Academy glossaryDecision concept

Token approval

Approvals are one of the most important and misunderstood wallet permissions. Users need to know what they are granting, for how long, and what the blast radius can be if something goes wrong.

This term should change

If you do not trust the contract enough to leave a standing permission behind, use exact approval.

Approval prompts that ask for more scope than the trade in front of you needs.

exact approval

How to use this lesson

Use the lesson summary first, then move straight into the decision split that changes the real tradeoff.

Treat every example below as product context for the same judgment, not as separate glossary trivia.

Keep the later applied and rule sections as support layers, not the main event.

Lesson summary

Three things to remember before you approve

This page should change one behavior immediately: you stop treating approval like a boring pre-swap click and start reading it as future spending authority.

Approval is a permission

It gives a contract authority to spend tokens on your behalf. It is not just a confirmation that lets the screen move forward.

Unlimited saves clicks, not risk

The convenience is real, but so is the extra blast radius if the contract, route, or signing flow turns out worse than you thought.

Exact is the cleaner default

If trust is limited, reuse is low, or the token is unfamiliar, smaller permission scope is usually the better beginner move.

Decision point

Exact vs unlimited in plain English

This is the decision most users actually need help with. Make the tradeoff legible first, then decide what level of convenience is worth the permission you leave behind.

Exact approval

Best when you want the current swap to work without leaving a broader standing permission behind.

Fits the current trade size instead of future unknown use.

Cleaner when the token, route, or contract is unfamiliar.

Usually means you may need to approve again later.

Unlimited approval

Defensible only when trust is real, reuse is real, and you are willing to manage the extra permission afterwards.

Reduces friction on future trades with the same spender.

Leaves a broader permission live after the current trade is done.

Needs stronger trust and better cleanup habits to stay defensible.

See it in product

These are the three fastest anchors for live use: where the term first appears, what to treat as the warning sign, and which rule should change your next move.

Spot first

exact approval

Watch for

Approval prompts that ask for more scope than the trade in front of you needs.

Rule

If you do not trust the contract enough to leave a standing permission behind, use exact approval.

Core lesson

Use the term in context

Work through the main concept first, then move into applied judgment and next actions.

How approvals go wrong

Approvals feel boring because they happen before the trade. That is exactly why users ignore them and give away more authority than they intended.

An approval is permission to spend, not permission to display a token balance.

Unlimited approvals reduce friction now but increase exposure later.

If you forget old approvals, your current risk is larger than the trade in front of you.

Revoking stale approvals is part of cleanup, not paranoia.

When you approve, think about future blast radius, not only current convenience.

Exact versus unlimited in plain English

Most users should understand this one decision before they ever touch a DEX more than once.

Exact approval fits the current trade and usually needs repeating later.

Unlimited approval saves clicks but leaves a standing permission behind.

The right choice depends on trust, frequency, and how much damage you can tolerate.

There is no universal best practice without context, but there is always a real tradeoff.

Do not choose unlimited because it feels standard. Choose it only if you can defend the risk tradeoff.

Real cases

What actually happened

These are public cases and repeated real-world patterns turned into teachable stories. Use them to see how small shortcuts become expensive outcomes in real product flows.

Public source-backed

Read the story first, then notice the exact decision that made the damage possible.

Case study

A protocol broke later, but the wallet risk was planted earlier

Loss: $11.6M across 153 wallets

Situation

In July 2024, LI.FI disclosed that roughly $11.6 million was drained from 153 wallets after a smart-contract exploit. The detail that matters most for Academy is that affected wallets had given broad infinite approvals beforehand.

Why this case matters

One real-world failure usually teaches faster than ten abstract warnings.

What they assumed

Unlimited approval felt like a harmless convenience choice tied to one earlier workflow, not a standing authority that could stay dangerous later.

Red flag you would have seen in the UI

An approval prompt asking for broad token-spending scope beyond the immediate trade. In product terms, this is where 'unlimited' or wide allowance should feel like a risk decision, not just the easy default.

You would have seen this on

These are the exact product moments where this kind of mistake usually first looks harmless.

ApprovalsWallet prompt

What went wrong

Users were not necessarily trading at the exact moment funds were drained.

The dangerous authority had already been left behind from earlier convenience decisions.

The exploit was technical, but approval scope amplified the user damage dramatically.

According to LI.FI's incident report, finite approvals were not exposed the same way.

Core lesson

Approval scope decides how large the blast radius stays after today's trade is over. That is why exact versus unlimited approval is a real risk decision, not a cosmetic UX choice.

What they should have done instead

Use exact approval when trust or reuse is limited, and treat any unlimited approval as a choice that requires later review or cleanup.

Source

LI.FI postmortem

Core points

Carry this into live execution

Approvals determine what a contract can spend on your behalf.

Unlimited approvals reduce friction but can materially increase loss surface.

Approval hygiene is one of the highest-value user habits in wallet-based execution.

Users who understand approvals make better decisions in confirm flows and recover better after suspicious activity.

Use after the lesson

Before you sign or confirm

This section should help in the moment of risk. Keep one question in mind: what should I check right now before giving authority or sending the route forward?

Check now

Do not think in abstract principles here. Think in checks you can do on this screen before moving forward.

Do now

Default to the smallest permission surface that still gets the job done.

Review approvals again when you stop using a token or protocol.

Separate convenience from trust when deciding exact versus unlimited approval.

Do not continue if

Do not normalize unlimited approval as the safe default.

Do not approve first and think about blast radius later.

Do not ignore stale permissions because they are invisible during normal use.

Red flag if this feels routine

If this step feels like harmless friction, that is already the red flag.

Approval prompts that ask for more scope than the trade in front of you needs.

Old permissions you forgot were still live.

Familiar product UI creating false comfort around an unfamiliar contract.

Before first serious use

If these checks are not clear yet, you are not in a good position to rely on speed or instinct.

Before you approve

Check what contract is getting spending permission.

Decide whether exact approval is enough for this task.

Think about whether you expect to trust and reuse this route later.

If not, keep the permission smaller and cleaner.

Use after the lesson

Decision flow

Do not use this like a reading section. Use it as the order of operations when the screen is asking for authority or final confirmation.

How to think through it

Step 1

Read the approval as future authority

The approval is not just part of this swap. It is permission that can stay behind after the current action is over.

Step 2

Pick scope based on trust, not convenience alone

Exact approval is usually cleaner when the token, route, or protocol is not something you plan to reuse often.

Step 3

Treat cleanup as part of the workflow

If you choose unlimited approval for speed, the matching habit is reviewing or revoking it when the position or protocol is no longer active.

Signals to notice

Unlimited approval is presented as the easiest default

Easy does not mean low-risk. It usually means you are leaving future permission behind.

The contract is unfamiliar even if the UI is familiar

Brand comfort is not contract verification. The permission still belongs to the actual spender on the prompt.

You do not expect to use this token or protocol much again

That is a strong reason to avoid leaving a broad approval live.

Rules

Decision rules

If you do not trust the contract enough to leave a standing permission behind, use exact approval.

If this is a one-off or unfamiliar token, default to the smaller permission surface.

If you use unlimited approval for convenience, treat revocation as part of the workflow, not an optional cleanup.

Always separate the question 'can this trade execute?' from the question 'how much permission am I leaving behind afterwards?'

Avoidable errors

Common mistakes

Thinking approval only applies to the single swap you are about to do.

Treating unlimited approval as the normal option just because many apps present it first.

Forgetting old approvals after the position or token is no longer relevant.

Assuming a familiar UI means the permission request itself is harmless.

Practice

Short scenarios

Use quick situations like these to test whether the concept would hold up in a real product flow.

New token, unfamiliar contract

You are swapping into or out of a token you do not use often, and the interface offers unlimited approval to save time later.

That is exactly when exact approval is usually cleaner. You do not have enough trust or reuse expectation to justify leaving a wide permission behind.