Frequently Asked Questions
Find immediate clarity below. If your question isn't answered, contact our team at legal.support@allowanceguard.com. We are here to help.
Understanding Allowances and Our Tool
What is a token allowance?
A token allowance is a permission you grant a smart contract to spend a specific amount of your tokens. This is necessary for using decentralized exchanges (DEXs) or other dApps but can become a security risk if left unchecked. When you approve a token allowance, you are essentially giving another contract the right to move those tokens from your wallet on your behalf. This permission persists until you explicitly revoke it, even if you no longer use the dApp that requested it.
What does Allowance Guard do?
Allowance Guard is a dashboard that scans the blockchain for all these allowances connected to your wallet. It presents them in a simple list, assesses each one for potential risk, and allows you to revoke any permission instantly with one click. Our platform reads public blockchain data to identify every token approval associated with your wallet address, analyzes each approval for security risks, and provides you with clear, actionable information to secure your assets.
Is Allowance Guard a wallet?
No. Allowance Guard is a non-custodial security tool. It is a window into your wallet's permissions, not a wallet itself. It never holds your funds or private keys. We are a read-only security dashboard that helps you understand and manage the permissions you have granted to various smart contracts. Your funds always remain in your own wallet, and you maintain complete control over all transactions.
Our Security Model and Your Privacy
Is it safe to connect my wallet?
Yes. Connecting your wallet via MetaMask or WalletConnect only grants the application permission to read your public address and view your token allowances. This is a read-only operation. We cannot access your private keys, sign transactions on your behalf, or move any funds. You will still sign every revocation transaction directly within your own wallet. The connection uses industry-standard protocols that are used by thousands of dApps, and we implement the same security practices as major DeFi platforms.
What data do you collect and store?
We store the minimal data required to provide our service. This includes your public wallet address and a cached copy of your allowance data to improve performance. We do not store private keys, seed phrases, or personal information. We collect anonymized usage data to improve the product. For full details, please read our Privacy Policy. All data is encrypted at rest using AES-256 encryption, and all communications are protected by TLS 1.3. We follow strict data retention policies and automatically purge cached data after defined periods.
How does your risk engine work?
Our risk engine uses a rule-based system fueled by real-time threat intelligence. It flags allowances based on several heuristics, including whether an allowance is set to 'unlimited,' if the spender contract is on a known malicious address list, if the allowance amount is anomalously high, or if the contract lacks verified source code. The system continuously updates its threat intelligence from multiple sources, including security researchers, blockchain analysis firms, and community reports. Risk scores are calculated using weighted algorithms that consider contract reputation, approval patterns, and historical exploit data.
Using the Dashboard
How much does it cost?
The core functionality of Allowance Guard is completely free to use. We believe basic Web3 security should be accessible to everyone. Our project is sustained through voluntary contributions from our community to fund development and infrastructure costs. We do not charge subscription fees, premium tiers, or hidden costs. The only costs you may encounter are the standard gas fees required for blockchain transactions when revoking allowances, which are paid directly to the network validators, not to us.
What does 'revoking' an allowance do?
Revoking an allowance sets the spending limit for that specific token and contract to zero. This completely removes the contract's ability to spend those tokens from your wallet. It is a permanent action executed on the blockchain via a transaction that you sign, requiring gas fees. Once revoked, the smart contract can no longer access those tokens unless you explicitly grant a new allowance. This is the most effective way to eliminate the security risk posed by unused or suspicious allowances.
Why do I have to pay gas to revoke?
Revoking an allowance is a transaction on the Ethereum blockchain. Gas fees are the payment required to miners/validators to process and confirm that transaction. Allowance Guard does not receive any portion of these fees; they are a fundamental part of using the Ethereum network. Gas fees vary based on network congestion and transaction complexity. We provide gas estimation tools to help you understand the costs before confirming the transaction, and we optimize our revocation contracts to minimize gas usage wherever possible.
Technical Details and Troubleshooting
Which wallets and chains do you support?
We currently support all Ethereum Virtual Machine (EVM) compatible wallets like MetaMask, Coinbase Wallet, and WalletConnect. Our initial focus is on the Ethereum mainnet, Arbitrum, and Base networks. Support for other chains like Polygon, Optimism, and Avalanche is on our development roadmap. We use standard wallet connection protocols, so any wallet that supports these protocols will work with our platform. We continuously expand our network support based on user demand and security considerations.
The transaction to revoke failed. What should I do?
Transaction failures are typically due to network congestion or insufficient gas. Ensure you have enough ETH in your wallet to cover the gas fees for the transaction. You can try again and adjust the gas fee settings in your wallet for a higher priority. If problems persist, please contact support with the transaction hash. We can help diagnose the specific cause of the failure and provide guidance on resolving it. Common issues include insufficient gas limits, network congestion, or temporary smart contract issues.
I found a bug or have a feature request. How can I contribute?
We welcome community input. Please report bugs or suggest features on our GitHub repository. For general feedback, you can email us at support@allowanceguard.com. Financial contributions to support our work can be made via our contributing page. We review all bug reports and feature requests, and we prioritize security-related issues and improvements that benefit the broader community. We also welcome code contributions from developers who want to help improve the platform.
Advanced Security Questions
How do you ensure the integrity of your smart contracts?
We use only standard, well-audited ERC-20 and ERC-721 functions for revocation operations, specifically the 'approve(spender, 0)' function and 'setApprovalForAll(spender, false)' function. These are the same functions used by all legitimate DeFi applications and have been extensively tested by the broader Ethereum community. We do not deploy custom smart contracts that could introduce additional attack vectors. All revocation operations are executed through these standard, battle-tested functions, ensuring maximum security and compatibility across all token standards.
What happens if your service goes down?
Allowance Guard is a read-only service that helps you identify and manage allowances, but your allowances exist independently on the blockchain regardless of our service status. If our service is temporarily unavailable, your allowances remain unchanged, and you can still revoke them directly through Etherscan or other blockchain explorers. We maintain high availability through redundant infrastructure and monitoring systems, but we recommend keeping our service as one tool in your security toolkit rather than your only option for managing allowances.
How do you handle false positives in risk assessment?
Our risk engine is designed to err on the side of caution, flagging potentially risky allowances for your review rather than missing actual threats. We provide detailed explanations for why each allowance was flagged, including specific risk factors and context. Users can review each flagged allowance and make informed decisions about whether to revoke it. We continuously refine our algorithms based on user feedback and new threat intelligence to reduce false positives while maintaining high detection rates for actual threats.
Has Allowance Guard been audited?
Yes, Allowance Guard has undergone comprehensive security reviews and audits. We completed an initial security assessment in September 2024, covering all security-critical components including our risk engine, data handling, and smart contract interactions. We use only standard, well-audited ERC-20 and ERC-721 functions for revocation operations, which have been extensively tested by the broader Ethereum community. We are actively working toward SOC 2 Type II compliance and plan to conduct third-party security audits in Q1 2025. Our security posture includes regular dependency vulnerability scanning, automated security testing in our CI/CD pipeline, and comprehensive audit logging for all operations.
How often is data updated?
Our data is updated in real-time from the blockchain. Allowance data is refreshed every time you scan your wallet, ensuring you always see the most current state of your token approvals. Our threat intelligence database is updated continuously throughout the day, incorporating new security research, community reports, and blockchain analysis. Risk scores are recalculated in real-time based on the latest threat intelligence. We maintain a 99.9% uptime target and use redundant infrastructure to ensure data freshness and availability. For optimal security, we recommend scanning your wallet regularly, especially after interacting with new DeFi protocols or when you notice unusual activity.
What about false positives?
We acknowledge that false positives can occur in any security system. Our approach is to provide maximum transparency about why allowances are flagged, giving you the information needed to make informed decisions. Each flagged allowance includes detailed explanations of the specific risk factors detected, such as unlimited approvals, unverified contracts, or high-risk patterns. We continuously improve our algorithms based on user feedback and community reports. If you believe an allowance was incorrectly flagged, you can report it through our feedback system, and our team will review and refine our detection rules. Our goal is to minimize false positives while maintaining high detection rates for actual threats.
What contracts are known malicious?
Our malicious contract database includes addresses identified through multiple sources: security researchers, blockchain analysis firms, community reports, and our own threat intelligence. We maintain a comprehensive blacklist of contracts involved in known exploits, phishing attacks, rug pulls, and other malicious activities. This database is continuously updated with new threats as they emerge. We also track contracts with suspicious patterns, such as those that have been involved in multiple security incidents or exhibit behavior consistent with malicious activity. However, we emphasize that our risk assessment is just one tool in your security toolkit - always conduct your own research and never rely solely on automated systems for security decisions.
Still Need Help?
Can't find the answer you're looking for? We're here to help with any questions about Allowance Guard, wallet security, or token allowances.