Ramaris Ramaris Docs
Back to App

Security Best Practices: Approvals, Revokes, and Scam Tokens

Protecting your crypto requires understanding common attack vectors. This guide covers token approvals, how to revoke them, and how to identify scam tokens.

Understanding Token Approvals

When you interact with DeFi protocols, you often need to approve them to spend your tokens. This is a two-step process:

Step 1: Approve

You sign: "DEX Router can spend my USDC"

Transaction:
├─ Contract: USDC (0xA0b8...)
├─ Function: approve(spender, amount)
├─ Spender: DEX Router address
└─ Amount: 1000 USDC (or unlimited)

Step 2: Spend

DEX uses your approval to move tokens:

Transaction:
├─ Contract: DEX Router
├─ Function: swap(...)
└─ Internally calls: USDC.transferFrom(you, pool, amount)

The Approval Risk

Approvals persist until you revoke them. If you approved a malicious or compromised contract, it can drain your tokens anytime.

Dangerous Approval Patterns

1. Unlimited Approvals
   "Approve MAX_UINT256 (infinite) tokens"
   ├─ Common on older dApps
   ├─ One compromise = total loss
   └─ Many users don't realize scope

2. Malicious Contracts
   "Approve this new DEX for your tokens"
   ├─ Phishing sites mimic real dApps
   ├─ Contract drains approved tokens
   └─ Often targets popular token holders

3. Compromised Protocols
   "Legitimate protocol gets hacked"
   ├─ Attacker uses existing approvals
   ├─ Historical approvals = current risk
   └─ Even "safe" protocols can be exploited

Checking Your Approvals

Approval Checker Tools

ToolURLFeatures
Revoke.cashrevoke.cashMulti-chain, batch revoke
Etherscanetherscan.io/tokenapprovalcheckerOfficial, Ethereum only
DeBankdebank.comPortfolio + approvals
RabbyBuilt-inShows risky approvals

How to Check (Revoke.cash)

  1. Go to revoke.cash
  2. Connect your wallet
  3. Select network (Ethereum, Base, etc.)
  4. View all active approvals
  5. Sort by risk or value

What to Look For

High Risk:
├─ Unlimited approvals
├─ Approvals to unknown contracts
├─ Old approvals you forgot about
└─ Approvals to unverified contracts

Lower Risk:
├─ Exact amount approvals
├─ Approvals to major protocols (Uniswap, Aave)
└─ Recent approvals you recognize

Revoking Approvals

Revoking sets the approved amount to zero:

Revoke Transaction:
├─ Contract: Token (e.g., USDC)
├─ Function: approve(spender, 0)
└─ Cost: Standard approval gas (~46,000 units)

When to Revoke

Immediately Revoke:
├─ Approvals to contracts you don't recognize
├─ Approvals to phishing sites (if caught in time)
├─ After any security incident news
└─ Unlimited approvals to non-essential contracts

Consider Revoking:
├─ Approvals older than 6 months
├─ Protocols you no longer use
├─ Before large deposits to wallet
└─ During low gas periods (maintenance)

Batch Revoking

Some tools let you revoke multiple approvals in one transaction:

  • Revoke.cash - Batch revoke feature
  • Rabby - Built-in batch revoke
  • Safe - Multi-sig batch transactions

Identifying Scam Tokens

Scam tokens are malicious tokens designed to steal funds through various mechanisms.

Common Scam Types

1. Honeypot Tokens

Behavior: You can buy but not sell

How it works:
├─ Contract has sell restriction
├─ Or requires massive sell tax (99%)
├─ Or blacklists addresses after buy
└─ Developer drains liquidity after buys

Detection:
├─ Use Honeypot.is to test
├─ Check recent sells on DEX Screener
├─ Read contract (look for blacklist functions)
└─ Test with tiny amount first

2. Fake Token Copies

Behavior: Mimics legitimate token

How it works:
├─ Same name and symbol as real token
├─ Different contract address
├─ Often airdropped to wallets
└─ Leads to phishing site when interacted

Detection:
├─ ALWAYS verify contract address
├─ Check CoinGecko/CoinMarketCap for official address
├─ Use block explorer to verify
└─ Ignore random airdrops

3. Approval Phishing Tokens

Behavior: Triggers approval when you try to sell

How it works:
├─ Token appears in your wallet
├─ You go to DEX to sell
├─ "Approve" transaction actually approves other tokens
└─ Attacker drains your real tokens

Detection:
├─ Never interact with unexpected tokens
├─ Use wallet with transaction preview (Rabby)
├─ Check what you're actually approving
└─ Hide/ignore unknown tokens

4. Rug Pulls

Behavior: Developers drain liquidity

How it works:
├─ Token launches with marketing hype
├─ Developer holds large supply or LP tokens
├─ Price pumps from retail buyers
├─ Developer sells everything or removes liquidity
└─ Token goes to zero

Detection:
├─ Check liquidity lock (Team.Finance, Unicrypt)
├─ Check holder distribution (avoid 1 whale)
├─ Research team (anonymous = higher risk)
└─ Verify LP tokens are locked

Token Verification Checklist

Before buying any token:

□ Contract verified on block explorer
□ Contract address matches official sources
□ Liquidity is locked (check locker contracts)
□ No honeypot (test on Honeypot.is)
□ Holder distribution looks healthy
□ Recent sells are possible (check DEXScreener)
□ No suspicious contract functions (blacklist, pause)
□ Token is at least a few days old
□ Not just airdropped to your wallet

Security Tools

Transaction Simulation

See what a transaction will do before signing:

  • Rabby - Built-in simulation
  • Pocket Universe - Browser extension
  • Blowfish - API and extension
  • Tenderly - Developer simulation

Portfolio & Risk Monitoring

  • DeBank - Portfolio tracking with risk alerts
  • Zerion - Clean UI with approval tracking
  • Nansen - Professional on-chain analytics

Contract Analysis

  • Token Sniffer - Automated contract analysis
  • GoPlus Security - Token security API
  • De.Fi Scanner - Smart contract audit scanner
  • Honeypot.is - Honeypot detection

Best Practices Summary

Daily Habits

1. Bookmark legitimate sites (don't Google)
2. Use hardware wallet for large holdings
3. Enable transaction simulation (Rabby)
4. Question every approval request
5. Never share seed phrase

Weekly/Monthly

1. Review and revoke old approvals
2. Check for suspicious tokens
3. Verify major holdings are safe
4. Update wallet software
5. Review connected sites

When Something Feels Wrong

1. STOP - Don't rush
2. VERIFY - Check official sources
3. ASK - Community (Discord, Twitter)
4. TEST - Small amount first
5. REVOKE - When in doubt, revoke

If You’ve Been Compromised

Immediate Steps

1. DON'T use the compromised wallet to revoke
   └─ Attacker may be watching for activity

2. Move remaining assets to NEW wallet
   └─ Create fresh wallet with new seed

3. Revoke approvals from NEW wallet
   └─ Use Flashbots to avoid front-running

4. Document everything
   └─ Transaction hashes, contract addresses

Reporting

  • Chainabuse.com - Report scam addresses
  • Scamsniffer - Report phishing sites
  • Protocol Discord - Alert community
  • Block explorer - Flag addresses

Further Reading