For all users in the world of cryptocurrencies, understanding the concept of “allowance” (aka. Approval) is crucial. In the crypto space, an allowance refers to granting permission to decentralized applications (dApps) to perform actions on your behalf. However, it’s important to grasp the associated risks and the significance of managing these permissions effectively.

What are dApp Allowances?

In the crypto realm, dApp allowances involve granting permission to dApps to execute specific actions using your tokens. This permission enables them to transfer your tokens, create new ones, or carry out other operations on your behalf.

Here is an example of an Ethereum wallet searched on the Etherscan that shows dApps granted with allowances:

Recognizing the Risks of Unchecked Allowances

Failing to manage dApp allowances can expose users to various risks. Here are some examples of potential hazards:

a) Unauthorized Token Transfers: If a dApp gains access to your allowances, it can transfer your tokens without your consent, leading to the loss or theft of your assets.

b) Exploitation of Minting Permissions: Malicious dApps may misuse allowances to mint new tokens in your name, potentially devaluing your existing holdings.

c) Account Vulnerability: Allowing unrestricted dApp access could compromise the security of your account, leaving it susceptible to unauthorized control or manipulation.

Am I safe if my wallet is disconnected?

It’s important to understand the distinction between disconnecting your wallet from a dApp and revoking approvals or allowances. While these processes may seem similar, they have fundamental differences that impact the level of access and control granted to dApps.

Disconnecting wallet vs. Revoking allowances

When you disconnect your wallet from a dApp, you are essentially canceling the permission for that dApp to access certain information, typically revoking the dApp’s ability to view your public address, token balances, and past activity. Disconnecting your wallet helps limit the visibility and interaction of the dApp with your account.

Revoking an approval or allowance goes beyond disconnecting your wallet. When you revoke an approval, you are essentially cutting off the dApp’s access to the contents of your wallet entirely. This means the dApp can no longer retrieve or manipulate your tokens. Revoking an approval is a more stringent action that ensures the dApp is completely barred from accessing and moving your assets.

It is crucial to note that while disconnecting your wallet limits certain permissions and visibility, it does not guarantee the same level of security as revoking approvals.

Considerations for effective permission management

a) Preventing Unauthorized Actions: By regularly reviewing and revoking unnecessary allowances, you limit the ability of dApps to perform actions on your behalf, reducing the risk of unwanted transactions or token misuse.

b) Protecting Token Integrity: Revoking allowances from unused or suspicious dApps ensures they cannot tamper with or create tokens associated with your account, preserving the integrity of your token portfolio.

c) Enhancing Account Security: Proper permission management minimizes the chance of a malicious dApp taking over your account, preserving your privacy, control, and overall security.

How to revoke dApp Approval(Allowances)

Vigilant users can utilize reliable revocation tools such as Ethallowance, Etherscan, Cointool, Revoke, Unrekt, or EverRevoke to efficiently manage and revoke allowances granted to dApps.

NOTE: Network fees are charged for revoking dApp Allowances as they are blockchain transactions. Depending on the revocation service you use, additional fees may apply.

Example of revoking allowance using Etherscan (Ethereum):

From D’CENT Wallet’s Discovery tab (the dApp browser), visit Etherscan (https://etherscan.io) and click on ‘Token Approvals’ under the Services sub-menu.

Click on ‘Connect to Web3’ and select ‘MetaMask’ to trigger a wallet connection on D’CENT Wallet.

You will be able to see which tokens and dApps are granted with Allowances. Click on the blue ‘Revoke’ button to revoke the allowance.

Example of revoking allowance using ‘Revoke’ (multichain):

Another excellent tool for users who use dApps on multiple networks is a third-party platform called ‘Revoke’.

From D’CENT Wallet’s Discovery tab (the dApp browser), visit Revoke (https://revoke.cash). Click on the main menu and click on ‘Connect Wallet’.

Click on ‘MetaMask’ to trigger a wallet connection with D’CENT Wallet.

Once connected, you will be able to see details of token assets and allowances granted to the smart contract that they’ve interacted with in the past. Scroll the screen to the right and you can find the ‘Revoke’ buttons under the Actions menu.