Introduction
If you use MetaMask as your software wallet, sooner or later you’ll sign an approval that lets a smart contract move tokens on your behalf. That permission is useful—the swap happened without you manually sending every token. But those approvals act like a standing tab. Left unchecked, they can become an attack surface.
How do I revoke token approvals MetaMask? This guide explains the what, why, and exactly how to remove token allowance MetaMask so you can reduce risk without interrupting normal DeFi activity. I’ve done this repeatedly after approving dozens of small DEXes and NFT marketplaces, and what I’ve found is that a regular check-up pays off.
(And yes, revoking is an on-chain transaction—so there’s a small gas cost.)
How token approvals work (quick technical primer)
Most fungible token standards (ERC-20 on Ethereum and other EVM-compatible chains) expose an approve(spender, amount) call and an allowance mapping. When you call approve, the contract is allowed to call transferFrom and move up to that allowance.
Think of it like giving a vending machine the ability to take money from your wallet up to a limit. Unlimited approvals (MAX_UINT256) are common because they save gas on repeated swaps. But unlimited approvals are the risky equivalent of handing over an open tab.
For NFTs (ERC-721 / ERC-1155) the mechanics differ: approvals may be per-token or a setApprovalForAll which grants blanket access to a marketplace or operator.
When you should revoke approvals
- After using a new or untrusted dApp.
- If you granted unlimited allowance rather than a specific amount.
- If you haven’t used a dApp for months.
- If you notice unusual outgoing transfer attempts (signs of a malicious contract).
Why revoke? Because approvals live on-chain until you change them. The later the check, the higher the chance of loss (I learned this the hard way when an obscure swap site attempted an unexpected transfer; revocation stopped further movement).
Step-by-step: revoke approvals using MetaMask and a token-approval checker
The typical flow is: view approvals for your address on the relevant network, choose the spender(s) to remove, and send a revocation transaction that sets allowance to zero (or a small safe amount). Below are practical steps that work with MetaMask.
Desktop (browser extension)
- Open MetaMask and confirm you're on the correct network (Ethereum mainnet, a Layer 2, or another EVM-compatible chain). Networks matter.
- Open the token-approval checker tool of your choice (many block explorers or revocation tools provide this). Connect with MetaMask when prompted (connect only to a trusted site).
- The tool will list spenders and allowances for your address. Look for large or unlimited allowances.
- Click the revoke/remove action next to the spender you no longer trust. The tool will prepare an approve(spender, 0) transaction (or a revoke tx).
- MetaMask will pop up. Review the exact spender address, the gas fees (EIP-1559 fields), and the operation. Then confirm.
- Wait for the transaction to confirm. Refresh the approval checker to verify the allowance is now zero.
Mobile (MetaMask app)
- Open the MetaMask mobile app and switch to the same network.
- Use the in-app browser to visit the token-approval checker (or connect via WalletConnect if the tool supports it).
- Follow the same revoke flow—the mobile MetaMask signature prompt will appear. Confirm if the spender address and gas fee look correct.
Remember: disconnecting a dApp from MetaMask does not revoke token allowances. But disconnecting is still useful for privacy and preventing future auto-connections. See manage-connected-sites for more.
Methods compared: built-in vs explorer vs third-party tools
| Method |
Where you run it |
Pros |
Cons |
Gas cost |
| MetaMask built-in management (when available) |
Extension / mobile UI |
Fewer external connections; familiar UI |
Not all approvals shown; UI changes |
On-chain revocation cost applies |
| On-chain explorer token-approval checker |
Browser / mobile in-app |
Directly reads chain data; transparent |
Must trust the site you connect to |
On-chain transaction cost |
| Third-party revocation services |
Browser / mobile |
Batch options, UX for non-technical users |
Extra trust required; potential phishing risk |
On-chain transaction cost (might batch) |
(Alt text: table summarizing methods to revoke approvals.)
Safety checklist and gas-fee tips
- Always double-check the spender contract address. Scammers create lookalike names.
- Prefer read-only inspection first (view allowances) before connecting to a revoker.
- If gas is high, you can wait for a quieter time or set a lower priority fee (not recommended if you’re stopping an active exploit). See gas-fees-eip1559.
- Use transaction simulation if the tool offers it (this helps catch unexpected behavior). See transaction-simulation.
But don’t blindly connect to every "revoke" website you find. A malicious site could try to trick you into approving a different contract.
Troubleshooting common problems
- Revocation not showing? Make sure you picked the same network the approval was created on (mainnet vs L2). See network-switching-multi-chain.
- Transaction failed or stuck? Try increasing priority fee or check nonce issues in MetaMask. See metamask-troubleshooting.
- Approvals for NFTs aren’t listed with ERC-20 allowances—check NFT operator approvals separately.
Who this guide is for — and who should look elsewhere
Who this helps: everyday DeFi users who use MetaMask for swaps, staking, and dApp interactions and want to minimize exposure without moving to cold storage. In my experience, casual traders and collectors benefit most from a monthly approval audit.
Who should look elsewhere: if you need enterprise-level custody, multi-sig protection, or want to avoid paying periodic on-chain revocations, consider hardware signers or smart contract wallets with session keys (see account-abstraction-and-smart-contract-wallets). Hardware wallets add friction but reduce signing risk.
FAQ
Q: Is it safe to keep crypto in a hot wallet?
A: Hot wallets (software wallets) trade convenience for a larger attack surface than hardware or cold storage. They are fine for daily DeFi activity if you follow best practices: limit approvals, use small operational balances, and back up your seed phrase. See security-best-practices and seed-phrase-backup-and-recovery.
Q: How do I revoke token approvals MetaMask?
A: Use a token-approval checker or the built-in approvals UI, connect MetaMask, review spenders, and send a revoke (approve(spender, 0)) transaction. Follow the step-by-step above.
Q: What happens if I lose my phone?
A: Losing your phone is like losing access to a hot wallet interface; someone with your unlocked app could approve transactions. Recover using your seed phrase on a new device and move funds if you suspect compromise. See lost-phone and seed-phrase-backup-and-recovery.
Q: Can I batch revoke multiple approvals?
A: Some third-party tools and smart contract wallet flows support batching. Batching can save time, but it adds trust and complexity. See revoke-approvals-tools and account-abstraction-and-smart-contract-wallets.
Conclusion and next steps
Revoke token permission MetaMask on a schedule (monthly or after using a new dApp). It’s a small gas cost that often prevents much larger losses. In my experience, a quick approval audit is one of the highest-ROI security habits for active DeFi users.
Next steps: run an approval check right now, and if you want a deeper walkthrough of signing flows and gas optimization, read gas-fees-eip1559 and metamask-mobile-guide. If you need help with connected sites or managing permissions, see manage-connected-sites.
Want a checklist PDF or a printable step-by-step? The site has extra resources linked from revoke-approvals-tools.
Good luck—stay cautious, and keep your operational balances small.
