Eliminate allowance risk with Permit2

0x v2 fully eliminates allowance risk using the latest innovations in limited token approvals, including Permit2, protecting your users and reputation.

July 17, 2024

Under the Hood

Are infinite token approvals putting your users at risk? Outstanding allowances on upgradable smart contracts expose $6.5 billion for the top 20 tokens on Ethereum, according to smart contract security firm Dedaub.

Still today, it’s laborious and gas-expensive to manage allowances, requiring users to constantly audit approvals with tools like revoke.cash or risk losing their tokens. Over $405 million has been stolen in approval exploits since 2020.

In order to protect users and keep funds safe, we need to fundamentally reconsider the app allowance model by avoiding the infinite approval pattern altogether.

As part of 0x v2, our completely redesigned smart contracts fully eliminate allowance risk by baking in protection at the ground level using the latest innovations in limited token approvals, including Permit2.

In this article, we will explore the dark side of token approvals and take a look at how 0x v2 protects your users and reputation, enabling the most secure trading experience in DeFi.

The dark side of token approvals

When a user goes to trade on a new app, they immediately have to approve tokens to trade. Users have to consider whether the app is safe, whether or not they will get drained, and if they should switch to a different wallet. All of these concerns add a layer of friction to user trading flows.

If you are building in crypto, you know how scary hacks can be. The canonical ERC20 token approval method that we have all come to know is a major roadblock. Reducing the risk of being onchain is key to onboarding new users.

Infinite approvals give apps access to entire token balances for an indefinite period and can lead to unsuspecting users having their balances drained in the event of an exploit, a risk you don’t want to have to worry about when building your app. There is news of a major exploit in the space on a near-daily basis.

The risk is in the billions. The dollar value that has been approved and backed by actual balances to upgradeable contacts in DeFi is $6.5B for the top 20 tokens on Ethereum and $7.5B for the top 500 tokens, according to leading smart contract auditing firm Dedaub.

A security vulnerability can strike at any time and affect even the best of teams. Bugs will slip by the watchful review of even the best auditors. In order to protect users, we need to avoid the infinite approval pattern altogether.

Secure approvals with Permit2

Originally developed by Uniswap based on the work of 0x alumnus Lawrence Forman, Permit2 is a token approval method that can be used to safely share and manage token approvals across different smart contracts.

Permit2 has two parts. The most commonly used, AllowanceTransfer, reduces the burden on users of managing token approvals by approving contracts for a specific period of time and value. The other half, SignatureTransfer, enables approvals that are not just time and value bound, but also single-use, which reduces allowance risk to virtually zero.

How does it work? Permit2 features:

  • Permits for any ERC20 token, including tokens that don’t support the native permit method.
  • Time-bound approvals, which remove risk associated with approvals for indefinite periods of time.
  • Signature-based approvals can be used for single-use transactions.

You don’t need to trust us

0x v2’s completely redesigned settlement contracts, known as 0x Settler, utilize Permit2 to perform swaps without a passive allowance - meaning Settler does not hold any allowance, nor does it hold token balances between swaps.

Single-use approvals with Permit2

We believe Permit2 is critical for secure swap applications, but not just any usage of Permit2. Time-bound infinite approvals, while significantly better than the never-expiring infinite approval, still expose users to risk.

In order to fully eliminate the risk that passive allowances could be exploited, 0x Settler utilizes single-use signatures for every transaction.

Single-use approvals prevent user funds from being stolen even if the smart contracts were compromised, so you don’t have to trust us.

For wallets that currently send a limited approval transaction alongside the swap to bypass infinite approvals, Permit2 provides the same security in a more gas efficient way. 

Ready to get serious?

0x’s next-gen pricing engine is in open beta! v2 offers the most seamless swap experience at the best all-in prices with optimal trade execution, powerful new monetization features, and enhanced security.

Book a v2 onboarding call to get started.

We’ll be sharing more details about our redesigned router, aggregation capabilities, and smart contracts over the next few weeks.

Contents

Subscribe to newsletter

By submitting you're confirming that you agree with our Terms and Conditions.
Yay! You’re signed up.
Oops! Something went wrong, but it's not your fault.

Up next

Fundamentals: Bridges

Dec 20, 2024

Fundamentals: Intents

Dec 12, 2024

Fundamentals: SocialFi

Nov 26, 2024

Unlock powerful onchain insights with 0x Trade Analytics API

Nov 5, 2024

Fundamentals: Smart Contract Wallets

Oct 15, 2024

Compliance made easy with 0x Address Screening

Sep 26, 2024

0x's next-gen pricing engine is now live

Sep 25, 2024

Introducing state-of-the-art Buy/Sell Tax support

Sep 4, 2024

Take control of your balance sheet with 0x v2

Aug 15, 2024

0x v2 bug bounty program

Jul 30, 2024

What does the "best price" in DeFi really mean?

Jul 23, 2024

Introducing 0x's next-gen pricing engine

Jul 15, 2024

0x Dev Digest: May 2024

May 31, 2024

Frame spotlight: Paycaster

May 21, 2024

Frame spotlight: Airstack

May 9, 2024

Power up your Farcaster Frames with 0x swaps

May 2, 2024

0x Dev Digest: April 2024

Apr 30, 2024

Introducing 0x Trade Analytics

Mar 12, 2024

Coinbase Case Study

Jan 30, 2024

Introducing gasless swaps and approvals with Gasless API

Jan 22, 2024

Bitcoin ETFs have arrived

Jan 12, 2024

Building in the open: 0x pricing update

Dec 11, 2023

Matcha leverages Gasless API to bring users the most frictionless trading experience in DeFi

Nov 30, 2023

0x Dev Digest: October 2023

Nov 2, 2023

Monetize crypto trading in your app with Swap API

Oct 26, 2023

0x Dev Digest: September 2023

Oct 3, 2023

A comprehensive analysis of RFQ performance

Sep 26, 2023

Unlock optimal trades in Swap API with 0x RFQ liquidity

Sep 20, 2023

0x Dev Digest: August 2023

Aug 31, 2023

Portal launches swaps in its white label MPC wallet powered by 0x

Aug 16, 2023

0x Swap API is now live on Base

Aug 9, 2023

Introducing paid plans for Swap API

Jul 24, 2023

Decreasing Frictions in DeFi hackathon recap

Jul 12, 2023

0x's pricing principles

Jul 3, 2023

0x Dev Digest: June 2023

Jun 30, 2023

App spotlight: tastycrypto

Jun 27, 2023

App spotlight: 31Third

Jun 22, 2023

0x 101: Intro to gasless API

Jun 13, 2023

Inspiration for building with Swap API

Jun 8, 2023

0x Dev Digest: May 2023

May 31, 2023

Fundamentals: What are gas fees?

May 25, 2023

Decreasing Frictions in DeFi Hackathon

May 12, 2023

Swap API liquidity management

May 18, 2023

0x 101: Getting started with Swap API

May 16, 2023

0x 101: Intro to Swap API

May 9, 2023

0x 101: Intro to 0x Orders

May 4, 2023

0x 101: Intro to 0x Protocol

Apr 27, 2023

A new home for 0x Protocol

Apr 24, 2023

Say hi to the new 0x

Apr 20, 2023

0x Year in Review 2022

Jan 5, 2023

0x Swap API expands to Arbitrum

Sep 22, 2022

Managed liquidity

Apr 23, 2020

0x Smart Order Routing

May 19, 2020

App spotlight: Taho

Mar 8, 2022

Fundamentals: What is a Layer 2 chain?

Apr 19, 2023

Fundamentals: What is the difference between quoted, executed, and adjusted prices?

Apr 19, 2023

Fundamentals: What is price impact?

Apr 19, 2023

Fundamentals: What is slippage?

Apr 19, 2023

Fundamentals: What is an automated market maker (AMM)?

Apr 19, 2023

Fundamentals: What is market making?

Apr 19, 2023

Fundamentals: What is a DEX aggregator?

Apr 19, 2023

Fundamentals: What is liquidity?

Apr 19, 2023

Fundamentals: What is a decentralized exchange (DEX)?

Apr 19, 2023

0x at ETHDenver 2023

Mar 21, 2023

The 0x Mission and Values

Jun 7, 2018

Announcing support for new testnets

Aug 10, 2022

0x Swap API expands to Binance Smart Chain

Mar 17, 2021

Scaling DeFi — Layer One

Sep 1, 2021

Introducing Slippage Protection

Jul 14, 2022

San Francisco Blockchain Week 2022 Recap

Nov 21, 2022

0x Swap API adds new liquidity sources

Jul 11, 2022

Review of slippage performance

Sep 14, 2022

Phuture case study

Oct 20, 2022

Measuring the impact of hidden DEX costs

Apr 14, 2022

Market making in DeFi

Aug 12, 2021

Introducing 0x Labs

Jun 22, 2020

Introducing 0x Explorer

Oct 26, 2022

Growing DeFi with professional market makers

Aug 26, 2020

0x 101: How to Access 0x Data

Apr 25, 2023

GameStop chooses 0x Swap API

Jul 8, 2022

Build on Base with 0x

Feb 23, 2023

A comprehensive analysis on DEX liquidity aggregators’ performance

Oct 1, 2020

Announcing 0x Swap API v1

Oct 1, 2020

Access all DEX liquidity through 0x Swap API

Jan 28, 2020

Announcing the 0xpo Summit 2022

Aug 24, 2022

0x Protocol, a preview of what’s to come

Mar 16, 2023

Update to our Privacy Policy

Mar 14, 2023

Price Impact Protection has arrived

Dec 14, 2022

0x Limit Orders Go Multi-Chain

Dec 23, 2021

0x Labs raises $70M Series B led by Greylock to continue expanding Web3’s core exchange infrastructure

Apr 26, 2022

0x launches Tx Relay API in beta, with Robinhood Wallet as first partner

Mar 1, 2023

0x Labs raises $15M Series A to bring decentralized exchange markets to a global audience

Feb 5, 2021

App spotlight: Zerion

Jun 22, 2022

App spotlight: Matcha

Nov 24, 2021

App spotlight: DexGuru

Jun 17, 2021

App spotlight: DEXTools

Sep 23, 2021

App spotlight: DODO

Aug 10, 2021

App spotlight: DappRadar

Dec 16, 2021

App spotlight: DeFi Saver

Jul 20, 2021

0x + Brave partner to make crypto and DeFi more accessible to everyone

Jul 7, 2021