Smart Contract Approvals & Revoke Tools

To use your web3 wallet with DeFi protocols you must approve individual smart contracts for each token you want to stake, swap, or use in a liquidity pool. Every protocol has smart contracts you must approve and every contract approval costs gas. Sometimes a site will ask you to "sign" a transaction, this type of interaction does not cost gas and serves as way to prove ownership or control of the wallet you're connecting with. On the user end, these are all simple clicks. 

See contract interactions for liquidity & staking.

What you need to know is that every contract you approve, remains approved until revoked. Contract approvals are as they sound, you are approving a contract to use your token. Some contracts will approve a set amount of tokens, others will be "infinite approvals", approving unlimited access until revoked; infinite approvals increase vulnerability to risk. 

Learn more: What Are Smart Contracts & How They Work, Investopedia  

A contract exploit is when code is compromised by an existing loophole or glitch. Warning signs for unsafe contracts include unlocked liquidity, unlimited mint functions, and other transparent issues in the code. Smart contract security audits will show a detailed analysis of these functions and are publicly available to users. See audits under Certik in research tools. 

Mitigate the impact of potential contract exploit by revoking your approvals and avoiding smart contract interactions with unreliable protocols. Read more about smart contract exploit in risk.

Learn more: What is Smart Contract Risk?, Coinmarketcap Alexandria

Hardware wallets like Trezor and Ledger¹ increase security when interacting with smart contracts by putting private keys on a physical device, this protects you from unauthorized transactions taking place as you navigate through smart contracts. It is important to note if you approve a malicious contract, a hardware wallet will not stop the approval, however if you approve an infinite approval contract, it will prevent you from further damage by preventing secondary request. 

Learn more: What is a Hardware Wallet?, Trezor

Trezor and Ledger are both compatible with Metamask and can be used to navigate web3, Metamask is compatible with ETH and all EVM chains. 

Learn more: Hardware Wallets And MetaMask: Best Security Combo, Consensys

¹Trezors, Ledgers and all hardware wallets should be purchased from the official websites only. Never buy a hardware wallet from a third party like Amazon or Best Buy, it is safest to always double check the URL and purchase from the original manufacturer. 

The explorers listed below are Etherscan forks as well as revoke tools for each chain. There are also product options for aggregated revoke tools, such as Revoke.Cash which provide similar services.