# Override User Level Approvals Collection-level approvals can override user-level approvals to force transfers. ## Interface ```typescript interface ApprovalCriteria { overridesFromOutgoingApprovals?: boolean; overridesToIncomingApprovals?: boolean; } ``` ## How It Works * **`overridesFromOutgoingApprovals: true`**: Skip sender's outgoing approvals * **`overridesToIncomingApprovals: true`**: Skip recipient's incoming approvals This enables forced transfers without user consent. ## Use Cases * **Force Revoke**: Remove tokens from users * **Freeze Tokens**: Prevent transfers regardless of user settings * **Emergency Actions**: Administrative control over transfers ## Mint Address Requirement **CRITICAL**: Mint address approvals must always override outgoing approvals: ```json { "fromListId": "Mint", "approvalCriteria": { "overridesFromOutgoingApprovals": true } } ``` The Mint address has no user-level approvals, so overrides are required for functionality. ## Dangerous Configuration Warning ⚠️ **Dangerous Configuration Detected** When an approval enables forceful transfers without a non-Mint address sender consent (via `overridesFromOutgoingApprovals: true`), this can cause dangerous side effects if not handled properly. ### Risks Forceful transfers can break protocols that rely on escrow or alternate state. Ensure you understand all side effects of every initiated transfer before proceeding. **Example**: Revoking from liquidity pools without handling pool shares can desync balances and enable exploits like infinite glitches (e.g. repeated revoke → rejoin pool → infinite liquidity). ### Recommendations 1. **Educate All Potential Initiators** * Ensure all approved initiators understand the risks and will handle transfers responsibly. 2. **Use Multi-Sig** * Use multi-sig or governance addresses to prevent single points of failure and unauthorized use. 3. **Consider Alternatives** * Do you really need revocation capabilities? If not, consider using safer approaches like whitelists, ownership checks, or other freezing methods instead of revoking to avoid these risks entirely. ## Reserved Addresses Protection BitBadges reserves certain addresses that cannot be forcefully overridden as a sanity check. This protection is **not a replacement for due diligence** but serves as an additional safety measure to prevent accidental or malicious transfers from critical protocol addresses. When designing your collection, treat these as external contracts. You can control the flow to / from, but if stuff is already escrowed, you cannot forcefully revoke it. Consider using the approval criteria address checks for EVM contracts and / or liquidity pool addresses to prevent this. ### Protected Address Types The following addresses are protected from forceful overrides: 1. **Liquidity Pool Addresses** * Every liquidity pool address is protected to prevent desyncing balances and enabling exploits 2. **Cosmos Coin Wrapper Path Addresses** * Every cosmos coin wrapper path address is protected to maintain wrapper functionality integrity 3. **Governance-Configured Addresses** * Any addresses explicitly set by governance as protected addresses ### Important Notes * This protection is a **sanity check**, not a comprehensive security measure * You should still perform thorough due diligence when designing approvals and initializing forceful transfers * The protection applies to forceful transfers (when `overridesFromOutgoingApprovals: true` is used) * This does not apply to transfers to / from these addresses that actually check their user-level approvals. * We bypass these protections if the initiatedBy === from address (the initiator is the protected address) * Normal transfers (with user consent) are not affected by this protection --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bitbadges.io/token-standard/learn/approval-criteria/overrides.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.