Token approval is the permission granted to smart contracts to spend tokens when users interact with decentralized apps (DApps). The majority of decentralized finance (DeFi) apps use what is known as “infinite approval” as the default setting. This makes future transactions easier to manage.
The downside of token approval is encountered when hackers exploit smart contracts and use the predesignated approvals to drain funds, which is always possible. To mitigate the risks posed by smart contract breaches, some have suggested that users revoke their token approvals.
It is important for people to occasionally review the DApps that they have authorized to conduct transactions on their behalf. DApps that have not been used in a long time should have their token approvals revoked. The same goes for DApps whose smart contracts are under review or being updated.