Binance Smart Chain Token Allowance Checker

Background

Each time anyone tries to use a new decentralized application (DApp) on Binance Smart Chain, you need to give this DApp an allowance for it to spend your tokens on your behalf. If you’re a veteran DeFi user you’ve probably done this workflow a thousand times.

In comparison, this process is somewhat similar to when you authorize your utility provider to set up a direct debit allowing it to charge your electricity bill from your bank account on a monthly basis. However, if a malicious DApp receives a wallet address owner's approval to spend their tokens, there is no doubt that all funds will be stolen. Once a transaction is sent on the blockchain it is irreversible.

What is a token allowance and how does it work?

The BEP20 token contract has an approved method. Any dApp that you want to use needs access to yourBEP20 token in order to do something on your behalf. If you want to deposit BUSD in PancakeSwap for example, you need to first give the smart contract powering the PancakeSwap DApp access to your BUSD before you can deposit it in a second transaction. Most DApp ask for an unlimited number by default for simplifying the UX and minimizing the amount of transactions users have to make to use the application.

How to protect yourself?

The good news is that you can protect yourself against these kinds of threats by withdrawing the approvals.

How to revoke access to your tokens manually

Go and visit: https://bscscan.com/tokenapprovalchecker

Input your address

Connect MetaMask with BscScan

Confirm to revoke approval

You can also check out this Knowledge Base article.

Conclusion

Token allowances represent a huge security risk. It is clear that progress needs to be made in this area if we want to improve the user experience and security in the crypto space. With this feature rolled out, we hope the community can keep better track of token approvals and collectively reduce our funds lost to phishing!