// GLOSSARY -- BLOCKCHAIN & CRYPTO FUNDAMENTALS

What is a Token Allowance?

1 min read Updated

A token allowance is the maximum amount of ERC-20 tokens that a specific spender address (typically a smart contract) is authorized to transfer from a wallet, as set by the approve() function.

WHY IT MATTERS

The ERC-20 allowance model is fundamental to DeFi. When you call approve(spender, amount), you set an allowance — the spender can call transferFrom() to move up to that amount of tokens from your wallet. The allowance decreases as tokens are transferred.

Allowances are per-token and per-spender. You might have a 1,000 USDC allowance for Uniswap and a 500 DAI allowance for Aave — each is independent. The total exposure is the sum of all your active allowances across all spenders.

For agent wallets, allowance management is a security-critical operation. Every outstanding allowance is a potential attack vector. PolicyLayer's approach: set minimal allowances, track all outstanding allowances, and revoke them proactively.

HOW POLICYLAYER USES THIS

PolicyLayer manages token allowances for agent wallets — enforcing maximum allowance amounts per spender, maintaining an inventory of all outstanding allowances, and supporting automatic revocation after transactions complete.

FREQUENTLY ASKED QUESTIONS

Can I set an allowance to zero?
Yes. Calling approve(spender, 0) revokes the allowance. Some tokens (like USDT) require setting allowance to 0 before setting a new non-zero allowance — a quirk that agents need to handle.
What is Permit2 and how does it improve allowances?
Permit2 (by Uniswap) provides a single approval to the Permit2 contract, which then manages granular, expiring sub-allowances. This reduces the number of on-chain approvals needed and adds expiration by default.
How do allowances relate to spending limits?
Allowances are on-chain permissions for smart contracts. Spending limits (as enforced by PolicyLayer) are higher-level budget constraints on agent behavior. Both are needed — allowances for protocol interaction, spending limits for overall budget control.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.