What Are Token Approvals?
Token approvals are used to give permission to a smart contract to spend your tokens on your behalf. This is a common pattern used by decentralized exchanges, lending protocols, and other decentralized applications. For example, if you want to trade your tokens on a decentralized exchange, you will need to give the exchange permission to Swap those tokens on your behalf.
Token approvals are also used with NFTs. For example, if you want to sell your NFT on a marketplace, you will need to give the marketplace permission to transfer your NFT on your behalf. Or if you want to use your NFT as collateral for a loan, you will need to give the lending protocol permission to transfer your NFT on your behalf.
How Do Token Approvals Work?
In most smart contracts of standard fungible tokens and NFTs, there is a mapping that keeps track of all the approvals that a user has granted, who they have granted it to, and how much / which assets they have granted the approval for. Whenever you grant or revoke one of these approvals, this mapping is updated.
When a contract tries to spend your tokens on your behalf, the token's smart contract then checks this mapping to see if the spender has permission to spend the tokens. If it does, the tokens are spent. If it does not, the transaction fails.
Fungible Token Approvals
For fungible tokens, smart contracts contain an approve() function to grant approval to another address to spend your tokens on your behalf. This function takes two parameters: the address of the spender and the amount of tokens. Revoking an approval is done by calling approve() again with the same parameters, but with the amount set to 0.
For example, if you want to grant approval to a decentralized exchange to spend 1000 USDC on your behalf, you would call approve() like this:
NFT Approvals
For NFTs, there are two different types of approvals: limited, and unlimited. Limited approvals are used to give permission to a smart contract to transfer a specific NFT (with a specific ID). Unlimited approvals are used to give permission to a smart contract to transfer any NFT within a collection. Limited approvals can only be granted to one address at a time, and because of that, most NFT marketplaces use unlimited approvals.
Limited NFT Approvals
For limited approvals, NFT contracts contain an approve() function to grant approval to another address to transfer a specific NFT on your behalf. This function takes two parameters: the address of the spender and the ID of the NFT. Revoking this approval is done by calling approve() again with the same parameters, but with the spender set to 0x000.... This kind of approval is also automatically revoked on transfer.
For example, if you want to grant approval to OpenSea to transfer your Pudgy Penguin with ID 4420 on your behalf, you would call approve() like this:
Unlimited NFT Approvals
For unlimited approvals, NFT contracts contain an setApprovalForAll() function to grant approval to another address to transfer any NFT within a collection on your behalf. This function takes two parameters: the address of the spender and a true/false value. Approving is done by calling setApprovalForAll() with a true parameter, while revoking is done using a false parameter.
For example, if you want to grant approval to OpenSea to transfer any NFT within your collection on your behalf, you would call setApprovalForAll() like this:
Semi-Fungible Token Approvals
Semi-fungible tokens are a special type of NFT that can be used to represent multiple copies of the same asset. As you can imagine, these tokens have a lot in common with NFTs, so their approval system also looks a lot alike. The biggest difference is that semi-fungible tokens have a setApprovalForAll() function, but no approve() function.