Revoke Token Approvals & Check Allowances

Table of contents

• Quick summary
• How token approvals work (quick tech primer)
• Where MetaMask shows connections (and what it doesn’t)
• How to revoke token approvals in MetaMask — step by step
  • Method A — Approval manager (recommended for most users)
  • Method B — Manual contract call via block explorer
  • Mobile and WalletConnect notes
• Quick comparison: approaches to revoke approvals
• Gas, batching, and practical trade-offs
• Security checklist before you revoke (don’t rush this)
• Who this guide is for — and who should look elsewhere
• FAQ
• Conclusion & next steps

---

Quick summary

If you gave a dApp permission to move tokens from your account (a token approval or token allowance), that “approval” stays on-chain until you revoke it. Short version: approvals can be revoked, but MetaMask’s extension and mobile app don’t always expose every on-chain allowance in a single built-in list. So you’ll often use an on-chain approval manager or call the token contract directly (approve(spender, 0)).

I’ve made the mistake of approving an unlimited allowance for a token I barely used. I revoked it the next day, but paid the gas fee — and learned to check allowances more often. You should check yours regularly too.

How token approvals work (quick tech primer)

• ERC-20 tokens use approve(spender, amount). That sets a token allowance (how many tokens a contract can move).
• “Unlimited allowance” = approved amount set to the maximum uint256. Convenient for repeated swaps, but risky if the spender is malicious.
• Revoking = sending an on-chain transaction that sets the allowance to zero (or a smaller number).

Why does this matter? Because even if you disconnect a dApp from MetaMask, the on-chain approval remains. Disconnecting is not revoking. (Yes, people confuse that frequently.)

Where MetaMask shows connections (and what it doesn’t)

MetaMask shows connected sites and session permissions in the extension and the mobile app. That helps you remove a dApp’s connection (so it can’t request new signatures). But removing a connection does not automatically remove token allowances on-chain.

In my experience the extension makes disconnecting easy. But if you want a full audit of who can spend your tokens, use an approval scanner or do a contract call. For details on connected dApps and permissions see Connect to dApps and for token UI tips see Token management.

How to revoke token approvals in MetaMask — step by step

Below are three safe methods. Pick one depending on your comfort with on-chain tooling.

Method A - Approval manager (recommended for most users)

1. Open a reputable on-chain approval manager for the chain you used (it will scan allowances for your address).
2. Connect MetaMask (extension or mobile) when prompted. Confirm the connection in MetaMask.
3. Review the list. Look specifically for “Unlimited” or very large allowances.
4. Click revoke for any unwanted allowance. MetaMask will prompt you to sign a transaction.
5. Confirm in MetaMask and wait for the transaction to be mined. Re-scan to verify removal.

Notes:

• This is the simplest workflow for most people. It’s also the most convenient. And it costs gas — every revoke is an on-chain transaction.
• If you use a hardware wallet through MetaMask (see Connect Ledger), you’ll confirm on the device as usual.

Method B - Manual contract call via block explorer

This is more hands-on. Use it if you don’t want to connect to third-party approval sites.

1. Find the token contract address (from your MetaMask token details or the dApp).
2. Open the blockchain explorer for that chain and go to the token contract page.
3. Click the contract’s "Write" or interactive tab and use the approve(spender, 0) method.
4. Connect MetaMask and submit the transaction. Confirm gas settings if needed.
5. Verify the allowance is zero by reading the allowance(spender, yourAddress) value or re-checking the approval manager.

Caveat: Some tokens implement different allowance patterns (increaseAllowance/decreaseAllowance). If you don’t see approve, check the contract’s functions first.

Mobile and WalletConnect notes

• If you use MetaMask mobile with an in-app browser, you can open an approval manager and connect directly.
• If you use WalletConnect, connect your mobile MetaMask wallet to the approval manager via WalletConnect. The revoke flow is the same — you’ll sign on the mobile device.
• WalletConnect sessions themselves can be revoked from MetaMask, but revoking the session does not change approvals. See WalletConnect and mobile browser for a deeper look.


Quick comparison: approaches to revoke approvals

Feature	MetaMask UI (connected sites)	Approval manager (third-party)	Manual via block explorer
Lists token allowances	Partial (permissions only)	Yes — scans on-chain	Yes — manual lookup
Revoke in-app	Disconnect only (not full revoke)	Yes — single-click revoke	Yes — call approve(spender, 0)
Requires third-party connection	No	Yes	Sometimes (connect to explorer)
Gas cost	No (disconnect)	Yes	Yes
Risk of phishing	Low if used alone	Higher if you connect to unknown sites	Low if you verify addresses

Gas, batching, and practical trade-offs

Revoking costs gas. On Ethereum mainnet that can be non-trivial; on L2s it’s cheaper. If you have many approvals you’ll pay multiple fees. Want fewer transactions? Smart contract wallets can batch calls; MetaMask with a software account cannot.

Tip: if you plan to move all funds anyway, moving tokens to a fresh address can be faster than revoking every allowance — but that still costs gas and doesn’t fix the approvals on the old address (they remain if someone still controls it).

For gas tuning and EIP-1559 priority fees, see Gas fees and EIP-1559.

Security checklist before you revoke (don’t rush this)

• Verify the website domain and use HTTPS. (Phishing sites mimic approval managers.)
• Confirm the spender contract address before revoking. Copy-paste carefully.
• Revoke unlimited allowances first; they are highest risk.
• If you use a hardware wallet, prefer confirming revocations on-device.
• Don’t share your seed phrase or private keys. Ever. See Security best practices and Backup and recovery options for more.

But don’t panic if you see lots of approvals. Most are from DEX routers or bridge contracts you actually used. Review, then act.

Who this guide is for — and who should look elsewhere

Who this helps:

• MetaMask users on EVM-compatible chains interacting with DeFi (swaps, staking, lending).
• People who want a practical way to reduce attack surface after using dApps.

Who should look elsewhere:

• Users who want built-in, wallet-native, per-token approval management without connecting to third-party tools — some wallets expose more in-app controls.
• Users on non-EVM chains (Solana, Bitcoin) — token approvals work differently there. See Solana, Tron, Near for chain-specific guidance.

FAQ

Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient. They are also more exposed than hardware wallets. Regularly revoke unnecessary approvals and use hardware keys for large balances.

Q: How do I revoke token approvals in MetaMask? A: Use an on-chain approval manager (connect MetaMask and revoke) or call approve(spender, 0) on the token contract via the explorer. See the step-by-step above and how to revoke approvals for more detail.

Q: What is a MetaMask unlimited allowance? A: It’s an on-chain approval for a very large (effectively infinite) token amount. Convenient for repeated swaps, but higher risk if the approved contract is compromised.

Q: What happens if I lose my phone? A: If you stored your seed phrase safely you can restore the wallet. But any approvals granted from the lost device remain on-chain. See Backup and recovery options.

Conclusion & next steps

Token approvals are an under-appreciated attack surface. Check allowances regularly, revoke unlimited approvals you no longer trust, and prefer hardware confirmations for sensitive transactions. In my experience, a monthly scan after using new dApps prevents small mistakes from becoming big losses.

Next steps: run an approvals scan, revoke what you don’t recognize, and read the linked guides for deeper security and recovery procedures: Contract approvals, Token management, and Security best practices.

If you want a walk-through for a specific chain or a screenshot-guided how-to, see how-to-revoke-approvals or open the mobile guide at WalletConnect and mobile browser.

Stay practical. Stay skeptical. And check those allowances.