Setting unreasonably high token allowances can be a risk. We are adding a new notification & way to edit these allowances.
First, let us point out that we really appreciate the recent discussion around token allowances with a special thanks to ZenGo with their recent post on wallets that might want to check their dealings with the topics.
Now, let’s start from the beginning, look at challenges and then find the solutions that we integrate into the next version of imToken -> soon™
About Approvals
If you ever used a DApp on Ethereum there’s a very high chance you have approved an ERC20 token to be used by a smart contract.
Approvals are first and foremost a technical solution: We first approve the contract for the token, then call the DApp contract which calls the transferFrom function.
Simply put: Contracts can’t know when a token is transferred to them. Instead, we give the contract the right to take the tokens by itself.
To deposit tokens on your favorite lending DApp you would first approve the DApp’s contract with the amount you want to deposit and then call the deposit function that will move your token to the DApp contract.
The risk
However, there are two different ways approvals are used:
- Sometimes approvals allow the DApp to transfer for example 5 DAI or 10 BAT, i.e. whatever you set in the approval transaction
- Often the amounts approved are very high — basically unlimited — allowing the DApp to transfer all of your tokens
With unlimited approvals, any DApp (or the admin controlling it) can at any time transfer your tokens, without requiring any further approval.
A smart contract (or it’s admin) can steal a bigger amount of your tokens at any time. Or a hacker might steal your money when that contract has vulnerabilities.
Approving a limited allowance of 5 Dai would mean that this DApp can only use 5 Dai out of your wallet, for a single time.
Swapping on a DEX, you would need to send approval transactions every single time, but could be sure that the DEX takes only a limited amount of tokens out of your wallet.
Some smart contract wallets allow you to approve limited amounts within every single transaction. Imagine using any DApp and automatically limit your ERC20 allowance for the specific amount of that transaction.
Note: Since approvals don’t expire, you need to manually revoke them via tools such as tac.dappstar.io , approved.zone or revoke.cash (in your imToken browser or other wallets).
Our Solution — Notify and Edit
Following our design philosophy, we want to offer our users the ability to make educated decisions, just like imToken already warns when entering a malicious DApp.
Following the EIP1102 process, DApps will not be able to see your account until you accept them.
Already today, you can use tools such as Token Allowance Checker in your imToken DApp Browser for managing all of your allowances. The tools scan your address to give you an overview of all allowances that you every set on any contracts. Use the tool to check which one you want to revoke. Additionally, we will build a similar tool of our own.
We are introducing updates in two steps:
- An improved notification for setting ERC20 allowances (comes with next update)
- A way to edit ERC20 allowances
With the next update, imToken will show you a special transaction notification for approvals. Each time you set a new approval, the app will show you both the token as well as the amount of tokens you are setting as allowance. While this doesn’t stop users from setting unlimited allowances, we are sure that it helps to make educated decisions.
Afterwards, we will update the approval process in a way that allows you to edit allowances as you set them. Any DApp that asks for a very high allowance can be forced to accept a low one.
Long-term, we hope that DApps will support approve-and-execute schemes in which a single user interaction both sets the allowance as well as executes the transaction.