What is Token Approval?
Reviewed 2026-06-25
Definition: A token approval is on-chain permission you grant a smart contract to spend your tokens up to a specified amount. Approvals are required to use DeFi protocols, but they never expire on their own. Old or unlimited approvals to inactive contracts are a standing attack surface until you revoke them.
How it works
ERC-20 approvals are stored on-chain and persist indefinitely unless you revoke them. When you connect to a DeFi protocol and approve token spending, that approval remains active even after you stop using the protocol, even if the protocol is shut down, and even if the contract is later exploited or upgraded maliciously. Unlimited approvals — where the approved amount is set to max uint256 — are especially risky because they cover your entire token balance with no cap. Approval-based exploits are one of the most common ways funds are drained from wallets.
How to protect yourself
Review your active approvals periodically and revoke the ones you no longer use. When a protocol asks for an unlimited approval, consider setting a specific limit instead. An approvals scanner lists all active approvals and lets you revoke in one transaction.
Frequently asked questions
Do token approvals ever expire automatically?
Standard ERC-20 approvals do not expire. Only protocols that implement time-limited Permit2 signatures include an expiry. Plain approvals are indefinite until you revoke them.
What is the risk of an unlimited token approval?
An unlimited approval gives the contract permission to transfer your entire token balance at any time. If the contract is exploited, upgraded maliciously, or the keys are compromised, all approved tokens are at risk.
How do I revoke a token approval?
Use an approvals scanner to list your active approvals, then click revoke on any you want to remove. Revocation is a standard on-chain transaction that costs a small amount of gas.