Build an unsigned TRC-20 approve(spender, amount) tx — sets allowance so a third party can pull tokens via transferFrom. Primary use: authorize the LiFi Diamond on TRON (TU3ymitEKCWQFtASkEeHaPb8NfZcJtCHLt) before running prepare_tron_lifi_swap with a TRC-20 source token (LiFi's quote response ass...
AI agents use prepare_tron_trc20_approve to create or update resources in VaultPilot MCP — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your VaultPilot MCP environment.
| Parameter | Type | Required | Description |
|---|---|---|---|
from | string | Yes | Base58 TRON owner address — the wallet that holds the tokens. |
token | string | Yes | Base58 TRC-20 contract address. Any TRC-20 is accepted; non-canonical tokens require `decimals`. |
amount | string | Yes | Allowance amount as a human-readable decimal string. Pass exactly the amount you intend to swap, NOT "max" / unbounded — TRC-20 unbounded approvals are a known |
spender | string | Yes | Base58 TRON address authorized to pull tokens via transferFrom. Typical use: the LiFi Diamond on TRON (TU3ymitEKCWQFtASkEeHaPb8NfZcJtCHLt) for `prepare_tron_lif |
decimals | integer | — | Token decimals. OPTIONAL when `token` is in the canonical TRC-20 set (USDT/USDC=6, USDD/TUSD=18 — auto-resolved). REQUIRED for any other TRC-20 contract; we ref |
feeLimitTrx | string | — | Optional fee-limit override in TRX. Defaults to 100 TRX (TronLink/Ledger Live standard). |
Parameters from the server's own tool schema.
An AI agent can call prepare_tron_trc20_approve faster than any human can review — one bad instruction and it creates or modifies resources in VaultPilot MCP by the hundred, each call as confident as the last.
Risk signalsHandles credentials or secrets (token)
Attacks that exploit this kind of access
Build an unsigned TRC-20 approve(spender, amount) tx — sets allowance so a third party can pull tokens via transferFrom. Primary use: authorize the LiFi Diamond on TRON (TU3ymitEKCWQFtASkEeHaPb8NfZcJtCHLt) before running prepare_tron_lifi_swap with a TRC-20 source token (LiFi's quote response assumes the approve already exists; insufficient allowance reverts the swap on-chain). Accepts ANY TRC-20 contract — not just the canonical set. Decimals are auto-resolved for canonical USDT/USDC/USDD/TUSD; for any other TRC-20 you MUST pass decimals explicitly. We REFUSE to default decimals on approve because an off-by-power-of-ten allowance silently authorizes a 10^12-fold larger spend than intended, with no UX recovery on a Ledger blind-sign flow. amount is a human decimal string ("100" = 100 tokens at the resolved decimals). "max" / unbounded approvals are NOT supported — pass exactly the amount you intend to swap. Returns a preview + opaque handle for send_transaction. It is categorised as a Write tool in the VaultPilot MCP MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
prepare_tron_trc20_approve accepts 6 parameters: from, token, amount, spender, decimals, feeLimitTrx. Required: from, token, amount, spender. The full parameter table on this page comes from the server's own tool schema.
Register the VaultPilot MCP server in PolicyLayer and add a rule for prepare_tron_trc20_approve: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches VaultPilot MCP. Nothing to install.
prepare_tron_trc20_approve is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the prepare_tron_trc20_approve rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for prepare_tron_trc20_approve. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
prepare_tron_trc20_approve is provided by the VaultPilot MCP server (vaultpilot-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.