How to revoke smart contract access to your cryptocurrency

A smart contract hosted on a blockchain autonomously executes once all the specified terms or conditions in a contract or agreement are satisfied, negating the need for intervention by an intermediary.

The terms of the contract are written in machine-readable code. Once the smart contract is complete, it is irreversible and legally binding, raising the question: Is it possible to terminate a smart contract? And more importantly, can smart contracts be reversed?

This article discusses whether it is possible to revoke smart contracts and, if possible, how one can revoke smart contract access to their cryptocurrency holdings.

What does revoking smart contracts mean?

Revoking a smart contract typically means disabling or terminating its functionality on a blockchain. For instance, revoking may stop access to a user’s crypto wallet and ability to move tokens. Additionally, revoking a smart contract halts permission to view a user’s token balance or public address.

Why are smart contracts revoked?

One may revoke a smart contract under several circumstances, such as if they don’t intend to buy, sell or transfer an asset or use the smart contract again.

In other instances, malicious developers build backdoors into smart contracts, allowing unauthorized access to funds.

Who can change a smart contract?

Like any contract, once the parties have agreed on the contract terms, they are unchangeable. Even if the parties wanted to do so, the terms are written on the blockchain, which is unalterable. This makes smart contracts immutable.

The only way to “change” the terms of a contract is to “upgrade” the contract, that is, swap the underlying smart contract of a decentralized application (DApp) for another. Alternatively, the parties can choose to have an upgradeable contract from the start, which allows for modifications to the smart contract.

Who controls a smart contract?

No one controls the smart contract once the code is written into the blockchain. The code will execute if or when a predetermined condition or stipulation is met or verified. The action involves updating the blockchain and sending notifications. Only the parties with access to the smart contract can see the transaction details.

Since no one has express control of the contract, the parties need to determine the stipulations and describe them adequately without ambiguity to ensure they can execute. And this begs the question: can tokens be locked inside a smart contract? When a user sends tokens into a smart contract, no one can trade or withdraw them, essentially locking them in it.

The smart contract will only release the tokens after a certain period or performance of certain conditions. Some platforms even allow for customization of the token lockup, with a user specifying the date and time when the tokens can become available.

What are token approvals and permissions in smart contracts?

The only way to protect against the exploitation of smart contracts is to approve only the withdrawal of funds required, avoid untested platforms, and revoke token approvals and permissions.

But what are token approvals and permissions? Smart contracts allow DApps to automate the moving of tokens in one’s wallet, hence token approvals and permissions. Therefore, token approvals and permissions signify the owner’s approval of a smart contract to withdraw tokens from a wallet to execute a trade. A user can use several means to revoke smart contract access to their tokens:

Revoking smart contracts through token block explorer

Individual networks usually have block explorers, such as Polygonscan and Etherscan, which contain an approval section where users can utilize the token approval tool to revoke permissions and approvals.

These are the typical steps taken when using a token approval tool, and please note that only the address owner can revoke connected smart contracts:

1. Navigate to the token approval page.

2. Type your address in the search bar and click “search.”

3. Any smart contract associated with the address that can spend on the user’s behalf will appear in the assets list, which provides further information like the smart contract’s token allowance, transaction hash and token standards.

4. Connect to the wallet by clicking the “connect to Web3” button.

5. Once the connection is confirmed, select which contract(s) to revoke.

How to revoke token approvals and permission of smart contracts on Ethereum

Here are the usual steps taken when revoking smart contracts on the Ethereum mainnet:

Step 1: Revoke access tools

Users can track and revoke smart contracts connected to their addresses using several third-party revoke access tools. Connect to any of these websites to commence the process:

  • approved.zone: Ethereum
  • Revoke: multiple networks
  • EverRise: multiple networks
  • Ethallowance: Ethereum
  • Unrekt: multiple networks
  • Beefy.finance: BNB Smart Chain
  • Etherscan: Ethereum
  • Cointool: multiple networks

Step 2: Connect the wallet

Once you’ve connected to the website, search for and click on the “connect wallet” button. When connecting the website to one’s wallet, ensure they are on the same network, as revoke access tools only work in one kind of chain.

For instance, if connected to the Ethereum mainnet, one cannot revoke a Polygon smart contract, as only Ethereum smart contracts are supported and will be displayed.

Step 3: Select smart contract

The smart contract tool will display all the compatible smart contracts, showing their access permissions and spending limits. Users should select the ones they wish to revoke. If unsure, select all and grant new permissions on the next launch of each DApp.

Step 4: Revoke access

Click the “revoke” button, pay for the transaction, and wait a minute or two to complete the transaction. Log out and log back into the website to confirm the revoked transaction was successful (the smart contract should not be on the list).

Does revoking token access also terminate DeFi strategies?

No. Users will retain their positions in decentralized finance (DeFi) strategies such as pooling, staking and lending, allowing them to keep receiving rewards. However, it can significantly affect them, depending on the context and how the strategy is structured.

In DeFi ecosystems, users often grant smart contracts permission to access their tokens for various functions like trading, lending or staking. If a user revokes this access, the smart contract can no longer move or manage the user’s tokens on their behalf.

This action can disrupt ongoing strategies that rely on the contract’s ability to interact with the tokens. However, the underlying DeFi strategy isn’t terminated but paused or made inactive until access is granted again or the strategy is adjusted.

Is disconnecting a wallet from a project the same as removing permission to use funds?

No, they are not the same thing. Disconnecting a wallet from a project only cancels permissions that allow other users to view one’s token balances, public address and past activities, and it stops the initiation of transactions. However, please note that it will not prevent the execution of transactions.

On the other hand, removing permission to use funds means revoking a DApp’s permission to access and move a wallet’s contents.