How to Revoke Token Approvals — Step-by-Step (with Screenshots)

Table of contents

• Why revoke token approvals?
• How MetaMask handles connections vs allowances (short primer)
• Find token approvals (desktop and mobile) — quick methods
• Revoke approvals — Step-by-step (MetaMask extension on desktop)
• Revoke approvals — Step-by-step (MetaMask mobile: iOS / Android)
• Dealing with unlimited approvals (what "infinite" means and how to fix it)
• Comparison: Revocation methods at a glance
• Practical checklist: revoke approvals safely
• FAQ
• Conclusion & next steps

---

Why revoke token approvals?

Token approvals (also called token allowances) let a smart contract move tokens from your address. In many DeFi flows you grant a contract permission to spend a set amount (or an "infinite" amount) so it can execute swaps, deposits, or automated strategies. That convenience has a cost: if the contract or dApp gets compromised (or is malicious), those allowances let it move tokens without a separate approval prompt.

So why revoke? Three reasons:

• Limit exposure. Reducing allowances to zero removes the attack surface for that token-contract pair.
• Clean up stale permissions. I routinely audit allowances after heavy dApp use; leftover approvals accumulate fast.
• Control spending patterns. If you only use a dApp occasionally, revoking between sessions reduces risk.

Short and blunt: one revoke = one on-chain transaction. It costs gas. But if a token or contract is sensitive, revoking can be cheaper than recovering stolen funds later. And yes, that’s a practical trade-off many experienced users accept.

How MetaMask handles connections vs allowances (short primer)

Two separate concepts often confuse users:

• Connected dApps / Connected Sites: this is MetaMask’s list of sites that can request signatures or transaction requests from your account. Disconnecting here prevents the site from easily re-initiating requests, but it does NOT change token allowances on-chain.

• Token allowances (approve/allowance): this is an on-chain ERC-20 (or similar) state that records how many tokens a spender contract may transfer from your account. Revoking is an on-chain change (approve(spender, 0) or a specific amount).

Why mention this? Because many users think disconnecting a dApp removes permissions. It does not. You must revoke allowances separately.

(If you want a walkthrough of MetaMask basics first, see install-metamask-chrome-extension or metamask-mobile-ios-android).

Find token approvals (desktop and mobile) — quick methods

Two practical ways to locate existing approvals:

1. Block-explorer Token Approval Checker (read-only by pasting your address). This shows spender addresses and allowance amounts for many EVM-compatible chains.

2. Wallet-connected tools (permissioned): connect your MetaMask account and review an interactive list that allows direct revocation.

Screenshot placeholders:

Tip: look for very large numbers (near the uint256 maximum). Those are usually "infinite" approvals.

Revoke approvals — Step-by-step (MetaMask extension on desktop)

This is a common flow I use on desktop. The example assumes you use a token-approval tool or Etherscan's approval checker.

Steps (method A: using an approval tool that supports direct revoke):

1. Open your browser with MetaMask extension unlocked.
2. Navigate to the approval-checker tool (use the official site URL; verify TLS and domain).
3. Connect MetaMask only if you must sign. (Prefer read-only first by pasting the address when available.)
4. Review the list: identify spender contracts you no longer use.
5. Click "Revoke" for the chosen allowance.
6. MetaMask will open a transaction confirmation. Check the function (often an approve call setting allowance to 0), gas limit, and gas fee (EIP-1559 fields).
7. Confirm and wait for the transaction to be mined. Verify the allowance is now zero.

Steps (method B: manual via block explorer contract write — avoids third-party tools):

1. Find the token contract on the block explorer and open the contract's "Write" tab.
2. Connect your wallet via the explorer's Web3 connector (this uses MetaMask).
3. Call approve(spenderAddress, 0). If the UI requires raw values, set 0.
4. Confirm the transaction in MetaMask.

Screenshot placeholders:

But remember: disconnecting the site is not revoking the allowance.

Revoke approvals — Step-by-step (MetaMask mobile: iOS / Android)

Mobile is where most users interact. I’ve revoked approvals from my phone when traveling.

Option A: Use MetaMask mobile in-app browser with an approval tool

1. Open MetaMask app and unlock.
2. Tap "Browser" (or open the in-app browser tab).
3. Enter the approval-checker tool URL and load it. Verify the domain.
4. Connect using MetaMask (or paste your address if the site supports read-only checks).
5. Tap "Revoke" for the desired spender; MetaMask will prompt to confirm the transaction.
6. Approve the gas fee and send. Monitor the transaction in the Activity tab.

Option B: Use the block explorer mobile interface and the token contract's write interface (similar to desktop but via mobile browser).

Screenshot placeholders:

Note: mobile approvals are identical on-chain to desktop. The UX differs but the result is the same.

Dealing with unlimited approvals (what "infinite" means and how to fix it)

"Infinite" approvals are typically the maximum uint256 value (2^256 - 1). That number is large and shows up when contracts ask for a one-time, never-repeat approve to avoid repeated approvals.

Why is that risky? If a malicious contract or a hacked dApp gets control, it can drain the full balance up to that allowance. You can detect infinite approvals in approval-checkers (look for very large allowance numbers).

How to fix:

• Recommended safe pattern: set the allowance to 0 first (approve(spender, 0)), then optionally set it to a specific smaller amount for future use (approve(spender, desiredAmount)).
• This two-step approach avoids some ERC-20 implementations that require first zeroing the allowance.

Be aware: two on-chain transactions = two gas payments.

Comparison: Revocation methods at a glance

Method	Shows allowances	Requires wallet connection	On-chain tx required	Ease (1–5)	Notes
MetaMask extension + approval tool	Yes	Yes (often)	Yes	4	Convenient on desktop; verify site domain
MetaMask mobile (in-app browser)	Yes	Yes	Yes	3	Good for quick fixes; watch URLs carefully
Block explorer (read-only)	Yes	No (paste address)	No (for read) / Yes (to write)	3	Safer initial audit; manual contract write available
Manual contract write	Limited (token-specific)	Yes (via explorer)	Yes	2	Highest control; more steps

Practical checklist: revoke approvals safely

1. Audit allowances (read-only first).
2. Prioritize revocation for high-value tokens and "infinite" approvals.
3. Use a trusted method (block explorer write or a reputable approval tool).
4. Confirm approve(spender, 0) transaction details in MetaMask before signing.
5. If you still need the dApp later, re-approve a specific amount rather than infinite.
6. Keep a record (screenshot or notes) of revocations for your security logs.

FAQ

Q: How do I revoke token approvals? (short answer) A: Find the spender in a token-approval checker, then send an on-chain transaction to set allowance to 0 (approve(spender, 0)) via MetaMask desktop or mobile. See steps above.

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for DeFi but carry higher risk than cold storage. Use a hot wallet for daily activity, keep large holdings in hardware wallets, and revoke approvals you no longer need. For deeper guidance see security-checklist and seed-phrase-backup-recovery.

Q: What happens if I lose my phone? A: Losing the device doesn’t automatically expose funds if you have a secure seed phrase and a device lock. But an unlocked app could be exploited. If compromised, follow the steps in compromised-wallet-what-to-do.

Q: How do I find token approvals in MetaMask? (find token approvals metamask) A: MetaMask shows connected sites but not a full on-chain allowance table in all versions. Use a token-approval checker or block explorer to find on-chain allowances for your address.

Conclusion & next steps

Revoking token approvals is a small habit with outsized risk reduction. It costs an on-chain transaction (and therefore gas), but I’ve found routine audits (monthly or after heavy dApp use) reduce exposure significantly. Want hands-on practice? Try a read-only audit first, then revoke one low-value allowance to see the flow.

Next reading: token-approvals-revoke, using-etherscan-with-metamask, and a mobile-focused walk-through: metamask-mobile-ios-android.

If you found this practical, run the quick checklist above and revoke any leftover infinite approvals you don’t actively use. But always double-check contract addresses before signing.