Enable users to revoke allowances in their activity history #17464
Labels
area-activity
team-confirmations-planning
(only for internal use within Confirmations team)
type-enhancement
type-security
Background
For a very long time we have been wanting to empower users to review and revoke the permissions they have given (see #8174 and #10331 as examples). We haven't got to this yet, but there's a small scope, low hanging fruit work that we can do in the mean time.
Recently, a phishing victim realized while they were being drained, and to save their money the time to revoke was critical. If that user had an easy access revoke option in their recent approve transactions that would increase their chance of revoking the allowance in time. This is the win we're trying to achieve with this issue. It won't be something that will work for everyone and in all situations, but for some users it might be just enough.
Design file
Figma link (WIP)
Requirements and things to consider
2.a. If it was giving allowance, we'll display a revoke button (per design above) in that activity history line.
2.b. If it was revoking allowance, we won't display any button.
What giving allowance and revoking allowance look like for each method and contract
Note: for all below, spenderAddress is the address that is receiving or has received the allowance.
ERC20 approve
giving allowance:
approve(spenderAddress, amount)
revoking allowance:
approve(spenderAddress, 0)
- you revoke by setting the amount to 0 for that specific spenderAddress.ERC721 & ERC1155 approve
giving allowance:
approve(spenderAddress, tokenId)
revoking allowance:
approve(zeroAddress, tokenId)
- you revoke by setting a new spender, like the burner address. There can always only be a single spender using this method.ERC721 & ERC1155 setApprovalForAll
giving allowance:
setApprovalForAll(spenderAddress, true)
revoking allowance:
setApprovalForAll((spenderAddress, false)
- you revoke by setting the approved(bool) parameter to false.Reference
ERC20 docs
ERC721 docs
ERC1155 docs
A ERC20 contract on Etherscan
A ERC721 contract on Etherscan
A ERC1155 contract on Etherscan
Screenshot of new design
The text was updated successfully, but these errors were encountered: