Understanding Permit2: One Approval, All DEXs
The traditional ERC-20 approval model is broken. You grant unlimited access to your tokens, pay gas for every approval, and accumulate stale permissions that never expire. Permit2 fixes all of this with a single approval and per-swap signatures.
Key Takeaways
- Permit2 replaces per-protocol unlimited approvals with one approval to a single audited contract
- Each swap requires a signed message (not a transaction) specifying exact amounts and expiration time
- Signatures are single-use with unique nonces and cannot be replayed or modified
- After the initial one-time approval, you save gas on every subsequent swap across all Permit2-compatible protocols
Table of Contents
- The Problem with Legacy Approvals
- What is Permit2?
- How Permit2 Works
- Benefits of Permit2
- Which Protocols Use Permit2
- How ChainBridge Uses Permit2
- Frequently Asked Questions
The Problem with Legacy Approvals
Before you can swap an ERC-20 token on any decentralized exchange, you must first "approve" the DEX contract to spend your tokens. This is a fundamental requirement of the ERC-20 standard -- tokens cannot be transferred by a third party without explicit permission from the owner. While this permission model is necessary, the way it has been implemented across DeFi has created serious problems.
Multiple Approval Transactions
Every time you use a new DEX or protocol with a token, you must send a separate on-chain approval transaction. If you use 5 different DEXs, you need 5 separate approvals for the same token -- each costing gas.
$5 - $50 per approval on Ethereum mainnet
Unlimited Approvals Are Dangerous
Most DeFi protocols request unlimited (max uint256) approval for convenience, so you do not need to approve again for future swaps. But this means the protocol contract can spend all of your tokens at any time. If the contract is exploited, the attacker can drain your entire balance.
Potential loss of entire token balance if exploited
Exact Approvals Waste Gas
The safer alternative -- approving only the exact amount needed -- means you pay for a new approval transaction every single time you swap. On Ethereum mainnet, this adds $5-$50 in gas per trade.
Extra $5 - $50 gas per swap
Stale Approvals Accumulate
Over time, your wallet accumulates dozens of active approvals to various contracts. Most users never revoke them. Each one represents a potential attack vector if the approved contract is compromised.
Ongoing security risk from forgotten approvals
No Expiration Mechanism
Legacy ERC-20 approvals have no built-in expiration. An approval you granted two years ago to a contract you no longer use is still active and exploitable. Manually revoking costs gas.
$3 - $20 gas per revocation
The DeFi ecosystem has lived with these problems for years because the ERC-20 standard itself does not provide a better mechanism. Several token-level solutions were proposed (EIP-2612, DAI-style permits), but they require each token to implement the permit function -- and most existing tokens do not. A protocol-level solution was needed.
What is Permit2?
Permit2 is a token approval contract developed by Uniswap Labs and deployed at the same address on every major EVM chain. It acts as a shared approval infrastructure that any protocol can integrate with.
The core idea is simple: instead of approving each DEX individually, you approve the Permit2 contract once per token. Permit2 then acts as a gatekeeper -- it will only transfer your tokens when it receives a valid, signed permission from you that specifies the exact amount, the recipient protocol, and an expiration time.
Because Permit2 is a standalone contract (not embedded in each token), it works with any standard ERC-20 token -- including tokens deployed years before Permit2 existed. This universality is what makes it a practical solution for the entire ecosystem, unlike token-level permits that require each token to opt in.
How Permit2 Works
The Permit2 flow has two phases: a one-time setup and a per-swap signing process.
One-Time Token Approval (On-Chain Transaction)
The first time you want to use a token with any Permit2-enabled protocol, you send a standard ERC-20 approve transaction granting the Permit2 contract access to that token. This is similar to a traditional approval, but you only do it once per token -- not once per protocol. After this single transaction, the Permit2 contract can manage permissions for all protocols that integrate it.
Per-Swap Signature (Off-Chain, No Gas)
For each swap, your wallet asks you to sign an EIP-712 structured message. This message contains the token address, the exact amount to transfer, the recipient protocol address, a unique nonce, and an expiration deadline. This signature is free -- it does not require an on-chain transaction or gas payment. The protocol includes your signature in the swap transaction, and Permit2 verifies it before allowing the token transfer.
Permit2 Verifies and Transfers (On-Chain)
When the swap transaction executes, the protocol calls Permit2 with your signature. Permit2 verifies the signature is valid (correct signer, unexpired, unused nonce), then transfers the exact specified amount of tokens from your wallet to the protocol. If any verification fails -- wrong amount, expired deadline, reused nonce -- the transfer reverts.
The result is that after the initial one-time approval, every subsequent swap with that token across any Permit2-compatible protocol only requires a signature -- no additional gas for approvals. And each signature is tightly scoped to the exact trade you are executing.
Benefits of Permit2
Permit2 delivers improvements across security, gas efficiency, and user experience simultaneously. Here is a detailed look at each benefit.
One Approval per Token, Ever
You approve the Permit2 contract once per token. After that, all protocols that integrate Permit2 can access your tokens via signatures -- no additional on-chain approvals needed. This single approval is the only unlimited approval you ever grant.
Per-Swap Signature Permissions
Each swap requires a fresh EIP-712 signature that specifies the exact amount, recipient, and expiration. The signature cannot be reused, modified, or applied to a different trade. This gives you per-transaction granularity without per-transaction gas costs.
Automatic Expiration
Every Permit2 signature includes an expiration timestamp. If the transaction is not executed before the deadline, the permission automatically expires. No stale approvals accumulate, and no manual revocation is needed.
Gas Savings Over Time
After the initial one-time approval, every subsequent swap saves the cost of an approval transaction. If you swap the same token 10 times across different protocols, you save 9 approval transactions worth of gas compared to the legacy model.
Unified Security Model
Instead of trusting 10 different protocol contracts with unlimited access to your tokens, you trust one audited contract (Permit2). Reducing the number of unlimited approvals directly reduces your attack surface.
Which Protocols Use Permit2
Permit2 adoption has grown significantly since its launch. Major DeFi protocols across trading, bridging, and NFT marketplaces have integrated it.
| Protocol | Usage | Since |
|---|---|---|
| Uniswap | Universal Router, UniswapX | 2023 |
| 0x Protocol | Permit2 swap and gasless orders | 2023 |
| ChainBridge | All swaps via 0x, UniswapX aggregators | 2025 |
| Balancer V3 | Batch swap operations | 2024 |
| Across Protocol | Bridge deposits | 2024 |
| Pendle | PT/YT trading | 2024 |
| OpenSea | Seaport NFT orders | 2023 |
As more protocols adopt Permit2, the value of your single approval increases. Each new protocol integration means one more place you can trade without paying for an additional approval transaction.
How ChainBridge Uses Permit2
ChainBridge uses Permit2 as its primary token approval mechanism. When you swap through ChainBridge, the process works as follows:
When you initiate a swap with a token you have not used before, ChainBridge checks whether you have an active Permit2 approval for that token. If not, it prompts you to approve Permit2 in a single on-chain transaction. This approval covers all future swaps with that token across all aggregators that ChainBridge routes through (0x, UniswapX, Balancer V3).
For each subsequent swap, ChainBridge constructs a Permit2 signature request and asks your wallet to sign it. The signature specifies the exact sell amount, the aggregator contract that will execute the swap, and a short expiration window. This signature is included in the swap transaction data sent to the selected aggregator.
For gasless swaps via 0x, Permit2 is especially powerful. The entire flow -- from approval to execution -- can be done with a single on-chain transaction (the initial approval) followed by nothing but signatures. No gas for the swap itself, no gas for subsequent approvals.
ChainBridge also handles edge cases transparently. If you are swapping a token that does not support Permit2 (rare, but possible with some exotic tokens), ChainBridge falls back to a traditional approval flow and notifies you that an on-chain approval is required.
Frequently Asked Questions
Is Permit2 safe to give unlimited approval to?
Permit2 is one of the most audited contracts in DeFi, developed by Uniswap Labs and reviewed by multiple security firms. The key insight is that an unlimited approval to Permit2 is fundamentally different from an unlimited approval to a DEX. Permit2 can only transfer tokens when it has a valid, unexpired signature from you. Without your active signature, the Permit2 contract cannot move your tokens. This is a significant security improvement over traditional unlimited approvals where the approved contract can move your tokens at any time without further authorization.
Do I need to approve Permit2 on every chain?
Yes. Permit2 is deployed at the same address on every chain, but ERC-20 approvals are chain-specific. You need to approve Permit2 once per token per chain. For example, if you approve USDC on Ethereum, you still need a separate approval for USDC on Arbitrum.
What happens if I revoke my Permit2 approval?
You can revoke your Permit2 approval at any time using any token approval management tool (like Revoke.cash). After revoking, you will need to re-approve Permit2 the next time you want to swap that token. Any outstanding signatures become useless once the underlying approval is revoked.
Can a signed Permit2 message be used twice?
No. Each Permit2 signature includes a unique nonce that is consumed when the transaction executes. Even if someone obtained your signature, it cannot be replayed after the first use. Additionally, signatures have an expiration timestamp, so unused signatures become invalid after their deadline.
How is Permit2 different from EIP-2612?
EIP-2612 is a token-level permit standard that must be implemented by each individual token contract. Many tokens (especially older ones like USDT on Ethereum) do not support it. Permit2 works with any standard ERC-20 token, regardless of whether it implements EIP-2612, because it operates at the approval layer rather than the token layer.
Does Permit2 work with native ETH?
No. Permit2 works with ERC-20 tokens only. Native ETH is not an ERC-20 token and does not have an approval mechanism. To use Permit2 with ETH, you must first wrap it to WETH. ChainBridge handles this wrapping automatically when needed.
Related Articles
Start Trading with Permit2
Approve once, swap everywhere. ChainBridge uses Permit2 for secure, gas-efficient token approvals across all 7 aggregator sources.