// GLOSSARY -- BLOCKCHAIN & CRYPTO FUNDAMENTALS

What is a Token Approval?

2 min read Updated

A token approval is an on-chain authorization that permits a smart contract (spender) to transfer a specified amount of ERC-20 tokens from your wallet, required for interacting with DeFi protocols, DEXes, and other smart contracts.

WHY IT MATTERS

Before a DEX can swap your tokens, it needs permission to move them. That's what an approval does — it tells the token contract 'this spender can transfer up to X tokens from my account.' Without an approval, smart contracts can't touch your tokens.

The danger lies in unlimited approvals. Many dApps request infinite approval (type(uint256).max) for convenience — approve once, interact forever. But if that dApp's contract is compromised, the attacker can drain all your approved tokens. This has caused billions in losses.

For AI agents, approval management is critical. An agent that grants unlimited approvals to every DeFi protocol it interacts with creates an enormous attack surface. Each approval is a potential drain vector. Agents should use precise approval amounts and revoke approvals after use.

HOW POLICYLAYER USES THIS

PolicyLayer controls which token approvals agents can grant. Policies can restrict approval amounts (no unlimited approvals), limit approved spenders to a whitelist, and automatically revoke approvals after use — closing the attack window.

FREQUENTLY ASKED QUESTIONS

What's the difference between an approval and an allowance?
They're the same thing from different perspectives. 'Approval' is the action of granting permission. 'Allowance' is the resulting state — the amount a spender is allowed to transfer. You approve to set an allowance.
Should agents use unlimited approvals?
No. Agents should approve only the exact amount needed for each transaction and revoke unused approvals. The gas savings of unlimited approvals don't justify the security risk for autonomous agents.
How do I check and revoke approvals?
Use tools like Revoke.cash or Etherscan's token approval checker. For agents, build approval revocation into the workflow — approve before transaction, revoke after.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.