Guide
Solana token approvals explained
If you have used Ethereum, you know the dread of "Approve unlimited USDC" on a
random DeFi site. Solana handles token permissions differently — but
delegation still exists, and misunderstanding it is how wallets
get drained. This guide explains what an SPL Approve actually does,
how it compares to EVM allowances, where you will encounter it, and the habits
that keep delegated authority from becoming a back door.
What is a token approval on Solana?
SPL tokens live in separate on-chain accounts (see our SPL token accounts guide for the full picture). Each token account has an owner — your wallet — and optionally a delegate with a capped spending allowance.
The Token Program's Approve instruction sets that delegate address
and an amount the delegate may transfer on your behalf. Until
you revoke it or the delegate spends the full allowance, that program can move
up to that many tokens without asking you again for each transfer.
Approve vs a normal transfer
- Transfer — you sign once; tokens move immediately in that transaction.
- Approve — you sign once; a third party (the delegate) can call
Transferlater, within the approved amount. - Revoke — clears the delegate and resets the allowance to zero.
Simple SOL payments — like a 0.001 SOL micropayment on Garden Dice — do not involve token delegation at all. They are native transfers from your main account. Approvals appear when you interact with DEX routers, NFT marketplaces, staking programs, lending pools, or any app that batches token moves for gas efficiency.
How Solana differs from Ethereum allowances
Ethereum's ERC-20 approve(spender, amount) pattern is infamous for
"unlimited" approvals that sit open for years. Solana's model is structurally
different in ways that matter for safety:
| Aspect | Ethereum ERC-20 | Solana SPL |
|---|---|---|
| Approval scope | Per token contract, per spender | Per token account, per delegate |
| Amount | Often type(uint256).max (unlimited) |
Explicit u64 amount — no true "infinity" flag |
| Storage | Allowance mapping on the token contract | Delegate field on your token account |
| Typical drain vector | Stale unlimited approval exploited later | Malicious delegate + high approved amount, or tricked full-account authority change |
Solana is not magically safe — a delegate approved for 1,000,000 USDC is effectively unlimited for most users. The difference is that well-designed apps often approve only the swap amount for the current transaction, and the approval lives on your account where you can inspect and revoke it. Bad apps still ask for huge numbers. Read the amount.
Where you will see approval prompts
Any time a program needs to pull tokens from your wallet in a later instruction — or in the same transaction but as a separate signer path — you may get an approval step:
- DEX swaps — Jupiter, Raydium, Orca, and aggregators often approve the router for the input token amount, then swap in one or two transactions.
- NFT marketplaces — listing may delegate the marketplace program to transfer your NFT when a buyer pays.
- Staking and liquid staking — deposit flows may delegate a pool program to move your stake tokens.
- Lending (Solend, Marginfi, etc.) — deposits approve the lending program to custody tokens.
- Token launches and vesting — less common for everyday users, but same mechanism.
Connecting a wallet alone does not create token approvals — it only shares your
public key. The risk starts when you sign a transaction that
includes Approve, SetAuthority, or other authority
changes. Our
wallet connect guide
covers the connect step; this guide covers what happens after you approve a tx.
Red flags in the wallet popup
Phantom, Solflare, and Backpack simulate transactions and show a human-readable summary. Before you click Confirm, check:
- Unknown program ID — if the interacting program is not a DEX or marketplace you intentionally opened, reject.
- Approve amount far above what you need — swapping 10 USDC should not approve 1,000,000 USDC unless you understand why (usually you should not).
- SetAuthority / Assign — changing the owner or close authority of a token account is more dangerous than a normal Approve; treat it like handing someone your keys.
- Bulk instructions — drains often bundle Approve + Transfer + SOL sweep in one tx. Scroll the full instruction list.
- Wrong token mint — scammers use look-alike tickers. Verify the mint address on Solscan or the project's official docs.
Phishing sites copy real UIs but route approvals to attacker-controlled programs. Bookmark official URLs; never follow Discord or X DM links. More context in our wallet security guide.
How to revoke token approvals
Stale delegations are hygiene, not paranoia. If you tried a DEX six months ago and approved a router, that delegate may still be able to move tokens up to the remaining allowance.
Option 1: Revoke tools
Community revoke dashboards (search "Solana revoke" from official wallet docs,
not sponsored ads) list active delegations across your token accounts. They
submit a Revoke instruction that clears the delegate. You pay a
small transaction fee per revoke — usually a fraction of a cent in SOL.
Option 2: Wallet token detail screens
Some wallets expose delegation under an individual token's advanced settings. If you see a delegate address that is not a program you recognize, revoke it.
Option 3: Approve zero
Technically, approving delegate with amount 0 also clears
spending power. Revoke is the explicit instruction for this; tools wrap it for you.
Revoking does not disconnect the site from your wallet — that is a separate "connected apps" list in Phantom or Solflare settings. Do both periodically: disconnect unused sites and revoke token delegations you no longer need.
Approvals vs account authority (do not confuse them)
Newer users sometimes mix up delegate (limited transfer rights) with owner authority (full control). The Token Program allows changing authorities on an account:
- Owner — can transfer, burn, and reassign authorities.
- Close authority — can close the account and reclaim rent.
- Delegate — can transfer up to the approved amount only.
Malicious transactions may try to set the owner to an attacker's key. That is not a normal DEX approval — it is a full takeover. Reject immediately. Legitimate apps rarely ask to change owner authority on your existing token accounts; they create new PDAs or ATAs instead.
Practical checklist
- Approve the minimum amount needed for the current action when the app offers a choice.
- Prefer one-transaction swaps that approve and consume in the same tx (common on modern aggregators).
- Revoke quarterly or after experimenting with unknown protocols.
- Keep valuable tokens in a cold wallet that never signs random approvals.
- Use a hot wallet with limited balances for dApps and games.
- After any payment, verify on-chain — our payment verification guide shows how to confirm transfers landed.
- Hide spam tokens but never click their links — spam token cleanup explains why.