Understanding Infinite Approval
Infinite approval is a smart contract programming practice that allows a smart contract to have access to an unlimited number of tokens in a user’s wallet, upon authorization.
This practice grants unlimited access instead of granting access only to the specific number of tokens required.
Security Concerns in Programming
This programming feature has been considered problematic due to potential security risks.
Unfortunately, Bancor’s smart contracts contained a vulnerability that hackers could have exploited to steal all the authorized tokens.
However, Bancor’s developers identified the issue before any malicious activity occurred.
They quickly modified their systems to request approval only for the necessary number of tokens.
To mitigate the potential risk, the developers temporarily took control of user funds and returned them later to prevent any potential hacks.
Illuminating a Widespread Issue
The incident involving Bancor shed light on the prevalence of infinite approval among decentralized application programmers.
Research conducted by a crypto wallet researcher at ZenGo revealed that many popular decentralized applications feature infinite or excessively large approvals.