What about Token Allowances?
Have you ever heard about the Allowance function? What is about and why should you be careful?
Since the surge of DeFi (Decentralized Finance), many users have been wondering what token allowance is.
I have been one of the fisrt person worldwide to take an interest in the DeFi movement.
Some years ago I followed closely the development of MakerDao, which is undoubtedly the DeFi prototype.
This fisrt DeFi dApp was finally released in late 2017, and I immediately ended up trying to use it.
The “weird” thing I noticed was that in order to be able to open a CDP (collateralized debt position), first I had to approve a transaction to enable the smart contract to do something.
Have you ever interacted with a DeFi dApp? If yes, you definitely ended up approving a token allowance.
Maybe you didn’t even realize what you were doing — Yet this step is mandatory in order to allow the dApp to do something on your behalf.
Allowance function
Let’s take as an example one of the simplest and most well-known DeFi app: Uniswap.
Uniswap is a so-called AMM (Automated Market Maker) — It allows to easily trade ether and other tokens of the Ethereum blockchain.
For instance, if you have 50 DAI tokens and you want to swap them for BAT tokens, you can do it in a couple of clicks thanks to Uniswap.
You may have noticed that, before swapping a token, you must send another transaction which, in some way, “enables” that token to be exchanged.
We can take another example with the lending protocol Compound.
In order to be able to lend your token on Compound, you need to enable it first — Generally, from the GUI, you have to click on a button named “Enable” or “Allowance”, which may vary depending on the dApp.
To be clear, the approval of Allowances serves the purpose of allowing the smart contract (with which you want to interact) to transfer the tokens you hold in your wallet.
For example, if you are going to swap your DAI for BAT on Uniswap, you must first authorize Uniswap to take DAI tokens from your wallet in order to exchange them for BAT tokens.
In simpler terms, the Allowance is a permission (or a proxy) you give to the smart contract in order to allow it to spend - on your behalf - the token you want to use through its dApp.
Why are Allowances needed?
First of all you must know the difference between ether (ETH) and ERC20 tokens.
Ether is the native token of the blockchain — It’s inherently established in the Ethereum protocol.
You can call a function of a smart contract and, at the same time, send ether to the smart contract through the so-called “payable functions”.
Tokens, on the other hand, are smart contracts themselves.
For this reason it’s not possible to send directly tokens to a smart contract while one of its functions is being called.
ERC20 standard allows smart contracts to transfer tokens on behalf of users through the transferFrom ( ) function.
This is the reason why the user must approve Allowances first. That is to allow the dApp’s smart contract to transfer tokens on behalf of the user, obviously by interacting with the smart contract of the token.
That’s how the user can “deposit” tokens on the smart contract (for example on Compound in order to use the lending service) and, at the same time, the smart contract can update its status to reflect the deposit and “credit” the cToken (in the Compound example) to the user, which is the “receipt” that certifies the deposit on Compound.
To sum it up, if you want to lend tokens on Compound:
- first you must approve a transaction in order to allow the smart contract to transfer your tokens to Compound;
- later you will have to send another transaction that specifies how many tokens you want to deposit — The Compound smart contract will take from your wallet the amount you stated, using the transferFrom ( ) function.
Allowances can be harmful
Yes, the approval of Allowances can be dangerous.
If a smart contract spends the tokens arbitrarily, against the user will, It will no longer be possible to fix this.
Not every smart contract is legit. Some of them are created for bad purposes.
Some malicious smart contracts could be deployed by anonymous developers for the sole purpose of scamming users. Otherwise a smart contract can be legit, but may hide some vulnerabilities exploitable by attackers to steal funds from users.
It’s not just a theoretical hypothesis. It already happened!
For instance, a scam project called UniCats was launched to steal the UNI tokens that users had deposited to farm the MEOW token.
Hackers stole not only the tokens which were deposited on the smart contract, as you could naively believe, but also those that users thought they were keeping safe in their wallets.
This can happen because users often give unlimited permissions to a smart contract, not just the authorization to spend the specific amount needed at that time.
Often the so-called unlimited Allowances are approved by users. This is to avoid recurring double transactions when the user will want to use the dApp again.
Many dApps do not even allow the user to choose whether to approve an Allowance limited to a specific amount of funds.
To simplify the user experience, these dApps lead the user to approve unlimited Allowances, such that the smart contract will no longer need further permissions to perform actions with the user’s tokens.
Anyway, the user himself may decides to enable unlimited Allowances, just to avoid double transactions each time he will want to interact with the dApp (i.e., one to give the smart contract the spending permission and another to use a function of the dApp).
The problem, however, is that approving unlimited Allowances can be very dangerous.
Allowing a smart contract to spend your tokens without limits, means that this smart contract could at any time - even in the very distant future - use the tokens you hold in your wallet (i.e., that specific token/s for which you have approved the Allowance).
“But I always have to sign with my private key, don’t I? What if I use a hardware wallet?”
No, it doesn’t matter! Approving Allowances means authorizing the smart contract, in advance, to spend the tokens, without needing the private key to do that.
Of course, a legit smart contract (such as Uniswap, Maker, Aave and all the most popular dApps), not developed with scam purposes in mind, would not provide in its code the opportunity of arbitrarily spending user’s tokens.
However, the problem arises when you approve Allowances for little-known smart contracts, perhaps not subject to audit and peer review of the code.
You could naively think of putting at risk only the small amount of tokens that you transfer to the unreliable smart contract.
Actually, the smart contract could also spend all the other tokens you hold, if there was a way to do that based on what is provided for in its code.
There could also be the case of a notoriously legit smart contract that hides (unwanted) vulnerabilities. These could be exploited by an attacker to spend the tokens of wallets that have approved unlimited Allowances.
Take care of Allowances
The wisest way to manage your tokens with smart contracts is to not approve unlimited Allowances.
If you interact with a smart contract that you do not trust very much, or with a very popular and reliable dApp that you are not going to use frequently in a short period of time, the best thing to do is to approve only Allowances limited to the amount of tokens you need to use in that moment.
This approval-spending pattern will obviously be more cumbersome.
Each time you will have to send two transactions at least. But on the other hand it will make your tokens safer, since the smart contract will not be able to spend beyond the limit threshold that you have set.
Now users are more aware about the Allowance issue than they were one or two years ago. That’s why now some dApps offer the possibility to approve only the amount to spend in that action.
Unfortunately, most dApps still do not allow you to approve Allowances limited to a specific amount.
However, even in these cases, more skillful users can limit the Allowance - during the approval phase by clicking on “Edit Permission” - through MetaMask’s interface.
It’s also a good practice the periodic check of all the Allowances approved for smart contracts, to edit them according to the specific needs of the case. Allowances can also be totally revoked for smart contracts that you think you will no longer need to use.
You can totally revoke an Allowance by interacting directly with the smart contract.
You need to call “approve (address spender, uint256 amount)” on the token’s smart contract: “spender” is the address of the smart contract for which you want to revoke access and “amount” must be 0.
However, it may happen that you do not remember which smart contracts you have approved Allowances for. Furthermore, to handle this, you would prefer a more comfortable solution from a graphical interface.
There are tools that help you identify the smart contracts for which you have approved Allowances, in order to manage them in a few clicks.
The one I have been using for a while is Token Allowance Checker. Anyway there are others — Just Google it.
Another dApp that I like so much for checking and managing Alowances is DeBank. This gives you a whole overview of your portfolio, also allowing you to verify and decline approvals.
By connecting with your wallet, this app automatically scans the blockchain to find smart contracts for which you have approved spending permissions.
Through its clear graphical interface, you can change the Allowances at your will — You can set them to 0, which is equivalent to a total revocation of the spending authorization, or to a value for which you feel safe.
Each change is a new interaction (therefore a transaction ) with the smart contract of the token for which you want to edit/revoke the Allowances.
It’s a good practice to periodically carry out the analysis of permissions given to smart contracts.
Obviously, changing Allowances costs gas. But it can only benefit your wealth if you realize that you have given spending permissions to unreliable smart contracts.
Wrap-up
After reading this article, don’t believe that all Allowances pose a threat.
There are a lot of dApps which are “battle tested”, such as Uniswap, Maker, Compund, Aave etc.
Anyway we are dealing with the world of decentralization, so we cannot blindly place our trust in projects that are not yet tested or have not been properly audited.
There is no customer service to call in the event of money loss!
That’s why we must take as a best practice the careful analysis of spending permissions given to smart contracts, revoking Allowances for smart contracts that we no longer want to use or that we no longer trust.
The crypto space is like a jungle, there are many inconveniences that could occur. Anyway we are wise users, so we must be prepared to prevent any unpleasant surprise.