Token Approval

What is token approval?

Token approval is a permission you grant from your wallet that authorises a specific “spender” address (usually a smart contract) to move a certain amount of a token you own. It’s a core building block of DeFi because most apps can’t pull tokens directly from your wallet without your explicit consent. Approvals are separate from swaps or deposits: you can approve today and the contract can later spend up to the approved amount when you interact with it. Understanding approvals is also a practical part of how to secure your crypto wallet, because a risky approval can be abused even if you never sign another token transfer.

Token approval crypto

In token approval crypto flows, the approval is typically the first step before an app can do anything with your tokens. For example, when you use a DEX, lending protocol, or yield vault, the app’s contract needs permission to move your USDC, DAI, or other ERC-20 tokens from your address into the protocol. You grant that permission by signing an “approve” transaction in your wallet, which writes an allowance on-chain. After that, the protocol can call a function that transfers tokens from you to itself (or another contract) as part of a later transaction you initiate. Because approvals persist until changed, it’s wise to periodically revoke approval for contracts you no longer use.

ERC-20 approval

ERC-20 approval refers to the standard mechanism defined by the ERC-20 token interface: an owner calls `approve(spender, amount)` to set how many tokens the spender is allowed to use, and the spender later uses `transferFrom(owner, recipient, amount)` to move tokens within that limit. The token contract tracks this permission as an allowance keyed by (owner, spender). Importantly, the approval does not move funds by itself; it only sets the rules for what the spender can do later. Many wallets and dApps show this as “Allow this app to spend your token.” To reduce surprises, use transaction simulation tools when available so you can preview what a follow-up action is likely to do with your approved tokens.

Unlimited approval

Unlimited approval is when you approve a very large number (often the maximum uint256 value) so the dApp doesn’t need you to approve again for future actions. This improves convenience—one approval can cover many swaps, deposits, or repayments—but it increases blast radius if the spender contract is malicious, compromised, or if you approved the wrong address. Unlimited approvals are also a common target for approval phishing, where a site tricks you into approving a spender that can later drain tokens without needing another signature. A safer habit is to approve only what you intend to use, or to use unlimited approvals only with highly trusted contracts and then revoke approval when you’re done.

Allowance

Allowance is the on-chain record of how much a spender can still spend from an owner’s balance for a given token. Think of it like a prepaid spending limit: if you set an allowance of 500 tokens and the spender uses 120 via `transferFrom`, the remaining allowance becomes 380 (unless the token uses a non-standard pattern). Allowances are token-specific and spender-specific, so approving a DEX router for USDC does not approve it for DAI, and approving one contract does not approve another. Changing an allowance is also a state change that costs gas, and some tokens historically had edge cases when updating a non-zero allowance directly. Practically, the key takeaway is to treat allowances as standing permissions you should audit, especially after interacting with new dApps.

Why token approval matters

Token approval matters because it’s the permission layer that makes non-custodial apps usable: protocols can execute multi-step actions (swap, deposit, repay, rebalance) without taking custody of your wallet. At the same time, approvals are one of the most misunderstood wallet prompts, and mistakes can be costly—especially with unlimited approvals or when users fall for approval phishing. Good hygiene includes checking the spender address, using transaction simulation to understand what a transaction is likely to do, and regularly reviewing and revoke approval for old contracts. If you’re building safer habits around how to secure your crypto wallet, managing token approvals is one of the highest-impact steps you can take.