How to Use Revoke Cash

Short Answer

Revoke.Cash (“Revoke”) is a widely used tool that crypto (notably, DeFi and NFT ) investors can leverage to ensure their wallets are safe and detached from smart contracts and the protocols that deploy them. Users can connect their wallet to Revoke.Cash, or install the browser extension.

Share With Friends

Note: always make sure you’re using the correct URL — https://revoke.cash/ — to access Revoke.Cash. There are many fake, phishing websites that attempt to steal from or harm unsuspecting users.

Created by Rosco Kalis, Revoke Cash is a free, widely used security tool for Web3 users to protect their digital assets like DeFi investments and NFTs.

Before we understand the value and utility of Revoke.Cash, let’s make sure we understand the mechanics of smart contracts and what’s actually happening when you grant permissions to protocols via your MetaMask (or other) wallet.

When a user interacts with a protocol (a DeFi protocol or NFT marketplace, for example), smart contracts serve as the gears and levers to process and execute the interactions on behalf of each participant. In the context of DeFi, smart contracts are used to execute many functions, like swapping, staking, lending, etc. When users give permission for the protocol or marketplace to spend token(s) from their wallet, it’s referred to as an allowance.

We’re building data-driven tools to help all DeFi investors thrive.

Track Your Wallet

Multi-chain assets, LPs, yield farm, and lending data charts with more features being planned.

Learn More DeFi

Our growing library of DeFi resources and educational content keeps you in the know.

We’re building data-driven tools to help all DeFi investors thrive.

Like the content? Follow us.

Let’s take an example: a user adding liquidity to a liquidity pool.

In the simplified diagram below, we can see that smart contracts serve the investor by pulling funds from the wallet, and executing the necessary trade: the depositing of investor assets in exchange for liquidity pool tokens. In this instance, the investor is granting permission for the contract to interact with their wallet to achieve the desired outcome.

Smart contracts will be used again when the investor decides to withdraw their liquidity pool tokens from the protocol.

Depending on the scenario, the smart contract might be swapping (or staking, etc.) a certain (“set”) amount of tokens on behalf of the user. In other instances, however, the smart contract may default to “unlimited” — allowing the investor to deploy, swap, stake (etc.) as much of X asset into X liquidity pool or yield farm on X protocol as they wish.

Granting the contract “unlimited” permission makes for a faster, less repetitive (read: better) user experience, but it does come with additional risk. If the smart contract has a flaw, or “back door” planted in the code by a malicious developer, the user’s wallet could be drained of all funds.

As Rosco says in his own blog, regarding unlimited permissions and user experience:

… this setup comes with significant drawbacks. As we know, bugs can exist and exploits can happen even in established projects. And by giving these platforms an unlimited allowance, you do not only expose your deposited funds to these risks, but also the tokens that you’re holding “safely” in your wallet.

Finding this content helpful? We want to hear from you.

What can users do to protect themselves?

DeFi and NFT investors and users have two immediate options they can deploy to protect themselves:

  • Option 1: Edit wallet transactions to set allowances, vs. “unlimited” spending.
  • Option 2: Use Revoke.Cash regularly to remove allowances from protocols.

Option 1: Edit wallet transactions to set allowances, vs. “unlimited” spending.

In this option, a user can manually adjust the permissions before approving a transaction. In the sample images below, the SpiritSwap protocol is asking the user for permission to spend the wallet’s OATH tokens for a swap. By default, most protocols have an unlimited — or high — permission request.

Moving from left-to-right, we can thee that the user has

  • (left): connected to SpiritSwap,
  • (middle) initiated a swap using the wallet’s OATH tokens,
  • (right) editing the allowances to a set amount (1)

Note: Usage of SpiritSwap protocol and FTM & OATH tokens is for illustrative purposes only.

By updating the settings (selecting “Edit Permissions”) a user can be more specific and, subsequently, safe, in how the contracts interact with their wallet and digital assets.

Sometimes, a user will see “Unlimited” or “Proposed” Approval Limit. Per MetaMask’s documentation on this topic:

‘Proposed Approval Limit’ is the request that [the protocol] is making. In this case, it wants to be able to access a number so large that it’s written in scientific notation (also known as E notation). If we were to write this number out in full, it would be 60 digits long — essentially an unlimited amount.

TOOLS IN BETA

Build a data-driven,profitable,multi-chain,balanced

DeFi portfolio.

  • track 50,000+ liquidity pools
  • visualize LP Token prices and metrics
  • spot new opportunities in real time
  • add multiple wallets to your account
Yield Monitor DeFi Dashboard

TOOLS IN BETA

Build a data-driven,profitable,multi-chain,balanced

DeFi portfolio.

track 50,000+ liquidity pools
visualize LP Token prices and metrics
spot new opportunities in real time
add multiple wallets to your account

Option 2: Use Revoke.Cash regularly to remove allowances from protocols.

Revoke (Revoke.Cash) is a helpful tool that DeFi and NFT investors can use to stay vigilant of their wallet actives and reduce smart contract risk.

Using Revoke requires three simple steps:

  1. Connect your wallet to the website, or install their browser extension
  2. Select your desired network and begin filtering using the tools provided
  3. Revoke applications and protocols as desired for security and peace of mind

Keep in mind that revoking allowances is a transaction and requires a small amount of gas to complete.

In the screenshot below, we can see a test wallet connected to Revoke. We see that:

  1. We’re viewing allowances on the Binance Network
  2. The user has “Unlimited” allowances for BUSD and USDC
  3. The “Authorized Spender” (blurred for privacy) is the same, which we can use to infer this is the same DeFi protocol
    • We can assume this is likely a “safe” situation, but can Revoke allowances to be safe
  4. Revoke’s tools offer the user to Revoke permissions for safety, via the button on the right side

Revoke offers a set of useful filters via the dropdown menus. This allows users to sort by Token or NFT, allowance size, asset name, and most recent allowances. This “Newest to Oldest” sorting feature is particularly useful if a wallet is actively under attack. Assuming a user connects to Revoke in time, they may be able to stop a malicious actor from stealing all wallet assets.

Note: Usage of Binance Smart Chain and BUSD & USDC tokens is for illustrative purposes only.

Additionally, we can see that:

  1. This wallet has some unknown assets (“NASA” and “SDJT”)
  2. There are no allowances granted for these unknown assets, which is great
    • These are likely airdropped scam tokens, and should be ignored

We can see Revoke allows the user to adjust among various EVM blockchains to view assets and permissions in other networks. It’s good practice for a wallet owner to periodically check their allowances across networks to maintain a secure wallet.

If you prefer video guides, this tutorial from WiiMee offers a simple and fast video walkthrough of the platform.

Note: Yield Monitor has no affiliation with WiiMee. We just appreciate the video. Follow him here.

Key Takeaways for Wallet Users

Maintaining a secure wallet is extremely important to keeping your DeFi and NFT investments safe. A simple and effective way is to keep an eye on allowances before and after you’ve interacted with various protocols. You can do this by:

  1. Reviewing and editing a transaction before you make a swap or purchase
  2. Using tools like Revoke.Cash to update and remove allowances regularly

If you want to read more about this topic, these links may be of interest to you:

  • Follow Revoke.Cash creator Rosco Kalis on Twitter
  • Read his 2020 blog post about Unlimited ERC-20 Allowances
  • Use Revoke.Cash and read their FAQs
  • Download the Revoke.Cash browser extension
  • Read MetaMask’s useful documentation about:
    • Custom Spending Limits — here
    • Revoking Allowances / Approvals — here
    • Token Approvals — here

Information contained on this website and in this article are for informational and entertainment purposes only. Yield Monitor does not offer financial, investing, or trading advice. Yield Monitor does not endorse any of the products, tools, or services mentioned in this article. Yield Monitor does not guarantee the reliability or accuracy of this content and shall not be held liable for any errors, omissions, or inaccuracies. Decentralized Finance (DeFi) is rapidly evolving; all readers are encouraged to regularly do their own research and consult a financial professional before making any investment decision. Learn more in our Terms of Service.

2560 1707 Yield Monitor