What is a Permit2 approval?
Permit2 is a token approval contract created by Uniswap Labs that can safely share and manage token approvals across different smart contracts. A Permit2 approval gives a protocol the ability to transfer tokens from your wallet.
Most tokens require an onchain approval when swapping. This requires a network cost. Each protocol also requires an onchain approval. These costs add up quickly and require you to have network tokens available. To limit these costs, Uniswap Labs created the Permit2 contract.
Permit2 enables token approvals to be shared and managed across different dapps. This creates a more unified, cost-efficient, and safer user experience when swapping. The Permit2 contract is open-source, so any protocol can choose to integrate it.
How does it work?
The Permit2 contract uses a two step process to manage your tokens:
- The first step is a one-time onchain approval transaction for the token, which requires network costs. The one-time onchain approval transaction saves you money by approving a maximum amount of your tokens to spend with one network cost.
- The second step is a signature approval. This gives the protocol permission to swap the tokens from your wallet. This has no network cost.
The signature approval is required to allow the spending of any tokens. This helps keep your wallet safe and empowers you to do your own research and approve the movement of tokens.
This approval can be further limited by the protocol that uses it. The protocol sets the contract that can spend the token. The protocol can also set the amount and the length of time the signature approval is good for.
As an example, the Uniswap app uses a limited-time approval of 30 days. This means that after 30 days the signature approval will no longer work and you will be prompted to sign a new approval.
The risks
There are always risks in crypto. Decentralized crypto requires you to manage your own funds. It’s important to read any warnings you see and do your own research before making any crypto transactions or signing any approvals.
With Permit2, it is extremely important for users to verify what they sign. Any onchain token approval to the Permit2 contract is vulnerable to a malicious signature approval.
Since a signature requires no onchain transaction, it’s easier for malicious actors to use it to gain access to your tokens. Examples of this may be a site asking you to prove you own your wallet, or saying you need to sign in with your wallet.
Signing an approval without reading it carefully and making sure it’s what you intended to sign puts your wallet at risk.
Read your requests for signatures, verify that the site you are on is trusted, and verify the permissions that you grant before signing.