If you have ever swapped one token for another, you have used a token approval, even if you never noticed it. It is one of the most important ideas in self-custody, and also one of the least explained. Understanding it makes you safer and takes away a lot of the mystery behind those extra confirmation screens.
What an approval actually is
On Base, and on Ethereum networks in general, most tokens follow a standard called ERC-20. A swap app never holds your tokens for you. Instead, when you want to trade a token, you give a smart contract permission to move a certain amount of that token on your behalf. That permission is the approval.
So a swap is usually two steps, not one:
- Approve. You tell the token contract, "this swap contract is allowed to move up to X of my tokens."
- Swap. The swap contract pulls the tokens it is now allowed to move, and sends back the token you asked for.
The first time you trade a given token through a given app, you will see the approval step. After that, if the approval still has room left, you can swap again without approving every single time.
Why two steps instead of one
It feels like extra friction, but the design has a clear reason. Your tokens stay in your wallet until the moment of the trade. The swap contract can only touch what you explicitly allowed, and only the token you approved. Nothing can quietly reach into your wallet and take a different asset that you never granted access to.
This is also why native ETH does not need an approval. ETH is the network's own currency, so the wallet can send it directly. Only ERC-20 tokens, the ones built on top of the network, use the approve-then-move pattern.
Unlimited approvals versus exact approvals
When you approve, the amount matters. Many apps default to an unlimited approval, which means the contract can move any amount of that token, forever, until you change it. The upside is convenience, you never have to approve that token again. The downside is risk. If the contract you approved turns out to be malicious or gets compromised, an unlimited approval is a standing door into that one token.
The safer alternative is an exact approval, where you allow only the amount you are about to swap. You will approve more often, but the permission you leave behind is small or zero. For most people the honest answer is a balance. Use exact approvals for contracts you are unsure about, and reserve standing approvals for apps you trust and use often.
Approvals are per token and per contract
A common point of confusion is thinking an approval is global. It is not. Each approval covers one specific token and one specific contract. Approving USDC for one swap app says nothing about your other tokens, and nothing about a different app. That isolation is a feature. It keeps the blast radius of any single mistake as small as possible.
It also means a scam token sitting in your wallet cannot do anything just by being there. You would have to actively approve and interact with it. This connects directly to the advice in our guide on strange tokens that appear in your wallet, do not approve or trade tokens you did not expect.
How to keep your approvals tidy
Over time, an active wallet collects approvals the way a phone collects app permissions. Most are harmless, but it is good hygiene to review them now and then.
- Check what you have granted. Block explorers and dedicated approval tools let you list the active approvals for your address. On Base, a Base block explorer will show them.
- Revoke what you no longer use. Revoking is itself an on-chain transaction, so it costs a small amount of gas, but it sets the allowance back to zero. An app you tried once and abandoned does not need a standing permission.
- Be cautious with brand new contracts. A fresh contract asking for an unlimited approval deserves a closer look. There is rarely harm in approving only the amount you need.
The takeaway
A token approval is simply the permission that lets a swap move a specific token on your behalf. It exists so your funds stay in your wallet until the moment of the trade, and so each permission is narrow and separate from the rest. You do not need to fear the approval screen, you just need to read it. Know which token you are approving, prefer smaller allowances for anything unfamiliar, and clear out old permissions from time to time. That habit costs a few minutes and keeps self-custody working the way it should.