How to Revoke Permissions on MetaMask in 2023
how to revoke permissions on metamask

How to Revoke Permissions on MetaMask Using Revoke.Cash

Editorial Team Avatar
Sep 30, 2024
12 min reading time

When you first enter the crypto industry, one of the key pieces of advice you’ll hear repeatedly is to safeguard your wallets and the assets they contain. And with crypto scams becoming increasingly prevalent, this advice only becomes more critical.

While protecting your private keys and seed phrases is essential, there’s another simple but powerful security measure: revoking token permissions.

And since MetaMask is likely a wallet you either use now or will use in the future, given its huge value and popularity in the industry, revoking token permissions there becomes even more important.

metamask

Revoking token permissions means withdrawing the access you’ve previously granted to a specific entity or application to manage your tokens. Think of it as reclaiming full control over your digital assets.

So, how do you do this? Well, tools like EtherScan or Revoke.Cash makes the process easy, and this article will guide you through the steps.

Learn More on the MetaMask Permissions and Why You Should Revoke Permissions

Learn More on the MetaMask Permissions

We all know that MetaMask is a widely used blockchain wallet that facilitates transactions on Ethereum, BNB Chain, Polygon, and other networks.

As a result, MetaMasks’ permissions enable decentralized applications (dApps) and smart contracts to access tokens in your wallet, known as token approvals. However, a clear understanding of MetaMask permissions is vital to security, which includes the ability to revoke token permissions (or grant permission) when needed.

Managing token permissions is a paramount factor in ensuring the security and privacy of MetaMask wallets, especially when interacting with platforms such as decentralized finance (DeFi) applications.

Furthermore, granting smart contract permissions for a farming pool allows a dApp to access the tokens from a user’s wallet, a necessary step in maintaining control over crypto assets.

As a result, token allowance is the spending limit set for each token, determining how much a blockchain contract can access from a user’s wallet. Additionally, to prevent any unauthorized access and keep your funds secure, it’s essential to understand and manage these allowances.

What are Audited Smart Contracts and Token Approvals?

What are Audited Smart Contracts and Token Approvals?

An audited smart contract is a thoroughly examined agreement free from security issues, bugs, and inefficiencies. Usually, the audit process is employed to guarantee the trustworthiness and dependability of the blockchain contract.

Leveraging these audited contracts helps you ensure the code’s security and reliability, thus reducing the chance of unexpected errors or malicious attacks.

Moreover, carefully managing token permissions is essential to avoid potential abuse, such as unauthorized access to funds or other assets.

By guaranteeing that only reliable users can access token permissions and frequently analyzing and revoking what looks risky, you can effectively control users’ tokens and safeguard your funds.

Token approvals are needed when using a decentralized exchange (DEX) further to enhance the privacy and security of your digital currencies.

By approving your token, you’re allowing the DEX to exchange your tokens on your behalf, thus granting them the ability to sell your tokens on your behalf.

Even if most DEXs are safe, you still need to verify all the contracts that you have active and revoke permission for what seems to be risky.

MetaMask Customized Spending Cap

To help you maintain control and safeguard yourself from one of the most common scam tactics, MetaMask introduced the spending limit feature in 2023. But while this addition has been useful, it still leaves room for exploitation by malicious developers.

how to set a custom spending cap on metamask

However, before jumping into the water, let us explain this further with a practical example. Let’s say you have 1000 ETH in your MetaMask wallet and wish to sell 500 ETH to USDC; you have three options:

  1. Setting the spending cap to 500 ETH, and whenever you wish to spend the remaining 500, you’ll need to set another approval;
  2. Set up the limit to the “Max,” and in this case, will be the entire 1000 ETH, and this allows you to spend the first 500 ETH today and some other time the rest; 
  3. Or grant unlimited allowance to the most frequently used and trusted websites, yet occasionally, check this further.

Let’s say that for the first two contexts, you receive an additional 100 ETH, and now you have 1100 ETH; the spending limit remains the same: either the 1st option – 500 ETH, or the 2nd one – 1000 ETH.

At this point, it’s essential to fully understand the concept to prepare yourself in case anything goes wrong. However, please note that the spending limit is not 100% safe, as hackers can still do a lot of transactions below the limit.

The solution is revoking approvals, which means removing access to ‘risky’ token permissions, especially unlimited permissions. As a downside, whenever you want to trade on a platform where you revoked the permissions, you’d need to approve them again. But better safe than sorry, right?

Note: While sometimes revoking approvals and approving them again can be costly, staying safe in the crypto industry is a good practice for future endeavors.stry is a good practice for future endeavors.

How to Revoke Permissions on MetaMask?

How to Revoke Permissions by Using EtherScan

revoke permission with etherscan

Revoking the permissions means withdrawing the authorization given to a dApp or smart contract to access the tokens in your wallet. Managing and protecting any application or service that utilizes access tokens is critical. 

Moreover, this essential element safeguards digital assets from potential smart contract vulnerabilities and prevents unauthorized parties from gaining unlimited access to your assets.

Let us explain this better through a practical example and using the EtherScan explorer. To revoke a token approval on MetaMask, follow these steps:

  1. Connect to the Token Approval Checker section of the explorer;
  2. Input your MetaMask address;
  3. Locate the token approval you wish to revoke;
  4. Select “Revoke”;
  5. Accept the signature request;
  6. Pay the necessary gas fee.
how to revoke permission

Above, you can see what token approval looks like and how to protect your funds from a malicious developer who can hack your wallet and send it to their address.

Revoke token approvals, also known as revoke approvals, provide a strong defense against potential security risks, ensuring that only authorized parties can access and manage your digital assets.

Additionally, be aware of the gas fee that must be paid to revoke permission, and the cost of this fee depends on the network and the complexity of the transaction.

revoke permissions with revoke.cash

Revoke.Cash is a Web3 tool that facilitates users to effectively manage and revoke MetaMask permissions on smart contract-compatible blockchains like Ethereum, BNB Chain, and Polygon. It could be the tool that will solve any permission issue and diminish your risk of getting hacked. 

But do you know what the best part is? Revoke.Cash is a free platform that lets you easily revoke token permissions and ensure the safety of your own wallets and digital assets.

Managed by Rosco Kalis and a team of contractors, the goal of Revoke.Cash is to offer users enhanced control over their tokens and permissions.

As a result, Revoke.Cash provides users with the following features:

  • A view of their token allowances;
  • The ability to modify permissions with a few clicks through recommended actions;
  • A learning section to aid users in comprehending Web3 complexities, crypto wallets, tokens, NFTs, and token approvals.

Revoke.Cash is perfect for revoking permission for specific smart contracts that might be risky, and below are the steps that you need to do to revoke permissions:

  1. Visit the Revoke.Cash from the browser with your MetaMask wallet installed;
  2. Connect your MetaMask wallet;
  3. After you manage to connect, you should be able to see all approved tokens. You can now pick any of them to revoke;
  4. Pick or search for the token permission that you want to revoke and press the ‘Revoke’ button on the right side;
  5. Confirm the transaction, and it’s done.

Congrats, you successfully revoked the permission, and it wasn’t so hard, right?

Below is a print screen of how the Revoke.Cash website looks after connecting MetaMask to it. All your assets are displayed there, and you can see if there’s any approved amount for a cryptocurrency and who’s the Authorized Spender.

If the Authorized Spender has an ‘Unlimited’ Approved Amount, revoking its token permissions is better. If the Authorized Spender has an ‘Unlimited’ Approved Amount, revoking its token permissions is better. 

revoke.cash interface

However, what’s even more remarkable is that Revoke.Cash allows you to filter by asset type, token balances, and approved amount.

So, finding unlimited approved smart contracts and revoking permissions is easy. Also, you can see your liquidity pool positions, which helps determine your strategy.

revoke.cash asset type

Revoke.Cash: Gas Fees and Wallet Security

Gas fees are necessary for revoking permissions, and depending on the network and the complexity of the transaction, these might vary.

A nominal fee of approximately 20 cents is applicable for each revoked access due to the gas cost. Yet, this can be even more, depending on external factors.

Additionally, if many users are trading, you might see a fee of $5+ on the Ethereum network. In that case, the best thing to do is wait for the fees to return to ‘normal.’

Securing your wallet is paramount to prevent unauthorized access and ensure safety when using DeFi platforms. Using a secure wallet, enabling the two-factor authentication option, and frequently monitoring your accounts are recommended to further strengthen your wallet’s security.

Other Tools for Managing Token Allowances

debank interface

Alongside EtherScan and Revoke.Cash (the most popular choice), there are other tools available for managing token allowances, such as DeBank, which provides a wide range of features.

To name a few, we have token allowance tracking, revocation, and token allowance transfer, and utilizing these tools can strengthen your MetaMask security and provide improved control over your funds.

Understanding DeFi Risks

Another essential aspect when utilizing new DeFi platforms is that it is imperative to be aware of the potential risks, including security vulnerabilities, lack of regulation, and lack of liquidity. 

Malicious developers may be able to manipulate user tokens through backdoors embedded in their smart contracts, even after the user has withdrawn their tokens from the platform.

To further ensure the safety of your assets when utilizing the most well-known DeFi platforms, it is recommended to use audited smart contracts, understand MetaMask permissions, and utilize Revoke.Cash or EtherScan for MetaMask permission management. 

Staying alert and adhering to best practices can help mitigate potential risks and ensure control over your digital currencies.

Troubleshooting Common Issues

Troubleshooting Common Issues

Frequent issues observed with MetaMask include connection issues with Ledger, low gas limit resulting in failed transactions, invalid data errors, and missing private keys.

To troubleshoot connection issues with Ledger, ensure that your Ledger device is up to date and that you are running the most recent version of MetaMask. 

To address low gas limit causing failed transactions, one can increase the gas limit in MetaMask or opt for a different wallet. Additionally, you can consult the MetaMask community or utilize the MetaMask recovery tool to rectify invalid data errors and missing private keys.

Other errors, such as the JSON-RPC error, can be solved quite easily by following the steps from a Google search.

FAQs – Frequently Asked Questions

How Do I Revoke App Permissions for MetaMask?

Revoking app permissions on MetaMask can quickly be done using websites such as Revoke.Cash and DeBank, connecting your wallet, and using the instructions above.

Additionally, clicking on Settings in the top-right corner of the MetaMask window and navigating to Connections allows users to edit the permissions of specific websites and applications.

How Do I Revoke Smart Contract Permission?

You can use the specific tools presented in the article to revoke access to your crypto funds. You only need to connect your wallet, select the smart contract you wish to withdraw, and finally revoke access to your funds.

What is Revoke.Cash for?

Revoke.Cash is a browser extension that helps to protect you from phishing scams by allowing you to inspect and revoke contracts that will enable money to be spent on your behalf. It also warns you when you’re about to sign something potentially dangerous.

Is Revoke.Cash Reliable?

Revoke.Cash has been reported to be susceptible to scammers, so its reliability should be questioned. Yet, as always, approach such platforms with due diligence and thorough research before using this service.

What are MetaMask Permissions?

MetaMask permissions allow dApps and blockchain-based contracts to allow access to the tokens in your wallet, giving you additional control.

Conclusion

So, understanding and managing MetaMask permissions is essential for retaining control of your assets and ensuring their security.

By using tools like Revoke.Cash and EtherScan, interacting with audited contracts, and following best practices, you can enhance your safety on DeFi platforms.dApps and blochain-based contracts to allow access toward the tokens in your wallet, giving you additional control.

* The information in this article and the links provided are for general information purposes only and should not constitute any financial or investment advice. We advise you to do your own research or consult a professional before making financial decisions. Please acknowledge that we are not responsible for any loss caused by any information present on this website.
Press Releases