
Short Answer
Revoke.Cash (“Revoke”) is a widely used tool that crypto (notably, DeFi and NFT ) investors can leverage to ensure their wallets are safe and detached from smart contracts and the protocols that deploy them. Users can connect their wallet to Revoke.Cash, or install the browser extension.
Share With Friends
Note: always make sure you’re using the correct URL — https://revoke.cash/ — to access Revoke.Cash. There are many fake, phishing websites that attempt to steal from or harm unsuspecting users.
Created by Rosco Kalis, Revoke Cash is a free, widely used security tool for Web3 users to protect their digital assets like DeFi investments and NFTs.
Before we understand the value and utility of Revoke.Cash, let’s make sure we understand the mechanics of smart contracts and what’s actually happening when you grant permissions to protocols via your MetaMask (or other) wallet.
When a user interacts with a protocol (a DeFi protocol or NFT marketplace, for example), smart contracts serve as the gears and levers to process and execute the interactions on behalf of each participant. In the context of DeFi, smart contracts are used to execute many functions, like swapping, staking, lending, etc. When users give permission for the protocol or marketplace to spend token(s) from their wallet, it’s referred to as an allowance.
We’re building data-driven tools to help all DeFi investors thrive.
We’re building data-driven tools to help all DeFi investors thrive.
Like the content? Follow us.
Let’s take an example: a user adding liquidity to a liquidity pool.
In the simplified diagram below, we can see that smart contracts serve the investor by pulling funds from the wallet, and executing the necessary trade: the depositing of investor assets in exchange for liquidity pool tokens. In this instance, the investor is granting permission for the contract to interact with their wallet to achieve the desired outcome.

Smart contracts will be used again when the investor decides to withdraw their liquidity pool tokens from the protocol.
Depending on the scenario, the smart contract might be swapping (or staking, etc.) a certain (“set”) amount of tokens on behalf of the user. In other instances, however, the smart contract may default to “unlimited” — allowing the investor to deploy, swap, stake (etc.) as much of X asset into X liquidity pool or yield farm on X protocol as they wish.
Granting the contract “unlimited” permission makes for a faster, less repetitive (read: better) user experience, but it does come with additional risk. If the smart contract has a flaw, or “back door” planted in the code by a malicious developer, the user’s wallet could be drained of all funds.
As Rosco says in his own blog, regarding unlimited permissions and user experience:
… this setup comes with significant drawbacks. As we know, bugs can exist and exploits can happen even in established projects. And by giving these platforms an unlimited allowance, you do not only expose your deposited funds to these risks, but also the tokens that you’re holding “safely” in your wallet.
Finding this content helpful? We want to hear from you.
What can users do to protect themselves?
DeFi and NFT investors and users have two immediate options they can deploy to protect themselves:
- Option 1: Edit wallet transactions to set allowances, vs. “unlimited” spending.
- Option 2: Use Revoke.Cash regularly to remove allowances from protocols.
Option 1: Edit wallet transactions to set allowances, vs. “unlimited” spending.
In this option, a user can manually adjust the permissions before approving a transaction. In the sample images below, the SpiritSwap protocol is asking the user for permission to spend the wallet’s OATH tokens for a swap. By default, most protocols have an unlimited — or high — permission request.
Moving from left-to-right, we can thee that the user has
- (left): connected to SpiritSwap,
- (middle) initiated a swap using the wallet’s OATH tokens,
- (right) editing the allowances to a set amount (1)

Note: Usage of SpiritSwap protocol and FTM & OATH tokens is for illustrative purposes only.
By updating the settings (selecting “Edit Permissions”) a user can be more specific and, subsequently, safe, in how the contracts interact with their wallet and digital assets.
Sometimes, a user will see “Unlimited” or “Proposed” Approval Limit. Per MetaMask’s documentation on this topic:
‘Proposed Approval Limit’ is the request that [the protocol] is making. In this case, it wants to be able to access a number so large that it’s written in scientific notation (also known as E notation). If we were to write this number out in full, it would be 60 digits long — essentially an unlimited amount.
TOOLS IN BETA
Build a data-driven,profitable,multi-chain,balanced
DeFi portfolio.
- track thousands of assets
- visualize LP Token prices and metrics
- spot new opportunities in real time
- add multiple wallets to your account
TOOLS IN BETA
Build a data-driven,profitable,multi-chain,balanced
DeFi portfolio.
track thousands of assets
visualize LP Token prices and metrics
spot new opportunities in real time
add multiple wallets to your account
Option 2: Use Revoke.Cash regularly to remove allowances from protocols.
Revoke (Revoke.Cash) is a helpful tool that DeFi and NFT investors can use to stay vigilant of their wallet actives and reduce smart contract risk.
Using Revoke requires three simple steps:
- Connect your wallet to the website, or install their browser extension
- Select your desired network and begin filtering using the tools provided
- Revoke applications and protocols as desired for security and peace of mind
Keep in mind that revoking allowances is a transaction and requires a small amount of gas to complete.

In the screenshot below, we can see a test wallet connected to Revoke. We see that:
- We’re viewing allowances on the Binance Network
- The user has “Unlimited” allowances for BUSD and USDC
- The “Authorized Spender” (blurred for privacy) is the same, which we can use to infer this is the same DeFi protocol
- We can assume this is likely a “safe” situation, but can Revoke allowances to be safe
- Revoke’s tools offer the user to Revoke permissions for safety, via the button on the right side
Revoke offers a set of useful filters via the dropdown menus. This allows users to sort by Token or NFT, allowance size, asset name, and most recent allowances. This “Newest to Oldest” sorting feature is particularly useful if a wallet is actively under attack. Assuming a user connects to Revoke in time, they may be able to stop a malicious actor from stealing all wallet assets.

Note: Usage of Binance Smart Chain and BUSD & USDC tokens is for illustrative purposes only.
Additionally, we can see that:
- This wallet has some unknown assets (“NASA” and “SDJT”)
- There are no allowances granted for these unknown assets, which is great
- These are likely airdropped scam tokens, and should be ignored
We can see Revoke allows the user to adjust among various EVM blockchains to view assets and permissions in other networks. It’s good practice for a wallet owner to periodically check their allowances across networks to maintain a secure wallet.
If you prefer video guides, this tutorial from WiiMee offers a simple and fast video walkthrough of the platform.
Note: Yield Monitor has no affiliation with WiiMee. We just appreciate the video. Follow him here.
Key Takeaways for Wallet Users
Maintaining a secure wallet is extremely important to keeping your DeFi and NFT investments safe. A simple and effective way is to keep an eye on allowances before and after you’ve interacted with various protocols. You can do this by:
- Reviewing and editing a transaction before you make a swap or purchase
- Using tools like Revoke.Cash to update and remove allowances regularly
If you want to read more about this topic, these links may be of interest to you:
- Follow Revoke.Cash creator Rosco Kalis on Twitter
- Read his 2020 blog post about Unlimited ERC-20 Allowances
- Use Revoke.Cash and read their FAQs
- Download the Revoke.Cash browser extension
- Read MetaMask’s useful documentation about: