# Tutorial 58: The Risk of Infinite Approvals and Arbitrary Contract Calls {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} In decentralized finance (DeFi), infinite token approvals have become a common practice to streamline the user experience. This approach allows a contract to transfer any amount of a user's tokens without requiring the user to approve each transaction individually. While this mechanism is convenient, it also introduces significant risks, especially if the contract interacting with the tokens is insecure or vulnerable to exploitation. An insecure smart contract with infinite approval access to a user's tokens can lead to disastrous consequences, especially if arbitrary function calls are not properly protected against. Attackers can exploit this lack of security to drain users' tokens or execute unauthorized contract calls, leading to severe financial losses. This tutorial will discuss the vulnerabilities associated with infinite approvals, how they can be exploited through arbitrary function calls, and the best practices to mitigate these risks. Understanding these concepts is essential for building secure decentralized applications that protect user funds. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-58-the-risk-of-infinite-approvals-and-arbitrary-contract-calls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.