Note: always make sure you’re using the correct URL — https://revoke.cash/ — to access Revoke.Cash. There are many fake, phishing websites that attempt to steal from or harm unsuspecting users.

Before we understand the value and utility of Revoke.Cash, let’s make sure we understand the mechanics of smart contracts and what’s actually happening when you grant permissions to protocols via your MetaMask (or other) wallet.

When a user interacts with a protocol (a DeFi protocol or NFT marketplace, for example), smart contracts serve as the gears and levers to process and execute the interactions on behalf of each participant. In the context of DeFi, smart contracts are used to execute many functions, like swapping, staking, lending, etc. When users give permission for the protocol or marketplace to spend token(s) from their wallet, it’s referred to as an allowance.

In the simplified diagram below, we can see that smart contracts serve the investor by pulling funds from the wallet, and executing the necessary trade: the depositing of investor assets in exchange for liquidity pool tokens. In this instance, the investor is granting permission for the contract to interact with their wallet to achieve the desired outcome.

Smart contracts will be used again when the investor decides to withdraw their liquidity pool tokens from the protocol.

Depending on the scenario, the smart contract might be swapping (or staking, etc.) a certain (“set”) amount of tokens on behalf of the user. In other instances, however, the smart contract may default to “unlimited” — allowing the investor to deploy, swap, stake (etc.) as much of X asset into X liquidity pool or yield farm on X protocol as they wish.

Granting the contract “unlimited” permission makes for a faster, less repetitive (read: better) user experience, but it does come with additional risk. If the smart contract has a flaw, or “back door” planted in the code by a malicious developer, the user’s wallet could be drained of all funds.

As Rosco says in his own blog, regarding unlimited permissions and user experience:

DeFi and NFT investors and users have two immediate options they can deploy to protect themselves:

• Option 1: Edit wallet transactions to set allowances, vs. “unlimited” spending.
• Option 2: Use Revoke.Cash regularly to remove allowances from protocols.

In this option, a user can manually adjust the permissions before approving a transaction. In the sample images below, the SpiritSwap protocol is asking the user for permission to spend the wallet’s OATH tokens for a swap. By default, most protocols have an unlimited — or high — permission request.

Moving from left-to-right, we can thee that the user has

• (left): connected to SpiritSwap,
• (middle) initiated a swap using the wallet’s OATH tokens,
• (right) editing the allowances to a set amount (1)

By updating the settings (selecting “Edit Permissions”) a user can be more specific and, subsequently, safe, in how the contracts interact with their wallet and digital assets.

Sometimes, a user will see “Unlimited” or “Proposed” Approval Limit. Per MetaMask’s documentation on this topic:

Revoke (Revoke.Cash) is a helpful tool that DeFi and NFT investors can use to stay vigilant of their wallet actives and reduce smart contract risk.

Using Revoke requires three simple steps:

1. Connect your wallet to the website, or install their browser extension
2. Select your desired network and begin filtering using the tools provided
3. Revoke applications and protocols as desired for security and peace of mind

Keep in mind that revoking allowances is a transaction and requires a small amount of gas to complete.

In the screenshot below, we can see a test wallet connected to Revoke. We see that:

1. We’re viewing allowances on the Binance Network
2. The user has “Unlimited” allowances for BUSD and USDC
3. The “Authorized Spender” (blurred for privacy) is the same, which we can use to infer this is the same DeFi protocol
   • We can assume this is likely a “safe” situation, but can Revoke allowances to be safe
4. Revoke’s tools offer the user to Revoke permissions for safety, via the button on the right side

Revoke offers a set of useful filters via the dropdown menus. This allows users to sort by Token or NFT, allowance size, asset name, and most recent allowances. This “Newest to Oldest” sorting feature is particularly useful if a wallet is actively under attack. Assuming a user connects to Revoke in time, they may be able to stop a malicious actor from stealing all wallet assets.

Additionally, we can see that:

1. This wallet has some unknown assets (“NASA” and “SDJT”)
2. There are no allowances granted for these unknown assets, which is great
   • These are likely airdropped scam tokens, and should be ignored

We can see Revoke allows the user to adjust among various EVM blockchains to view assets and permissions in other networks. It’s good practice for a wallet owner to periodically check their allowances across networks to maintain a secure wallet.

If you prefer video guides, this tutorial from WiiMee offers a simple and fast video walkthrough of the platform.

Maintaining a secure wallet is extremely important to keeping your DeFi and NFT investments safe. A simple and effective way is to keep an eye on allowances before and after you’ve interacted with various protocols. You can do this by:

1. Reviewing and editing a transaction before you make a swap or purchase
2. Using tools like Revoke.Cash to update and remove allowances regularly

If you want to read more about this topic, these links may be of interest to you:

• Follow Revoke.Cash creator Rosco Kalis on Twitter
• Read his 2020 blog post about Unlimited ERC-20 Allowances
• Use Revoke.Cash and read their FAQs
• Download the Revoke.Cash browser extension
• Read MetaMask’s useful documentation about:
  • Custom Spending Limits — here
  • Revoking Allowances / Approvals — here
  • Token Approvals — here