I tried to swap usdc for eth, apparently through uniswap and ended up having to approve 2 transactions regarding "unlimited usdc 0x exhange’.
Question 1: where is my swap ?
Question 2: I don’t like the sound of “unlimited usdc permission”, what is this and how do I revoke it?
Can you please specify the version of Brave you’re on? You can find this info by going to brave://version (please paste here the fields Brave and Revision).
I’m going to answer Question 2, and then Question 1 to tie things together.
This has to do with the way Ethereum-based blockchains work. You can’t “send” tokens to a smart-contract (in this case 0x Exchange Proxy), rather you need to allow the contract to spend your tokens.
Before you do a swap transaction, you therefore need to let 0x Exchange Proxy (the swap router we use) to spend your USDC balance, which is what the “Approve” transaction in the screenshot does. Note that this is only an approval, and not the real swap transaction as you probably figured.
For most users, an Unlimited approval makes it a one-time affair, so they don’t have to keep doing approval transactions every time they want to swap. For the more security conscious folks, the approval amount could be customised to whatever you want. Here’s how you do it.
(click on Edit Permissions in the above screen)
|Now that we know what’s the purpose of the “unlimited usdc permission” transaction, it seems what happened in your case is that you didn’t wait for the first approval transaction to confirm on etherscan, and hence did a second approval transaction thinking it didn’t go through. No harm done, other than the gas fee being spent twice. If you try to do the swap again, you’ll be able to complete it now.
I also realise that the UX is a bit confusing here, which is something we can improve. For example, as soon as user clicks on the “Confirm” button on an “Approval transaction”, we can indicate in the UI that user should wait until it’s successful.
EtherScan has a nice tool to check existing token approvals and optionally revoke them: https://etherscan.io/tokenapprovalchecker
Hope this answer helped. Please let me know if you have any other questions.
| Brave | 1.48.164 Chromium: 110.0.5481.100 (Official Build) (x86_64) |
|---|---|
| Revision | 4be7a36f7cb943af6118e449bbab494b43dcaddd-refs/branch-heads/5481_77@{#14} |
| OS | macOS Version 13.0 (Build 22A379) |
Thank you for the answer. As a user, I would expect the swap without any additional steps - because it feels like an exchange, I expect the same behavior. As a brave wallet user, I don’t care about intermediary steps unless something as explicit as "unlimited"is included.
I checked out etherscan, but honestly I don’t know if I can trust it. I trust Brave, but I don’t want to authorize a 3rd party to my wallet to revoke permissions. If this is the norm, then I need to move off brave until this is adressed.
Thanks for the question 
I agree with you that the UX is not frictionless and can feel scary to use. I’m afraid other swap products won’t be very different because the limitations are on the protocol side, and not the client side. We will, however, take this feedback seriously and make it a point to ensure users feel safe. Here are a few mitigations that we have planned, and I’ll ensure they are prioritised.
[short term] Provide a setting that allows users to choose between “Unlimited allowance” and “Just enough allowance”. The latter is more secure but will incur more gas fees.
This addresses your legit security concerns.
[medium term] Gasless trades that abstract the two transactions into a single one.
This addresses your UX concerns for the vast majority of trades on Ethereum and Polygon.
[long term] Leverage account abstraction to bundle all swap transactions for seamless UX.
This is the big picture, piggybacking on the EIP-4337 upgrade to the Ethereum protocol. Follow updates here: https://ethereum.org/en/roadmap/account-abstraction
I hope this helps. Your inputs help shape our products and let us prioritise what’s important, so please keep it coming. Cheers!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
