Uniswap – Understanding Rights Granted When Allowing Uniswap Protocol to Use Tokens

metamaskswapsuniswap

When trying for the first time to swap between 2 tokens with a given ETH wallet you get the message "Allow the Uniswap Protocol to use your XXX" (XXX is whatever token):

Uniswap asking to use your token

Clicking in the (?) icon there is not much explanation what it means to "use" your token:

Uniswap explanation when asking token access

And clicking the "Allow the Uniswap…" button having a MetaMask wallet connected this is the explanation from the wallet:

Metamask confirmation

I know this is only asked one time per token, and it's useful to e.g. prevent phishing attacks where I'm in a page that is not the XXX token contract but pretends to be… but my question is not why but what.

If I click the approval can Uniswap later take from my wallet (e.g. BUSD) my BUSD funds without my approval? it's a technical question, not whether Uniswap is going to do that in reality, but if so, and Uniswap is hacked in some way, whether the hackers could withdraw my funds without having my private key from my wallet just because I've signed this approval before.

Note aside, I think they should explain better what means the approval in the swap dialog (they = Uniswap and MetaMask).

Best Answer

Summary

ERC-20 compatible tokens have an "approve" function that lets the approved transfer them until the approved amount is moved. See below for "why we need the approve function".

This means, once you approve another address to do something with your tokens, they can do at anytime they wish. They are only stopped given access if you do one of the following:

  • You revoke the approval (in another TX)
  • They run out of allowance
    • (for example, if you allow them to have access to 2 tokens and they move 2 tokens, their allowance is expired)

When you allow the Uniswap contract permission, you give Uniswap the ability to move your tokens. Often, this is so the contract will know that you want to swap your tokens, and can route them accordingly.

The contract pulls your tokens from your wallet, as opposed to you pushing your tokens into the contract. But in order for them to pull the tokens, you have to give it approval to.

This is safe for Uniswap because that the time of my writing, the Uniswap contract doesn't have the ability to do something malicious with your tokens by itself or another actor.

Going granular

We can look at the full transaction details to break down precisely what happens when you approve ERC20-compatible tokens.

Here is an example Metamask:

enter image description here

And here is our full transaction details (hit the full transactions details button and then scroll to the bottom to see).

0x095ea7b30000000000000000000000004ca6e59a1a0a5608d23cce80c0def1d74a1b46ea0000000000000000000000000000000000000000000000000de0b6b3a7640000

enter image description here

You can see here exactly what is happening in this example. We approve the address in Granted to to transfer our ERC-20 tokens. And the approved amount you can see in the Approved amount section.

Why do we need an approve function?

Every ERC-20 token has an "approve" function. This function allows other addresses to transfer your tokens. The reason we need this, is many protocols need to pull the funds from your wallet so they can register you sending the money to them. If you just "send the money" the contracts won't always know what it's for.

More information

To go more granular, we can break down the TX details exactly:

  • 0x095ea7b3: The approve function selector, so we know which function to call in our TX.
  • 4ca6e59a1a0a5608d23cce80c0def1d74a1b46ea: The address of the approved
  • de0b6b3a7640000: The hex of 1 LINK (1000000000000000000)

(and some zeros in the TX data as well for solidity reasons)

Related Topic