← Back to Learn
Intermediate7 min read

dApp Permissions

Learn how to review, grant, and revoke dApp permissions safely so you stay in control of what apps can see and spend.

Contents

  1. 1. What Are dApp Permissions
  2. 2. Before You Connect
  3. 3. Permission Types
  4. 4. How Requests Are Shown
  5. 5. Revocation Process
  6. 6. Security Warnings
  7. 7. Network Differences
  8. 8. Best Practices
  9. 9. What To Read Next

What Are dApp Permissions

When you connect PRC Wallet to a dApp, the site can request access to read your public data, ask you to sign messages or transactions, and request token approvals that enable spending. You stay in control by reviewing each request before approving.

Before You Connect

  • Verify the URL and SSL lock icon; prefer official links.
  • Open links from the project website or docs, not ads.
  • Use a small test approval or transaction first when unsure.
  • Keep a separate wallet/account for testing new dApps.

Permission Types

Read-only

View address, balances, NFTs, and activity. Cannot move funds.

Spending/Movement

Sign messages and transactions that move assets. Always verify amounts, recipient, and network.

Approval Caps (Allowances)

ERC-20 and similar tokens can grant a smart contract permission to spend on your behalf. Prefer setting a cap (exact amount) instead of unlimited approvals when possible.

You can revoke or reduce allowances later using explorers like Etherscan/BscScan (Token Approvals pages) or in-wallet tools.

How Requests Are Shown

  • Connection request: choose the specific account to share.
  • Signature prompts: verify domain, message intent, and nonce.
  • Approval prompts: set a cap where supported; avoid unlimited.

Revocation Process

  1. Open PRC Wallet → Settings → Permissions/Approvals.
  2. Select the token/contract and review current allowance.
  3. Revoke or reduce to a lower cap, then confirm the transaction.
  4. Verify on a block explorer: open the contract page, check your address allowances after the revocation tx confirms, and save the tx link for your records.

Security Warnings

Network Differences

Gas models, signature standards, and explorer tooling vary across networks (Ethereum, Arbitrum, BSC, Base, etc.).

Arbitrum ≠ bridging slippage. Slippage is usually a DEX liquidity issue during swaps. Bridging has separate risks (bridge contracts, message delays, reorg handling). Review each step.

Dev note: many dApps are built with frameworks like Vite; ensure the app origin matches the project’s documented domain before trusting requests.

Best Practices

  • Use per-dApp accounts and per-network checks.
  • Prefer approval caps and periodically revoke unused approvals.
  • Confirm contract addresses via docs and explorers.