ERC20 Approve/Allow Explained
When using a decentralized exchange to sell ERC20 tokens, there are two transactions necessary to get your order on the books. The first step is to approve the tokens on the exchange, and then you can set the price and amount of token which you want to sell.
This approval step isn’t always understood, or even known, because many exchanges automatically do this for users before they sell. Let’s shed some light on how this all works, and why it’s all necessary.
How it works
Both ERC20 token holders and DApp developers benefit from the approval protocol. Because DApps (decentralized applications) use smartcontracts to execute transactions, you must give permission for the smartcontract to transfer up to a certain amount of your token (called an allowance). The smartcontract will only ever be able to transfer the amount of token you approve. This is done, in part, as a security measure for ERC20 token holders.
Additionally, this protects the DApp developers and allows the smartcontract to function properly. By approving your token, you are allowing the DApp smartcontract to validate how much of the token you truly have. You are also allowing the smartcontract to transfer the number of allowed tokens (called an allowance) when an action is executed on the contract. This is important because it ensures that you cannot attempt to sell more tokens than you actually have.
Selling your car
Look at the approval process like this: If you were attempting to sell your car (token), but you needed help, you may go to a local car dealership and ask for their help. They will agree to offer your car on their lot (DApp) for a small fee. This way, a lot more potential buyers will be able to see your car than if you were to just offer it to one person at a time.
But before any of this can be done, you have to grant permission to the car dealership to sell your car for you, and they need to have proof that you actually own the car you are offering.
They ask for your proof of ownership, and afterwards, the two of you sign a contract. After they’ve seen that you really own the car, and after you give permission to the dealership to sell the car, it is now available on the car lot to be sold to anyone.
This final part is just like the approval process because the car dealership acts as an intermediary between buyer and seller — similar to a smartcontract — which you must give permission to sell your asset.
Issues in the standard approval process
When approving your tokens for the first time on a DApp, many exchanges automatically approve a nearly infinite amount of tokens so that you only have to approve once. This can be convenient and reduce the amount of funds that you spend on transaction costs. However, having a nearly infinite number of tokens approved means all of that token in your wallet is available to be transferred by the smartcontract.
Under normal circumstances, this isn’t an issue — those funds are only transferrable if you create the transaction. But, if there is a bug in the smartcontract that results in unauthorized transference, then your wallet would be at considerable risk of being completely wiped out. By approving more tokens than you will ever have in your wallet, you are sacrificing security for convenience. DApps that only offer one option — the approval of a huge number of tokens— harbor a fatal security flaw.
Additionally, DApps are exploitable by bad actors, whether they are corrupt DApp developers, or crooked hackers. This wouldn’t be unheard of in today’s cryptocurrency world. There have been several hacks, attacks, and scams resulting in the theft of untold millions of USD in value (including the Bancor hack).
Making transactions on the Ethereum blockchain is inexpensive, typically only costing a few cents. If you are making large transactions, and are holding a large value in your wallet, then you must ask yourself whether paying a few extra cents in transactions costs is worth it to not have your entire fund of soon-to-moon token get wiped out by a hack or errant bug.
Fortunately, there are a few decentralized exchanges which allow you to set a custom allowance of a token, like Ethex. This gives you greater choice in your token transactions, and greater security. Let’s see what this looks like.
Custom allowance in action
Let’s sell some BAT on Ethex. I have 1,201 BAT, but don’t have anything approved yet. So, the first step is to approve some.
By approving 600 BAT, I’m allowing the Ethex smartcontract to transfer up to that amount of BAT, and no more. The remainder of the BAT I have (601) will not be allowed to be transferred.
Now that some of my BAT is allowed on the smartcontract, I can sell it to other traders. So, I decide to put all 600 up for sale.
And once I’ve confirmed my decision to sell my token, the order shows up on the exchange!
Now, we securely offered to sell some of our token while keeping the rest completely off the exchange. If I wanted to, I could cancel this order at any time before it’s taken, or I could approve more token and offer to sell more.
A final thought
Customizing the amount of tokens you allow is an important feature because it gives you greater security, and greater choice — two imperatives in cryptocurrency. However, very few exchanges give users this choice. If you want to see how trading is meant to be done, check out Ethex.