Sometimes, we can't see the forest for the trees. When not used carefully in dapps, ERC20 token allowances fit that description perfectly. This presentation goes into the story of how I accidentally put over 10,000 DAI at risk for my users, even if they only deposited 100 DAI in the smart contract per se.
