Article
7 min read time
Introduction
ERC-20 token approvals are a fundamental component of the Ethereum token standard, allowing smart contracts and externally owned accounts (EOAs) to spend tokens on behalf of users. While this mechanism enables powerful DeFi use cases, it also introduces critical security risks when misused or poorly managed. In this guide, we’ll break down how approvals work, highlight common vulnerabilities, and outline best practices to ensure safe and secure integration.
Note: While this guide focuses on ERC-20 tokens on Ethereum, the same principles and security considerations apply to TRC-20 tokens on the Tron network, as TRC-20 adopts the same approval mechanism as ERC-20.
What Are ERC-20 Approvals?
ERC-20 approvals allow a token holder to authorize another address—typically a smart contract—to spend a specified amount of their tokens on their behalf. This mechanism is essential for enabling interactions with DeFi protocols such as Uniswap, Aave, and many others, where smart contracts need the ability to transfer user tokens to execute swaps, deposits, or other financial operations.
The Basic Approval Flow
User holds tokens in their wallet (e.g., USDC, DAI, etc.).
User grants permission to another address (typically a smart contract or EOA) to spend a specific amount of their tokens.
The spender checks how much they're allowed to spend.
The spender initiates a token transfer from the user’s wallet.
The approved allowance is reduced by the amount transferred.
The user can revoke or change the approval at any time.
Understanding the ERC-20 Approval Mechanism
The ERC-20 standard, defined in EIP-20, is the most widely adopted token interface on Ethereum and other EVM-compatible blockchains. It establishes a consistent structure for fungible tokens, including a built-in mechanism that allows token holders to delegate spending authority to third-party contracts or addresses.
The approval system revolves around three core functions: approve, allowance, and transferFrom. These work together to enable secure delegation of token spending while giving holders precise control over how much a spender is allowed to transfer. This model is foundational to most DeFi protocols, where contracts need permission to move user tokens in order to execute swaps, deposits, or other interactions.
The approve Function
spender: The address authorized to spend tokensamount: Maximum number of tokens the spender can transferReturns:
trueif the approval was successful
The allowance Function
Returns the remaining number of tokens that
spenderis allowed to spend on behalf ofowner
The transferFrom Function
from: The address to transfer tokens from (must have approved the caller)to: The address to transfer tokens toamount: Number of tokens to transferReturns:
trueif the transfer was successful
This function is what actually moves the tokens after an approval has been granted. The caller (spender) can transfer tokens from the from address to the to address, up to the approved amount.
Working with ERC20 Approvals in Viem.js
Security Risks and Vulnerabilities
Infinite Approvals
Risk: Approving the maximum uint256 value (2^256 - 1) grants the spender unlimited access to your tokens. This means the approved contract or address can transfer any amount of your tokens at any time, without requiring further approvals.
Many decentralized applications (dApps) request infinite approvals to save users the cost of repeated approval transactions. Instead of prompting for a new approval on every trade, swap, or interaction, they ask for unlimited approval up front. While this improves the user experience and reduces gas fees, it also introduces a significant security risk if the spender contract is compromised or malicious.
Mitigation: Whenever possible, approve only the specific amount required for your intended action. Track active approvals and revoke those that are no longer needed. Always weigh the trade-off between convenience and security before granting unlimited approval.
Utila Chrome Extension: To support safer approval flows, the Utila extension lets you override the approval amount requested by dApps before signing a transaction. This gives you full control over how much you're authorizing—even when a dApp defaults to requesting unlimited access—helping you enforce better security practices across your wallet activity.
Malicious Spenders
Risk: Approving a malicious contract or address can result in an immediate loss of funds. These spenders are specifically designed to exploit the approval mechanism by calling transferFrom as soon as the approval is confirmed—often faster than you can cancel or react. If the approval is for an unlimited amount, this can result in a complete drain of your token balance.
Mitigation: Always verify the spender address before approving. Interact only with trusted and audited protocols. Maintain a personal or organizational whitelist of known safe contracts, and cross-check spender addresses using multiple reputable sources (e.g., Etherscan labels, DeFi security tools, or blocklist APIs). Avoid approving contracts from unknown, unaudited, or unofficial dApps—even if they appear legitimate.
The Approve/TransferFrom Race Condition Attack
Risk: This is a well-known vulnerability in the ERC-20 approval mechanism, where an attacker can exploit the two-step approval update. When a user tries to change an existing approval from amount A to a new amount B, they typically call approve(spender, B). However, if the spender already has permission for amount A, and they front-run the user’s new approval transaction with a transferFrom call, they can drain more tokens than the user intended.
Impact: This race condition may result in the spender transferring both the original approved amount and the new one — effectively bypassing the user’s intention to reduce the allowance.
The Attack Flow:
The user has previously approved the spender to transfer 100 tokens.
The user now wants to reduce the allowance to 50 tokens.
The user sends a transaction to update the approval to 50.
Before this transaction is mined, the spender (or attacker) front-runs it by calling
transferFrom(user, attacker, 100).The user's transaction is mined next, setting the allowance to 50.
The attacker calls
transferFromagain, this time transferring another 50 tokens.Total drained: 150 tokens, even though the user intended to allow only 50.
Protection Mechanisms: Major tokens like USDT (Tether) on Ethereum have implemented safeguards to mitigate the approval race condition attack. Instead of allowing a new approval to overwrite an existing one, these contracts enforce stricter rules that require the allowance to be explicitly set to zero before any new non-zero amount can be approved. This ensures that the previous approval is fully cleared before a new one takes effect, preventing overlapping allowances.
In addition, some tokens implement alternative functions such as increaseAllowance and decreaseAllowance, which adjust the allowance incrementally rather than replacing it outright. These methods help reduce the risk of race conditions by eliminating the need to overwrite values directly.
Mitigation: Prefer tokens that support increaseAllowance and decreaseAllowance, as they offer safer approval updates. If these aren't available, first set the allowance to zero in one transaction, then set the new amount in a separate, confirmed transaction to avoid race conditions.
Reference: This attack was first documented in the EIP-20 discussion where the race condition vulnerability in the approval mechanism was identified.
Security Checklist
Before Approving:
Verify the spender contract address is correct and trusted
Confirm the contract has been audited by a reputable firm
Use specific amounts rather than unlimited approvals
Test with small amounts if you're unsure about the dApp
Check for known exploits or vulnerabilities related to the contract
After Approving:
Monitor how and when your approvals are used
Revoke approvals that are no longer needed
Keep a record of active approvals and their scopes
Periodically review and clean up old or unused allowances
Utila Risks Management: Utila offers a dedicated dashboard that gives you full visibility into all token approvals across your wallets. You can easily review, filter, and revoke approvals with just a few clicks. This comprehensive view helps you maintain tighter control over your token permissions and quickly identify any unnecessary or potentially risky approvals.
Conclusion
ERC-20 token approvals are a powerful feature that enable essential DeFi functionality—but they come with significant security risks if not handled carefully. By understanding how approvals work and following best practices, you can use them effectively while minimizing your exposure to potential exploits.
Always remember: "Trust, but verify." Double-check every spender, avoid unnecessary approvals, and regularly review your active permissions to stay secure.
Explore more
Subscribe
Subscribe
for Utila news and insights
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control: