Security
Permit2
How Permit2 replaces persistent token approvals with time-bound, signature-based permissions that expire automatically.
Permit2 is a token approval protocol developed by Uniswap. It replaces the standard ERC-20 approve pattern with signature-based permissions that include expiration deadlines.
The Problem With Standard Approvals
With standard ERC-20 approvals:
- Contracts get access to your full approved amount, often unlimited
- Approvals never expire - they persist until you manually revoke them
- You're responsible for tracking and revoking every single one
- If a contract is compromised, those approvals can be drained
This is how $493M has been stolen since 2020.
How Permit2 Fixes This
With Permit2:
- You approve the Permit2 contract once per token (audited, non-upgradable, battle-tested by Uniswap)
- Each swap gets permission for the exact amount only
- Permissions expire automatically after a deadline
- Nothing to revoke - unused permits become invalid on their own
How freaky.fi Uses Permit2
When a Permit2-enabled quote is selected:
- You sign a permit message (off-chain, no gas cost)
- The signature authorizes the aggregator's router to spend the exact swap amount
- The permission includes a deadline after which it becomes invalid
- The swap executes atomically with the permit
No residual approval remains after the swap completes.
Implementations
freaky.fi is progressively implementing Permit2 across all supported aggregators:
| Aggregator | Permit2 |
|---|---|
| 0x | Implemented |
| Odos | Implemented |
| OpenOcean | Implemented |
| Bungee | Coming soon |
| LI.FI | Coming soon |
| 1inch | Not supported |
| CowSwap | Uses VaultRelayer |
| KyberSwap | Not supported |
| OKX DEX | Not supported |
| Velora | Not supported |
For aggregators without Permit2 support, freaky.fi uses exact approvals as a fallback.