// GLOSSARY -- SECURITY & COMPLIANCE

What is Allowance Revocation?

1 min read Updated

Allowance revocation is the process of removing a previously granted ERC-20 token approval — setting the allowance back to zero so the spender contract can no longer transfer tokens from the wallet.

WHY IT MATTERS

Every outstanding token approval is a potential attack vector. When you revoke an allowance, you close that vector. Revocation is a simple approve(spender, 0) call — setting the allowance to zero and removing the spender's ability to transfer tokens.

Tools like Revoke.cash and Etherscan's approval checker make revocation accessible for humans. For agents, revocation should be automated — built into the transaction workflow as a cleanup step after each DeFi interaction.

The cost is minimal (a single contract call, typically < $0.01 on L2s) but the security benefit is significant. A wallet with zero outstanding approvals has zero approval-based attack surface.

HOW POLICYLAYER USES THIS

PolicyLayer supports automated allowance revocation for agent wallets — revoking approvals after each transaction completes and maintaining zero outstanding approvals as the default state. This eliminates the approval attack surface between transactions.

FREQUENTLY ASKED QUESTIONS

How much does revocation cost?
One gas transaction per token per spender. On L2s like Base: fractions of a cent. On Ethereum mainnet: a few dollars. The security benefit far outweighs the cost.
Should I revoke all approvals on my agent wallet?
Yes, revoke all unused approvals. Keep only approvals that are actively needed for ongoing operations. For agents, build revocation into the standard transaction workflow.
Can revocation break anything?
It removes the spender's ability to move your tokens. If you revoke an approval to a protocol you're actively using, subsequent transactions will fail until you re-approve. For one-off transactions, this is the desired behavior.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.