What Is Infinite Approval?

Infinite approval is a smart contract programming practice, often considered to be problematic. This programming feature allows a given smart contract access (upon authorization from a user) to an unlimited number of tokens in the user’s wallet instead of only the number that is actually needed.

An infamous example of a smart contract that was programmed this way is one employed by the decentralized exchange, Bancor. When a user first used the system, they had to give the smart contract authorization to withdraw an unlimited number of tokens from their wallet.

Bancor’s smart contracts also contained a vulnerability that could have allowed a hacker to steal all the units of the token that the user authorized the contract to manage by leveraging this vulnerability. Fortunately, Bancor’s programmers noticed before malicious actors could steal the tokens and later modified their systems to only ask for approval for the needed number of tokens. The developers preemptively “stole” user funds to return them later to avoid a hack.

After the controversy surrounding Bancor, it surfaced that infinite approval is a very popular practice among decentralized application programmers. Research conducted by a researcher at crypto wallet ZenGo revealed that popular decentralized applications feature infinite or extremely large approvals.