What Are Blockchain Approvals and How to Manage Them?

1. What are blockchain approvals?

Blockchain approvals refer to the permissions you grant to an externally owned address (EOA), decentralized application (dApp), or smart contract to spend, transfer, or perform specific actions with your tokens on your behalf.

For example, when you interact with a decentralized exchange or a lending protocol, you may need to approve a smart contract to handle your tokens during transactions.

2. How to manage my blockchain approvals?

You may view a list of the blockchain approvals you authorized from the Binance app.

1. Log in to your Binance app and go to your Binance Wallet. Choose [Assets] - [Approvals].

2. You’ll see all the risky approvals detected by the system. Tap [Revoke] on each to view details.

3. View the transaction details. If you recognize it, tap [Confirm] to approve. 

4. Alternatively, scan the QR code below with your Binance app to view all your approved permissions.

3. What are the possible risks of granting blockchain approvals?

Some approvals can become risky due to the following reasons:

• EOA approvals: Giving approval to an EOA (externally owned address) is very risky as it means you’re giving another wallet or address ownership over the assets in your wallet. They can access and manage your assets now and in the future until the approval expires or reaches a set limit.
• Granting unlimited access: Granting an external party unlimited or extensive access to your tokens can lead to asset loss. These authorizations stay active even if the project is no longer maintained, putting your assets at risk.
  • For example, if the approved value is “unlimited”, they will have perpetual access to the specified token until you manually revoke access to it.
  • Binance has limited users from granting perpetual access on some blockchains, such as BNB Chain and Ethereum, and is working to expand this limit to more blockchains for better wallet safety.
• Compromised dApp/smart contract or phishing scams: If the dApp or smart contract you authorized is hacked or malicious, your assets could be exploited or lost.
• Network fee/gas fee scams: Scammers sometimes create fake approvals on certain contracts. When you try to revoke these approvals, they charge you a high network fee. These contracts are designed to use the collected fees to perform other transactions in the background, often creating new tokens. Remember, the cost to revoke an approval is usually very low. Always be cautious if revoking an approval requires an unusually high fee.

4. What are some common risky approval avenues?

• Phishing scams: Hackers may create fake websites to trick you into granting permissions to fraudulent dApps or smart contracts. They can then use these permissions to move and manage your assets without your consent.
• Hacked or abandoned projects: If a smart contract or app you’ve approved gets hacked or is no longer maintained, and you’ve given them unlimited access to your tokens, your assets could be at risk.
• Projects with unverified or hidden codes: Be cautious about giving approvals to projects with hidden or unverified codes. It’s harder to know what they will do with the permissions you grant them.

5. Why does the withdrawal system warn me about risky approvals?

When you withdraw funds from Binance Exchange to a blockchain address, you may see a risky approval warning on the withdrawal page. This means that there’s a chance the receiving address is being flagged as unsafe and any transfer could result in the receiving address losing the deposited funds. 

To protect your assets, you may:

• Revoke the approval, and/or
• Stop the withdrawal.

6. What happens if I ignore a risky approval warning?

If you continue to withdraw assets to an address flagged as risky, your assets could be transferred out of your wallet without your consent. Therefore, we strongly recommend that you do not ignore any risky approval warnings and regularly review and revoke unnecessary approvals.

7. How to protect myself from risky approvals?

• Review before approving: Always check the project’s details before granting them permissions. Avoid granting approvals to a contract with hidden code, as you won’t be able to determine its purpose.
• Set approval limits: When possible, avoid granting unlimited approvals. Specify a limited period and/or amount for the approval.
• Review and revoke approvals regularly: Review approvals on a regular basis. Revoke approvals if the project is no longer maintained or becomes suspicious.
• Stay informed: Use the Binance app to receive updates about new risks or suspicious contracts and dApps.

8. How to learn more about blockchain security?

The Binance Security Team regularly publishes educational articles and FAQs to help you identify possible risks and protect your assets. For more details, please visit: 

• Web3 Wallet Security: The Risks of Approving Smart Contract Transactions
• Web3 Wallet Security: The Risks of Signing Blockchain Messages
• Phishing blogs

If you need further assistance, please reach out to our customer support.