Revoke (Token Approval)

How It Works

To revoke a token approval, you send a transaction to the token contract calling the approve() function with the spender address and an allowance of zero. This overwrites the previous allowance, immediately removing the contract's ability to transfer your tokens via transferFrom().

Dedicated tools like Revoke.cash, Etherscan's token approval checker, and wallet-integrated features in Rabby and MetaMask simplify this process. These tools scan your wallet's on-chain approval history, display all active approvals with their spender addresses and remaining allowances, and let you revoke them with one click.

Each revocation is an on-chain transaction that costs gas. On Ethereum mainnet, a revoke transaction typically costs $1-3 in gas. On Layer 2 networks, the cost is usually under $0.05. Some wallets batch multiple revocations into a single transaction to save gas.

Why It Matters in DeFi

Old, unused token approvals are a hidden liability in your wallet. Every active approval is a potential attack vector — if the approved contract is exploited, your tokens are at risk. The DeFi ecosystem has seen numerous incidents where dormant approvals were exploited months or years after they were originally granted.

Security experts recommend revoking approvals immediately after completing the intended transaction, especially for contracts you do not plan to use regularly. Periodic approval audits — reviewing and cleaning up all active approvals — should be part of every DeFi trader's security routine.

Real-World Example

After swapping tokens on a new DEX aggregator, a trader visits Revoke.cash, connects their wallet, and sees the aggregator contract still has an infinite USDC approval. Since the trader does not plan to use that aggregator again, they click "Revoke" to set the allowance to zero, paying a small gas fee. If the aggregator contract were ever compromised, the trader's USDC would be safe because the approval no longer exists.