Published in


Safeguard Your Wallet from Unlimited ERC-20 Allowance Risks

The biggest thing happening in Ethereum now is Decentralized Finance (DeFi). The primary applications of DeFi are trading, lending, and staking ERC-20 tokens. To use ERC-20 tokens, you need to allow the app you’re using to spend the tokens on your behalf — this is commonly known as the ERC-20 allowance. These allowances help to make the smart contract interaction process easy by allowing users to send money to a contract while at the same time calling a state to reflect the deposit. Although the allowances are essential in the running DeFi space, they can bring unprecedented risks to users if left unchecked.

Is ERC-20 allowance necessary?

So, if malicious actors can take advantage of the ERC-20 to steal money from your account, do you really have to enroll for the ERC-20 tokens? To get more insight into this risk vector, we explain how ERC-20 allowances work and why it might be difficult to do away with it as a trader.

Upon your first interaction with a DeFi space, you will be required to permit the decentralized application to access your wallet and spend funds, mostly Ether or a stable coin such as the Tether.

Ordinarily, the permission is unlimited to enable traders to skip the approval step every time they execute a transaction. It is anticipated that the DeFi platform will only deduct the amount preset by the trader.

In some cases, though, abnormal activities can happen. In fact, they have happened several times in DeFi platforms. In such cases, you may end up losing funds from your wallet.

Real-world ERC-20 allowance risks

For the longest time, the risk of unlimited ERC-20 has been theoretical with no real-life examples to back the fears. But as more and more platforms started using unlimited allowances, people or systems that take advantage of the tokens were bound to appear.

Bug exploits

In June 2020, the Bancor network suffered a bug that exposed its users’ wallets. In this case, the function that executes the ERC-20 was mistakenly exposed to the public, which allowed any person to execute it and deduct users’ ERC-20 tokens.

Well, you definitely must consider the ability of your crypto platform to keep your funds secure and possibly white-hat hack hackers to contain any damage or loss of funds.

Malicious projects

Investors sometimes lose their funds because of engaging in scams or fraudulent projects. Often, people try to control possible losses by investing only small amounts, but the wallets are entirely at risk because of unlimited ERC20 allowances.

Oh, and there are instances where project developers themselves steal from their customers. A case in point is UniCats, where developers drained Uniswap tokens without express instructions from the customers.

A way forward?

First, you may consider reviewing existing unlimited ERC-20 allowances in your wallet. You can then opt-out/revoke or minimize the number of such allowances.

Second, in your first interaction with the DeFi project, go for custom spend limits where you will need to approve every transaction. Simply put, say no to unlimited ERC-20 tokens.

Times are changing. However, with the current de facto standards in use in the DeFi space, users have to find ways to safeguard their wallets and manage the dangers associated with this vulnerability.

Don’t lose your mind on this; of course, don’t risk losing your funds. The IFXI platform is built for you — helping you buy, swap, and trade crypto in a secure and most reliable way. Your Friendly Crypto Exchange makes it easier for you to walk the path towards financial freedom. Register on IXFI today.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store