Some of the most exciting features of web3 and blockchain technology are decentralization, freedom, and full right over privacy. These features enable blockchain users to control who and what they interact with freely.
Essentially, when you interact with networks or send transactions, you can sign and authorize the transaction yourself. With this, you can choose and reject any interaction.
Similarly, when interacting with web3 dApps, you can easily choose and reject interaction with these dApps via Metamask approval. Once you do this, the dApp will be connected to your wallet.
However, before you understand the aspect of approving these dApp permissions and approvals, it is important to understand cryptography.
In this guide, you’ll learn the basics and core features of permissions and approvals in web3 and how you can revoke them easily.
Approval in Web3
As mentioned earlier, web3 has paved the way for a permissionless interaction with dApps. However, your public and private addresses generated within your wallet serve as a key that unlocks the myriad of opportunities in the web3 world.
Therefore, before you can interact with dApps, your keys must interact with each other. The private keys give you access to interact with web3 while initiating interactions. On the other hand, the public keys allow you to verify, approve and sign the interaction.
Typically, when a blockchain user sends a request, the recipient address encrypts the request. Once the transaction has been processed, only the corresponding private keys of the recipient can decrypt the transaction.
However, with web3 approvals and signatures, both keys work hand in hand. Once a sender interacts, the private keys encrypt the transaction, while both keys must match together to decrypt the transaction.
Therefore, this ensures that only the sender of the interaction can append their signature to the document, making it immutable.
There are two main types of approval when connecting your wallet to a site; DApp permission and token approval.
1. DApp Permissions
DApp permission is a prerequisite to using any dApp on a blockchain network.
With this permission, you are allowing the dApp to retrieve your address. For some dApp, this occurs automatically, while some require you to tap CONNECT WALLET manually.
2. Token approval
Before initiating any monetary transaction with a dApp or DeFi platform, you must first allow the platform to have access to your tokens. Token approval occurs when interacting with any smart contract in a dApp. Therefore, to carry out a transaction, you must approve your wallet for token transfer.
If you’re confirming your wallet for Token Approval for the first time, the first stage allows the smart contract to access your wallet balance. Once you confirm the transaction, the smart contract submits the transaction to the blockchain.
Therefore, each time you confirm these approvals, you are signing the transaction with your private keys while the public keys make it immutable, reducing the risk of fraud.
If you want to initiate a smart contract interaction on the same dApp or DeFi platform, the smart contract will be allowed to check your messages and confirm if you’ve previously allowed token access.
Once they verify that it’s you, the smart contract automatically completes the transaction since they have access to move your asset around.
Dangers of Approval and Permission
Despite its huge benefit in promoting immutability, decentralization, and anonymity in blockchain, vulnerability remains the biggest caveat of using noncustodial wallets like Metamask.
Although all your wallet details, including private keys and secret phrases, are kept secure, connecting to a scam website can expose your assets to unprecedented danger.
These days, it is easier for anyone to create any dApp or token. While many of these are created by reliable developers, bad people, including hackers and scammers, take advantage of this to create malicious platforms to lure wallet users into connecting their wallets to gain access to their assets.
Token approvals are one of the most common links of attack for scammers. In fact, phished websites that request token approval contribute to the loss of billions of dollars worth of crypto and NFT assets yearly.
Meanwhile, token approval can vary with different smart contracts or dApp. For some, access to assets can be limited. However, unlimited access allows a smart contract to draw as many assets as possible from your wallet.
Unlimited dApp access to funds is usually not a problem. It is common with DEX because they don’t want you to go through the painstaking process of re-approving subsequent transactions on the platform. However, if you connect to an unknown malicious dApp with unlimited access, there’s no limit to what you can lose.
Fortunately, crypto wallets like Metamask display all essential information for Token Approval so that you can vividly know what you’re signing and approving.
Also, you can easily remove suspicious sites from assessing anything from your wallet.
2 Ways to View and Remove Connected Sites on Metamask
For many crypto traders, connecting to every dApps to interact with smart contracts is understandable. However, doing this without keeping track of your approvals and connection will expose your asset to attacks.
This is simply because token approvals are a common point of compromise for hackers and cyber attackers.
Since you’ve approved access to your assets, hackers can easily leverage this to move your assets and drain your wallet.
Therefore, it is advisable to review your approvals frequently and revoke access to suspicious ones.
Fortunately, reviewing and revoking all dApps and websites you’ve connected to is easier. You can easily do this via your blockchain explorer for Ethereum, BNB Chain, and Polygon by going to the ‘approval checker’ section.
All you have to do is connect your wallet to these platforms, review the sites you’re connected to and revoke their access to your wallet.
Here’s how to see and remove connected sites on Metamask mobile
1. Using blockchain explorer
- Go to the ‘approval checker’ section on the blockchain explorer
- Connect your wallet
- Revoke access
1. Go to the ‘approval checker’ section on the blockchain explorer
Many blockchain explorers have an integrated ‘approval checker’ that checks and keep track of all sites a wallet user has connected to.
This function is available for Ethereum, BNB Chain, and Polygon explorers. To access this function, go to the ‘approval checker’ section of your explorer by navigating to the websites below:
- For Ethereum: https://etherscan.io/tokenapprovalchecker
- BNB Chain: https://bscscan.com/tokenapprovalchecker
- Polygon: https://polygonscan.com/tokenapprovalchecker
Alternatively, you can go to your explorer. On the home page, click on MORE from the options on the upper navigation bar.
Then go to TOOLS > Token Approvals.
2. Connect your wallet
Once you’re on this page, click on CONNECT TO WEB3 to connect your wallet to the explorer and review all approvals.
Approve the connection by signing the prompt in your Metamask wallet.
3. Revoke access
After connecting your wallet, you will see a list of all the sites and dApps your wallet is connected to.
Under the TOKEN APPROVALS, you will see all details, including the TXN HASH, the Smart Contract, Spender, amount, connection date, and revoke option.
To remove a particular site, tap the symbol under the REVOKE section of the approval.
Meanwhile, you must pay gas fees with the blockchain’s native token before you can completely remove a website.
Approve the REVOKE transaction in your wallet, and the site will be removed instantly.
2. Using third-party Smart Contract Allowance Checker
Alternatively, you can use third-party platforms like Revoke, Unrekt, Approved.zone, and Cointool to review and revoke access.
Unrekt and Cointool are multichain platforms to remove connected websites securely. However, Revoke and Approved.zone are mainly for the Ethereum network.
To use these platforms, simply navigate to a preferred one:
- Unrekt: https://app.unrekt.net/ (Multiple chains)
- Cointool: https://cointool.app/approve/eth (Multiple chains)
- Approved.zone: https://approved.zone/ (Ethereum)
- Revoke: https://revoke.cash/ (Ethereum)
Connect your Metamask to any of the platforms.
Ensure you approve the connection to review all sites and dApps connected to your wallet.
To remove any website, tap REVOKE under any Contract and approve the transaction in your wallet. That’s all.
Reviewing a website carefully before approving it in your wallet is always important. Doing your own research (DYOR) online is also beneficial. This gives you more insight into the legitimacy of a project, dApp, or smart contract.
For instance, you can ask yourself how well-known the project is. A good project often establishes an excellent presence on the internet and on all social media platforms, including Twitter, Reddit, Telegram, or even Discord.
The time that the project was established is also important. Hit-and-run developers create many new projects. Therefore, the reputation of the developers and how long the project has been around also count.
Security audits are another way to determine the legitimacy of a project. Always check the project’s audit from top crypto security audit firms, including Certik, OpenZepellin, Hacken, QuantStamp, SolidProof, and Consensys.