Permit2

Smart Contract Updated Jul 2026

What is Permit2?

Permit2 is an on-chain approval router created by Uniswap Labs that allows users to approve any ERC-20 token (not just those supporting ERC-2612) through signature-based permits. It eliminates the need for separate on-chain approval transactions, saving gas and improving UX.

Permit2 is deployed as a singleton contract — one address handles approvals for all tokens across all protocols that integrate it.

How Permit2 Works

Traditional Approval Flow

  1. User calls approve(spender, amount) — costs gas
  2. User calls the swap/trade — costs gas
  3. Total: 2 transactions

Permit2 Flow

  1. User signs an off-chain message authorizing the protocol to spend tokens
  2. Protocol submits the signature + trade in a single transaction
  3. Total: 1 transaction — gas saved, UX improved

Permit2 also introduces time-limited approvals: instead of unlimited approvals, users can set expiration dates on token permissions.

Security Features

FeatureBenefit
Time-based expiryApprovals auto-expire — no permanent spend permissions
Nonce-based replay protectionEach signature can only be used once
Batch approvalsApprove multiple tokens in one signature
Witness-based signingSign arbitrary data alongside the permit for custom logic

How Scammers Exploit Permit2

Permit2’s signature-based model has a dark side: users sign messages without understanding what they authorize.

Scammer creates fake dApp → asks user to “verify wallet” or “claim airdrop” → user signs Permit2 message → scammer now has spending permission for their tokens → tokens drained

Because Permit2 works with off-chain signatures, the transaction doesn’t appear in the mempool — it can be executed at any time before expiry, and standard front-running protection (private RPCs) doesn’t help.

How to Protect Yourself

  1. Never sign messages from unverified dApps — a signature can be as dangerous as a transaction
  2. Use Permit2 dashboard to review and revoke active permissions
  3. Check the contract address in the signing prompt — if it’s not a trusted protocol, reject
  4. Set short expiry times when possible — prefer 1-hour approvals over indefinite ones
  5. Revoke unused approvals regularly using tools like revoke.cash or Etherscan’s token approval checker

Permit2 vs ERC-2612 Permit

AspectERC-2612Permit2
Token supportOnly tokens implementing ERC-2612Any ERC-20 token
Time limitsNo native expiryBuilt-in expiry support
Batch operationsNoYes
DeploymentPer-tokenSingleton (one contract for all)
AdoptionLimitedGrowing rapidly (Uniswap, many dApps)

Frequently Asked Questions

Q: Is Permit2 safe? A: Permit2 itself is a well-audited contract. The risk is not in the protocol but in what you authorize. Signing a Permit2 message from a scammer grants them token spending permission — always verify the requesting contract.

Q: How do I revoke a Permit2 approval? A: Visit revoke.cash or use Etherscan to find and revoke the Permit2 allowance for the specific token and spender address.