prepare_token_approve

Build an unsigned approve(spender, amount) transaction that raises (or sets) an ERC-20 allowance — the structured inverse of prepare_revoke_approval. amount is a decimal in token units (e.g. "10" for 10 USDC) or the literal "max" for unlimited. Refuses unlimited approvals to canonical no-key addr...

Server VaultPilot MCP vaultpilot-mcp
Category Write
Risk class Medium
Parameters 64 required

What prepare_token_approve does on VaultPilot MCP

AI agents use prepare_token_approve to create or update resources in VaultPilot MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your VaultPilot MCP environment.

ParameterTypeRequiredDescription
chain string
token string Yes ERC-20 contract address. Must be the actual token contract — wrappers and aTokens have their own approval surfaces and aren't supported here.
amount string Yes Decimal amount in token units, NOT raw wei/base units. Example: "10" for 10 USDC. Decimals resolved from the token contract. Pass "max" for the uint256-max unli
wallet string Yes EVM wallet that grants the allowance. Must be paired via `pair_ledger_live`.
spender string Yes Address that will be allowed to pull tokens via `transferFrom`. Typically a protocol contract (Aave V3 Pool, Uniswap SwapRouter, etc.) or any EOA. Use the read-
acknowledgeBurnApproval boolean Override flag for the BURN_ADDRESS_UNLIMITED_APPROVAL refusal. Required only when `amount` is `max` AND `spender` is a canonical no-key address (`0x0…0`, `0x0…d

Parameters from the server's own tool schema.

Why prepare_token_approve needs a policy

An AI agent can call prepare_token_approve faster than any human can review — one bad instruction and it creates or modifies resources in VaultPilot MCP by the hundred, each call as confident as the last.

Risk signalsHandles credentials or secrets (token)

Questions about prepare_token_approve

What does the prepare_token_approve tool do? +

Build an unsigned approve(spender, amount) transaction that raises (or sets) an ERC-20 allowance — the structured inverse of prepare_revoke_approval. amount is a decimal in token units (e.g. "10" for 10 USDC) or the literal "max" for unlimited. Refuses unlimited approvals to canonical no-key addresses (0x0…0, 0x0…dEaD, 0xdEaD…0, 0xff…ff) with BURN_ADDRESS_UNLIMITED_APPROVAL; override via acknowledgeBurnApproval: true only when the user explicitly asked for that exact spender + unlimited amount. Resolves a friendly spender label from the canonical CONTRACTS table so the description + Ledger preview reads as "Approve USDC for Aave V3 Pool, 1000 USDC" rather than a raw hex address. EVM-only. Prefer protocol-specific prepare_* (e.g. prepare_aave_supply) when the approval is bundled with a downstream action — those route through the shared buildApprovalTx helper which handles the USDT-style reset pattern in one step. Use this tool for one-off allowance-setting that doesn't fit a bundled prepare. It is categorised as a Write tool in the VaultPilot MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

What parameters does prepare_token_approve accept? +

prepare_token_approve accepts 6 parameters: chain, token, amount, wallet, spender, acknowledgeBurnApproval. Required: token, amount, wallet, spender. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on prepare_token_approve? +

Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_token_approve: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.

What risk level is prepare_token_approve? +

prepare_token_approve is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit prepare_token_approve? +

Yes. Add a rate_limit block to the prepare_token_approve rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block prepare_token_approve completely? +

Set action: deny in the PolicyLayer policy for prepare_token_approve. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides prepare_token_approve? +

prepare_token_approve is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.