Frequently Asked Questions
If I have an "Unlimited" allowance, does that mean my whole wallet is at risk?No. An "unlimited" allowance only applies to the token or NFT collection that you gave an allowance for. So if you gave an unlimited allowance for your DAI, then all your DAI may be at risk, but none of your USDC. Similarly an "unlimited" allowance for your Bored Apes does not impact your Cool Cats.
Is it enough to "disconnect" my wallet instead of revoking allowances?No. Disconnecting your wallet (e.g. MetaMask) does not do anything to protect you from allowance exploits - or most other exploits. The only thing that happens when disconnecting your wallet from a website is that that website cannot see your address any more. But your allowances stay active.
Can hardware wallets save me from allowance exploits?No. In general, hardware wallets are much safer than mobile or browser-based wallets because the wallet's keys are securely stored on the device, making it impossible to steal the keys without proper access to the device. But with allowances no one needs to steal your keys to take your tokens. And because of that hardware wallets offer no extra protection against allowance exploits.
Can I revoke multiple allowances at the same time?No. The way allowances work under the hood requires 1 transaction per allowance. So it is technically impossible to revoke multiple allowances in a single transaction.
My funds were just stolen, can I use Revoke.cash to get them back?No. Revoke.cash is a preventative tool that helps you practice proper wallet hygiene. By regularly revoking active allowances you reduce the chances of becoming the victim of allowance exploits. But unfortunately it cannot be used to recover any stolen funds. You should still make sure to revoke the allowances that were used to take your funds so that they cannot steal more in the future.
Why does my wallet pop-up mention "approve" or "set approval for all" when revoking?In the tokens' smart contracts, the functions for approving and revoking allowances are the same function. The difference is that you set the allowance to 0 (for ERC20 tokens) or "false" (for NFTs) when revoking the allowance. You can verify that Revoke.cash is actually revoking the allowance by clicking "Edit Permission" (for ERC20 allowances), or the "data" tab (for NFTs) in MetaMask.
How do I know if my funds were stolen through an allowance exploit?If your tokens or NFTs were taken from your wallet without you sending an explicit transaction to do so, it is almost always because of allowances. But if your ETH was also stolen, then it most likely points to a compromised seed phrase and you need to migrate to a completely new wallet.
Which allowances do I need to revoke?Choosing which allowances to revoke is always a trade-off between safety and convenience. For certain well-known protocols (e.g. Uniswap) it is most likely fine to leave allowances active, but for newer and unknown smart contracts, it is more prudent to revoke allowances. Also keep in mind that some use cases require you to keep your allowances active. For example, if you have active listings on OpenSea you need to keep the allowances in order for the listings to remain active.
Which chains does Revoke.cash support?
The Revoke.cash browser extension
supports every EVM chain. The Revoke.cash website supports a large number of EVM chains including Ethereum, BSC, Polygon and Avalanche. The logos in the footer of the website display the full list of supported networks. If there are any other chains that you'd like to see supported, please reach out on Twitter
My question is not listed here
If you have any questions that aren't mentioned in this FAQ, please reach out on Twitter