Crypto
Toolin.io

How to Check ERC-20 Token Allowance

5 min readCrypto

Every time you use a DeFi protocol, you typically approve it to spend your tokens via an ERC-20 allowance. Many approvals are set to unlimited by default, creating a security risk if the approved contract is later compromised. This guide explains how allowances work, how to check them, and when to revoke them.

Quick Steps

  1. 1
    Learn about ERC-20 allowances

    Open the ERC-20 Allowance Checker on Toolin to understand how token approvals work.

  2. 2
    Review the approve/transferFrom pattern

    Understand that every DeFi interaction typically requires an approval transaction.

  3. 3
    Check your active approvals

    Use Revoke.cash or Etherscan to view all contracts authorized to spend your tokens.

  4. 4
    Identify risky allowances

    Flag unlimited approvals and approvals to contracts you no longer interact with.

  5. 5
    Revoke unnecessary approvals

    Send a zero-amount approval transaction to revoke permissions for each risky contract.

  6. 6
    Adopt safe approval habits

    Going forward, approve only the exact amount needed and review allowances regularly.

ERC-20 Allowance Checker

Learn about token approvals and understand allowance risks

Open Tool

What Is an ERC-20 Allowance?

An ERC-20 allowance is a permission recorded on the blockchain that lets a smart contract spend a specific amount of your tokens on your behalf. When you click 'Approve' in your wallet before a swap or deposit, you are setting this allowance. The approve function takes two parameters: the spender address (the contract) and the amount. If the amount is set to the maximum uint256 value, the approval is effectively unlimited.

Why Unlimited Approvals Are Risky

  • If the approved contract has a vulnerability, attackers can drain all your approved tokens, not just the amount you intended to use.
  • Malicious dApps can request unlimited approval and then steal tokens at any time.
  • Old approvals for contracts you no longer use remain active indefinitely unless revoked.
  • Phishing sites disguised as legitimate dApps can trick you into approving their malicious contract.
  • Even audited contracts can be upgraded to malicious versions if they use proxy patterns.

Checking Your Allowances

1
Open the ERC-20 Allowance Checker

Navigate to the ERC-20 Allowance Checker on Toolin to learn about token approval security concepts.

2
Understand the approval model

Review how the ERC-20 approve/transferFrom pattern works and why it creates security exposure.

3
Use a blockchain explorer or revocation tool

Tools like Revoke.cash or Etherscan's token approval checker let you view all active allowances for your wallet address.

4
Identify high-risk approvals

Look for unlimited approvals, approvals to contracts you no longer use, and approvals to unverified contracts.

5
Revoke unnecessary allowances

Set the allowance to zero for any contract you no longer need. This requires a small gas fee for each revocation transaction.

Best Practices for Token Approvals

  • Approve only the exact amount you need for each transaction when your wallet supports custom approval amounts.
  • Review and revoke old approvals regularly, especially after high-profile DeFi exploits.
  • Use hardware wallets and verify approval transactions on the device screen before confirming.
  • Be cautious with new or unaudited protocols that request token approvals.

How Revocation Works On-Chain

// Solidity: ERC-20 approve function
token.approve(spenderAddress, 0);

// Setting the allowance to 0 revokes permission.
// This is a standard transaction that costs gas.
// After revocation, the spender can no longer call
// transferFrom on your tokens.
Try ERC-20 Allowance Checker Now — Free, No Sign-up

Frequently Asked Questions

Does revoking an allowance cost gas?
Yes. Revoking an allowance requires an on-chain transaction that sets the approved amount to zero. Each revocation costs a small gas fee, similar to a simple token transfer.
How do I know if an approval is unlimited?
Blockchain explorers and revocation tools display the approved amount. If it shows a very large number (often displayed as 'Unlimited' or a number with dozens of digits), it is an unlimited approval.
Can a contract spend my tokens without an active allowance?
No. Without an active allowance, a contract cannot call transferFrom to move your tokens. However, native assets like ETH do not use the approval pattern and are sent directly in transactions.

100% Private & Secure

This tool runs entirely in your browser. Your files and data never leave your device.

Related How-To Guides

How to Calculate Crypto Profit

4 min read

How to Convert Crypto Units

3 min read

How to Estimate Crypto Transaction Fees

4 min read

How to Convert APY to APR

4 min read

How to Calculate Market Cap

4 min read

How to Calculate Impermanent Loss

5 min read

Related Tools

Crypto Profit Calculator

Calculate profit/loss from cryptocurrency trades

Crypto Unit Converter

Convert between Satoshi, Wei, Gwei, ETH, BTC and more

Transaction Fee Calculator

Estimate cryptocurrency transaction costs based on gas price

APY/APR Converter

Convert between APY and APR for DeFi yield calculations

Market Cap Calculator

Calculate cryptocurrency market capitalization from price and supply