MetaSuites (Prev. MetaDock) enhanced a token approvals management tool by Etherscan that can help you identify and avoid risky approvals to phishing addresses or vulnerable contracts.

What are risky approvals?

The approval mechanism in token transactions allows users to grant permission to other entities, such as smart contracts or other users, to spend their tokens on their behalf. For example, a user can approve a smart contract to use their USDC tokens, enabling the smart contract to perform operations like swapping USDC for other tokens without requiring further confirmation from the user. Once the tokens are approved for use by the smart contract, no additional signed messages are needed from the token owner for the smart contract to execute transactions with those tokens. This streamlines the transaction process by reducing the need for multiple confirmations.

However, the approval can be risky if the spender is a phishing address or a spender is a vulnerable contract. In both cases, the user's tokens can be stolen.

How Approval Diagnosis helps

MetaSuites flags suspicious approvals to vulnerable contracts and EOAs (phishing accounts, unsafe accounts, etc.) Users can review the approvals here and revoke all risky approvals immediately to prevent further loss.

Step 1: Click the Approval Diagnosis button

After installing the MetaSuites extension, the Approval Diagnosis button will be shown on the address page of the Etherscan.

Step 2: Check the risky approval

After clicking the button, the detailed approval results will be shown. Risky approval will be displayed in red with notes!

We can see the approval of the phishing address. Unfortunately, the user did not notice this approval, and the attacker transferred 70 WBTC from this address (see the following figure).

Step 3: Revoke the approval

If there is any risky approval, the user needs to remove the approval immediately. Just connect to the Web3 wallet and revoke all approvals flagged by MetaSuites.

Risky approval has been a significant threat to users, and MetaSuites helps users know of their risky approval. To stay safe, don't forget to make an approved diagnosis regularly.