To interact with the world of DeFi and NFTs, you must first understand "Approvals." An approval is a permission you grant to a smart contract (or dApp) allowing it to move a specific amount of tokens from your wallet on your behalf.
Why are approvals needed?
Approvals are a fundamental part of how decentralized applications work. For example, if you want to swap USDT for ETH on a platform like 1inch or Uniswap, the swap contract needs your permission to "spend" the USDT in your wallet to complete the trade. Without this approval, the contract cannot access your funds to execute the transaction.
The potential risks of approvals
Many DApps request "Unlimited" or "Infinite" approvals to provide a smoother user experience, so you don't have to sign a new approval every single time you trade. However, this creates a significant security risk. If a protocol you have approved is ever hacked, or if the developers turn out to be malicious, they could use that existing permission to drain all of that specific token from your wallet at any time—even if you aren't currently using the site.
Note: When interacting with DApps, The approval amount is determined by the DApp, not by Rabby. We have no way of knowing how many tokens are required in order to complete your action on the dApp website, and therefore, we cannot change the amount for you. If the approval amount exceeds your current balance, Rabby will highlight it in red as a reminder. You can click the Edit button on the transaction screen to adjust the approval amount to a specific number you are comfortable with.
Why you should revoke them
Revoking an approval cancels the permission you previously gave to a smart contract, effectively "locking" those tokens back up so they cannot be moved without a new signature. Regularly revoking approvals for platforms you no longer use is one of the best ways to keep your assets safe from future exploits.
Revoking vs. Disconnecting
It is important to understand that revoking an approval is not the same as disconnecting from a dApp.
Disconnecting: Simply stops the website from seeing your wallet address and balance. It does not stop a smart contract from being able to move your funds if an approval is still active.
Revoking: It is an on-chain transaction that permanently ends the contract's permission to access your tokens.
To manage your current permissions, you can use the Approval feature in Rabby Wallet to see exactly which contracts have access to your assets and revoke them.