve a signature for read/write actions (never share your seed phrase). A malicious site could trick you if you accept an unexpected transaction. Always check URL and prefer open-source, audited tools when possible.

What I've found is that these tools are efficient, but I still verify each revoke transaction in MetaMask before signing. And if you prefer not to connect, use the block explorer method above.

Comparison: quick features table

Method Ease Gas cost Trust surface When to use
MetaMask built-in approvals Easy (one tap) On-chain gas Low extra trust (MetaMask) If available in your MetaMask build
Block explorer (manual approve 0) Medium On-chain gas Minimal third-party trust When you want full control
Third-party approvals manager Very easy On-chain gas Higher trust in tool For bulk reviews and convenience

Gas fees and Layer 2 considerations

Revoke transactions are standard token approve transactions and therefore cost gas. On mainnet that can be meaningful. On Layer 2 networks or less congested chains, revoking is much cheaper.

If you plan to revoke many approvals, grouping them on an L2 where possible may save money. But remember that only allowances on the same chain can be revoked by a transaction on that chain. revoke approvals blockchain calls are chain-specific.

Common pitfalls and special cases

  • Some tokens implement non-standard approval patterns (increaseAllowance / decreaseAllowance). If a direct approve to 0 fails, check the token contract or documentation.
  • Permit-based tokens (EIP-2612) use signed approvals; revoking still requires an on-chain action in many cases.
  • Approvals to multisigs or smart contract wallets require the correct spender address. A wrong address entry won’t revoke the intended permission.

What I've learned is to double-check the spender address before sending any transaction (and save it somewhere verifiable).

Who this is for, and who should look elsewhere

Best for: regular DeFi users who swap, stake, or connect to many dApps and want to manage attack surface from a software wallet. If you use MetaMask daily, keeping approvals tidy is good practice.

Not ideal for: people who want the highest custody security and minimal hot-wallet exposure. If that describes you, consider using a hardware wallet or cold storage workflow when possible. See hardware wallet and integration guides in the docs for more steps: hardware-wallets-overview and connect-ledger.

FAQ

Q: How do I revoke token approvals? A: Use MetaMask built-in approvals if present, or call approve(spender, 0) via a block explorer Write Contract, or use a third-party approvals manager and confirm the revoke in MetaMask. For step-by-step instructions see the Revoke on-chain section in this guide.

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets give convenience and are standard for daily DeFi activity. They are not as secure as cold storage. I believe the right mix is to keep small, active balances in a software wallet and large holdings in cold storage (paper seed phrase or hardware).

Q: Do revokes cost gas? A: Yes. Any on-chain approve or revoke requires a transaction and gas fees. Costs vary with network congestion and chain.

Q: What happens if I lose my phone? A: Losing a device does not expose your keys if you used a seed phrase and have not typed it into other devices. Use your backup seed phrase recovery and follow the steps in backup and recovery. If you suspect compromise, move funds from the address to a new address using a secure device.

Conclusion and next steps

Re-checking and revoking token approvals is a practical security habit for active DeFi users. It reduces risks from compromised dApps and accidental unlimited allowances. I’ve been cleaning approvals regularly as part of my workflow; it adds a small cost but buys peace of mind.

If you need a refresher on installing MetaMask or syncing mobile and desktop, see the setup guides: install MetaMask extension and install MetaMask mobile app. For more on token organization and portfolio tracking, check token management and tokens portfolio. If you want a focused guide on bulk revokes, see revoke approvals.

Want a step-by-step walkthrough with screenshots? I recommend following the on-chain revoke steps above on a test token first, or use a small amount to practice before changing full allowances. Happy securing your account.

Try Tangem secure wallet →