You connected to a DEX once last summer. You signed a permission. You forgot. The approval is still live, sitting in your wallet's contract layer, ready to drain the next time the protocol gets compromised. This guide undoes that.
This is the boring security maintenance most BSC users never run. The panda runs it quarterly and still has funds.
Prerequisites: a wallet you can connect (MetaMask, Trust Wallet, Rabby), the address you want to check, and a small BNB balance to pay revocation fees (usually under $0.50 per call).
Time to complete: 10 to 15 minutes. Longer if you have a wallet with two years of forgotten approvals, in which case set aside thirty minutes and brew something hot.
What is a token approval and why does it matter?
A token approval is a permission you grant to a smart contract to spend a specific ERC-20 (or BEP-20, the BSC equivalent) token from your wallet. According to Ethereum's ERC-20 documentation, the standard exposes an approve(spender, amount) function. Every time you trade on a DEX, stake in a vault, or list an NFT, you sign one of these.
The problem is the default amount. Most dapps request uint256 max (an unlimited allowance) to save you a fee on the next interaction. Convenient. Also a permanent open door if the dapp's contract is ever exploited.
According to DefiLlama, BSC held $5.53 billion in DeFi TVL on May 17, 2026, down 0.85% over the past week. A meaningful share of that flows through contracts users connected to once and forgot. Old approvals do not expire on their own. They wait.
The wider picture: per CoinGecko's global market data, the total crypto market cap stood at $2.68 trillion on May 17, 2026. Every active wallet on every chain carries some version of this stale-approval risk. BSC users carry it more, because the chain's lower fees encouraged casual experimentation across many small protocols.
| Approval type | Convenience | Risk profile |
|---|---|---|
Unlimited (uint256 max) |
High (sign once) | Highest if spender is exploited |
| Exact amount per trade | Lower (sign each time) | Bounded loss |
| Permit2 / signature-based | Medium (time-limited) | Lower, but still revocable |
Step-by-step: revoking approvals on BSC
The official BscScan tool is the most reliable starting point. It is free, hosted by the explorer team, and does not require a third-party connection.
1. Open the BscScan Token Approval Checker
Go to bscscan.com/tokenapprovalchecker. Paste your wallet address into the search bar. You do not need to connect a wallet yet. The tool reads on-chain data straight from the explorer.
2. Review the live approvals list
You will see a table with: token, approved spender contract, allowance amount, and a "Revoke" button. Sort by allowance descending. Anything that says "Unlimited" should be your first target if you no longer use that protocol.
3. Cross-check the spender contracts
Click each spender address before revoking. If the contract is the official router of a DEX you still use (PancakeSwap, BiSwap), leave it. If it is a protocol you cannot identify, revoke. The rule is unforgiving on purpose.
4. Connect your wallet
Click "Connect to Web3" in the top right. Approve the connection only with the wallet that actually owns these approvals. The panda has seen people connect their cold wallet to a tool they meant to test with their hot wallet. An expensive lesson, repeated weekly.
5. Click "Revoke" on each obsolete approval
Each revocation is its own transaction. It costs gas (BNB on BSC, usually $0.20 to $0.80 at current fees). Approve the prompt in your wallet popup, wait for the block confirmation, repeat.
6. Verify the change
Refresh the page. The allowance should now show "0" or disappear from the list. If it does not, the transaction failed (see Troubleshooting below).
7. Repeat the check on Ethereum and other EVM chains
The same wallet often holds approvals across Ethereum, Polygon, Arbitrum, and Base. Use Revoke.cash for a multi-chain view if you want to clean everything in one sitting. Same logic, same flow, different gas costs.
For deeper contract verification before re-approving anything, our 10-minute BSC contract audit guide covers the bytecode side. The wider BSC ecosystem hub collects the rest of our BSC work.
Troubleshooting common errors
"Transaction failed: out of gas": increase the gas limit slightly. Revocations are cheap but not free. 50,000 gas units is the standard floor on BSC.
"No approvals found": either the wallet is genuinely clean (rare for active users) or you pasted the wrong address. Double-check the casing.
The spender contract is not labeled: BscScan only labels verified, well-known contracts. Unknown spenders are the exact ones worth investigating. Search the address on DexScreener and Google. If nothing credible turns up, revoke first and ask questions later.
"Wallet popup never appears": refresh the page, reconnect the wallet, clear the dapp connection in your wallet's settings, and try again. Browser extensions accumulate state.
You revoked an approval you actually needed: harmless. Next time you use the dapp, it will request a fresh approval. You will sign and continue.
FAQ
Do approvals expire automatically?
No. They persist until you (or someone with a private-key compromise) revoke them. This is by design and is exactly the surface area attackers exploit.
Should I revoke all approvals after each session?
For high-value wallets, yes. For daily-trading wallets, no, the gas would exceed the risk. Quarterly is the sensible default.
Is Revoke.cash safe to connect to?
Revoke.cash is a widely-used open-source tool maintained by the Rotki team. It does not custody funds. Confirm the URL before connecting and never sign a transaction you do not understand.
Can a malicious dapp revoke approvals without my consent?
No. Revocation requires a signature from the wallet that owns the token. What a malicious dapp can do is request a new max approval, which is why reading every prompt matters.
What about Permit2 approvals?
Permit2 (a newer signature-based approval system used by Uniswap and others) is also revocable, both on Ethereum and on BSC where supported. The BscScan checker now flags these alongside standard ERC-20 approvals.
What to watch next
Wallet UX is slowly catching up to the threat model. Expect default time-limited approvals in major wallets through 2026, and signature-based session keys to replace some classic approvals entirely. Until then, the quarterly clean-up is the cheapest insurance on the BSC user calendar.
If this is your first cleanup, walk through our self-custody wallet setup guide first to confirm your seed-phrase hygiene matches the same standard. Self-custody only protects what you actively maintain.
Dadacoin is a satirical memecoin on BSC. We ship guides like this because the alternative is asking holders to trust us, and the panda would not trust him either.
The numbers say yes. We raise an eyebrow.
