Postmortem: Reducing Stale Approval Exposure by 78%
A postmortem on stale approval risk reduction, from baseline measurement to policy changes and ongoing monitoring KPIs.
Last updated: February 19, 2026 · Reviewed by SVGN Security Contributors
Objective
This postmortem reviews a targeted initiative to reduce stale approval exposure by at least 60% within one month while preserving normal DeFi operations.
Scope
- Wallets in scope: 9 operational wallets
- Chains in scope: Ethereum, Base, Arbitrum
- Assets in scope: stablecoins and treasury-related ERC-20 tokens
Methodology
We defined stale approvals as:
- no token transfer activity in 45+ days, or
- protocol relationship already deprecated internally
- risk score (1-5)
- business owner
- intended usage frequency
KPI Framework
Primary KPIs:
- Stale approvals count
- Estimated value at risk under unlimited approvals
- Mean time to revoke flagged approval
- Workflow breakage incidents after revocation
- Number of emergency re-approvals
Results
| KPI | Baseline | Week 4 |
|---|---|---|
| Stale approvals | 58 | 13 |
| Value at risk (modeled) | 100% baseline | 22% baseline |
| Mean time to revoke | 9.2 days | 1.8 days |
| Workflow breakages | - | 2 minor incidents |
Risk Scoring Model Used
| Factor | Weight |
|---|---|
| Approval type (unlimited/exact) | 35% |
| Token criticality | 30% |
| Spender trust confidence | 20% |
| Last-used recency | 15% |
Sample Revocation Queue (redacted)
queue_item_id: RQ-044
chain: Ethereum
wallet: 0x43a1...f81E
spender: 0x81B2...4d7C
risk_score: 4.6/5
status: revokedIncident Notes
Two business workflows briefly failed after revocation due to missing owner tags. Both were recovered in under 15 minutes and documented for recurrence prevention.
Key Findings
Ownership tagging is non-optional
Without explicit owner mapping, revocations can break hidden dependencies.
Weekly cadence outperforms monthly sweeps
Smaller, regular cleanup cycles reduced operational disruption and improved response times.
Risk visibility improves team behavior
Publishing a lightweight weekly risk dashboard changed signer behavior before policy enforcement.
Policy Changes Adopted
- Maximum 30-day lifetime for non-essential unlimited approvals
- Required owner tag at approval creation
- Automatic stale-review queue every Monday
- Fast-track revoke path for unknown spender addresses
Conclusion
Structured metrics and ownership discipline transformed approval hygiene from ad-hoc cleanup into routine operations. The measurable risk reduction justified making the process permanent.
Sources and References
Want more privacy & security insights?
Explore our blog for more articles on Web3 privacy, wallet security, and decentralized technology.
View All Articles