Glossary
Token Approval
Authorizing a smart contract to spend a token on your behalf via the ERC-20 `approve` function. The most exploited surface in DeFi phishing.
Most DeFi interactions begin with an approve transaction: you
authorize a router or vault contract to move some amount of your
token. Many UIs request "infinite" approvals to avoid prompting on
every interaction.
That convenience is also the danger. A malicious contract you approve can drain the entire approved balance at any time. Tools like Revoke.cash, Etherscan's token approval checker, and built-in wallet checkers let you list and revoke stale approvals — something worth doing periodically and certainly after using any unfamiliar dApp.