Token Approvals and Permissions

Token approvals are hidden permissions. When you approve an ERC-20 spend or grant setApprovalForAll on an NFT collection, you give a contract ongoing authority to move those assets — sometimes forever, without asking again.

Unlimited approvals are convenient for protocols that pull tokens on each swap or deposit, but they are dangerous if the approved contract is malicious or later compromised. Permit signatures (EIP-2612) achieve a similar effect off-chain, so reading what you sign matters just as much as reading on-chain approvals.

Prefer exact allowances when the protocol supports them. Many wallets now highlight unlimited approvals in red; do not dismiss those warnings without understanding why they appear.

Audit your approvals quarterly, especially on wallets used for experimental DeFi. A protocol you trusted last year may have been exploited, upgraded to malicious logic, or simply abandoned while its approvals live on.