Home / First swap

Your first on-chain swap: approve is 10× more dangerous than swap

"Approving is more dangerous than swapping" is something most beginners never get told. It's also where roughly 90% of first-year wallet losses come from. This piece walks the mechanism, then walks through one real 0.5 USDC trade — every number, every confirmation, every thing-to-think-about before pressing OK.

Published 2026-05-06 ~1,600 words · 16-min read Hands-on cost: $3.40
03 · OPERATION $ approve · slippage · gas Tested 2026-05-12 · Arbitrum / Uniswap V3 · 0.5 USDC → 0.000139 ETH · 3s · $0.06
One real swap on Arbitrum: 0.5 USDC → 0.000139 ETH, 0.3% slippage, $0.06 gas, 3-second confirmation.
On-chain swaps separate into two on-chain actions: approve (a persistent authorization) and swap (a one-shot trade). The first is roughly 10× more dangerous than the second — most first-year wallet losses come from approve, not swap. The standard phishing playbook isn't tricking you into a bad swap; it's tricking you into approving an unlimited allowance to a malicious contract.

⚠ Educational content only — not financial / investment / legal / tax advice. On-chain operations are irreversible; perpetuals and leverage can cause 100% principal loss. Full disclosure → disclaimer.

Decide where you actually are

No wallet yet, or coins still on the exchange?
→ Read self-custody basics first.
Wallet exists, has USDC, but the swap UI feels intimidating?
→ Jump to the three parameters.
Swapped a few times but click-through every approve prompt?
→ Read the approve section twice.

Three parameters: slippage, gas, deadline

Slippage

The maximum drift between quoted price and executed price that you'll accept. Pool quotes 0.000280 ETH per USDC, slippage 0.5% → tx fails if executed price drops below 0.0002786 ETH. Standard ranges: 0.05%–0.1% for stable-to-stable, 0.3%–0.5% for stable-to-major-coin, 1%–3% for medium altcoins, 5%–10% for fresh memes (you're approaching "willing sandwich victim" territory by then). Never run unlimited or 50% slippage.

Gas

Network execution fee = gas used × gas price. Slow / medium / fast tiers correspond to gas price. The editorial recommendation for beginners: use "medium". Most wallets' "fast" tier overpays (MetaMask mainnet runs ~18% over actual).

Deadline

The transaction expires after this; default 20–30 minutes covers 99% of cases. Don't extend it without good reason — the longer attackers have to mess with the price, the more risk you carry.

Approve: why this step matters most

⚠ Read twice

The single biggest first-year crypto loss vector. We're serious. Slow down here.

ERC-20 contracts forbid arbitrary smart contracts from moving your tokens. For Uniswap to swap your USDC, it must first be allowed to move your USDC. approve(spender, amount) is that grant.

The dangerous default: most wallets' approve dialog pre-selects "unlimited" (technically 2^256-1). Convenient — you only approve once, future swaps of the same token need no second approval. But it means that the approved contract can theoretically drain your tokens at any future time, until you revoke or the allowance is consumed.

Uniswap's official router is audited and trustworthy. But:

  • Phishing sites impersonate Uniswap and route your approve to a malicious contract — its code is "transfer all immediately."
  • Fake "V4 release / airdrop claim" pages prompt approves to a new contract — that contract drains your balance.
  • setApprovalForAll is the NFT-equivalent: approve once, the operator can move every NFT in that collection forever. Most NFT phishing exploits this.

Two practical safety levels:

  1. Strict: every swap approves only the exact amount needed. Costs an extra approve per swap, but zero attack surface afterward.
  2. Practical (editorial choice): unlimited approve only on well-known official contracts (Uniswap, SushiSwap, Curve, 1inch); strict approves on anything new; monthly revoke.cash sweep for everything else.

Hands-on: 12-step 0.5 USDC swap

▶ Editorial hands-on · 2026-05-12
14:23 UTC+8 · OKX Wallet 6.84 · Arbitrum One · Uniswap V3 · 0.5 USDC → 0.000139 ETH · 0.3% slippage · 0.08% actual slippage · $0.06 gas · 3s confirmation

This is the operation log. Mirror it for your own first swap. Arbitrum chosen for cheap gas (total cost < $0.10); USDC → ETH chosen for deep liquidity and predictable behavior.

  1. 14:18 · switch network to Arbitrum One. If it's not in your wallet's list, add via "Add network" or import from chainlist.org.
  2. 14:19 · confirm balance. At least 1 USDC on Arbitrum. If not, withdraw from OKX exchange: Assets → Withdraw → USDC → network Arbitrum One.
  3. 14:20 · open swap. In-wallet swap, or go directly to app.uniswap.org (type the URL — don't click search results or ads).
  4. 14:21 · enter 0.5 USDC. Auto-quotes ~0.000139 ETH.
  5. 14:22 · slippage to 0.3%. Click the settings icon; don't accept "Auto" without inspecting the percentage.
  6. 14:22:30 · first prompt: Approve USDC. Default is "Unlimited". Edit to 0.6 (a little above the trade amount).
  7. 14:22:50 · sign the approve. Check the recipient address — Uniswap V3 SwapRouter is 0xE592... (verifiable at docs.uniswap.org). Confirm.
  8. 14:23:00 · approve confirmed on Arbitrum (2 seconds). Swap button becomes active.
  9. 14:23:05 · second prompt: Swap 0.5 USDC → 0.000139 ETH. Review: quote 0.000139 ETH ≈ $0.498 (at ETH = $3,580 reference), 0.05% pool fee, minimum received 0.000138 ETH (slippage protection), gas estimate $0.06.
  10. 14:23:11 · swap confirmed. Balance change: USDC −0.5, ETH +0.000139. Verify on Arbiscan with the transaction hash.
  11. 14:25 · verify. The block-explorer trace should show: 0.5 USDC from your address → Uniswap V3 router → Uniswap pool → 0.000139 ETH back to your address.
  12. 14:30 · optional but recommended: revoke the leftover allowance. Open revoke.cash, connect wallet, switch to Arbitrum, find Uniswap V3 SwapRouter's 0.1 USDC remaining allowance, click Revoke.

Total elapsed: 9 minutes operation, 3 seconds on-chain confirmation. Total cost: approve gas ($0.04) + swap gas ($0.06) + revoke gas ($0.03) = $0.13.

Open OKX (OK18866) →Next: phishing defense

Post-swap: revoke leftover allowances

Most tutorials end at "swap successful". But approves don't auto-expire. They persist until consumed or revoked. If the approved contract is later compromised, or you accidentally approved a bad contract, the attacker has window until you revoke.

Monthly revoke routine

  1. Pick a fixed day each month (first Sunday).
  2. Open revoke.cash (open-source, free, doesn't custody anything).
  3. Connect wallet; check each chain (Arbitrum, Base, mainnet, BSC, Polygon...).
  4. For each allowance: unused 3+ months → revoke; unknown contract → immediately revoke; known mainstream (Uniswap, Aave, 1inch) you still use → keep; any "Unknown contract" with "Unlimited" → revoke and figure out where it came from.
  5. Each revoke costs a small gas fee. Doing them in a batch is efficient.

Five common beginner mistakes

1. First swap on mainnet

Mainnet gas is unpredictable, failed transactions still cost gas, a beginner's first attempt drops $20 routinely. Always do the first swap on a cheap L2 (Arbitrum / Base / OP / X Layer) — cost under $0.10, mistakes don't hurt.

2. Clicking unlimited approve to "save a future gas fee"

You save approve gas in the future and bet every future dollar on "this contract never gets attacked and I never get phished on it". Bad bet. Strict allowance except for official mainstream contracts.

3. Searching "Uniswap" on Google and clicking the first result

Phishing ads have made it to top positions on multiple search terms in 2024–2025. Bookmark the real URL once, never search again.

4. Treating "in-wallet swap" as safer

The wallet's own contract is trustworthy; the routing it picks is third-party. In-wallet swap is more convenient, not necessarily cheaper or safer — compare manually for large trades.

5. Forgetting the gas token

Withdrew 1 USDC to Arbitrum, no ETH for gas — you're stuck. Withdraw a small amount of the native gas token alongside.

FAQ

What slippage should I use?

For deep pairs like USDC/ETH, 0.3% is usually enough. Medium liquidity altcoins 1%-3%. Newly launched meme tokens 5%-10% — but at that range you're approaching willing-sandwich-target territory; test with a small amount first.

What does approve mean, why is it a separate transaction?

approve is the allowance mechanism defined in the ERC-20 standard. You authorize a smart contract to move up to a specified amount of a specific token from your address at any future point.

Can I cancel a pending transaction when gas is too high?

Yes, with a same-nonce higher-gas replacement transaction. Beginners often shouldn't manual-cancel; let the stuck tx expire naturally.

What is a sandwich attack and how do I avoid it?

An MEV bot front-runs your swap and tail-runs it. Use a private RPC (Flashbots Protect / MEV Blocker), keep slippage tight, split large trades.

My swap failed but gas was deducted — where did the money go?

Gas was paid to miners/validators; the tokens didn't move. Common causes: slippage exceeded, gas limit too low, insufficient allowance.

Sources

  1. Uniswap V3 whitepaper · uniswap.org
  2. ERC-20 EIP-20 · eips.ethereum.org/EIPS/eip-20
  3. revoke.cash · revoke.cash
  4. Flashbots Protect · docs.flashbots.net
  5. Arbiscan · arbiscan.io
By Lin Zhixing Editorial Lead

Five years of Web3 security research, six years of self-custody. Mostly writes the "which button do I click without getting phished" kind of guide. This piece was cross-reviewed by two additional editors plus one external proofreader before publication.

📅 Published 2026-05-06 · 🔄 Last reviewed 2026-05-18 · Submit a correction · Author bio & disclosures →
Next · phishing defense →Or jump to bridges