Web3 security has its own vocabulary. If you’ve ever read a security post and stumbled on terms like “spender,” “allowance,” or “ERC-4337,” this glossary is for you. Every term defined in plain language, alphabetically.
A
Account Abstraction (ERC-4337) — A standard that turns your wallet from a simple key pair into a programmable smart contract. Enables session keys, batched transactions, gas sponsorship, and social recovery.
Allowance — The amount of a specific token that a spender contract is permitted to move from your wallet. Set via the approve() function. Also called an “approval.”
Approval — The act of granting a smart contract permission to move your tokens. Creates an allowance. Persists until revoked.
B
Batch Revocation — Revoking multiple token approvals in a single transaction. Saves gas compared to revoking one at a time.
Bridge — A protocol that transfers tokens between different blockchain networks. Bridges hold large amounts of locked tokens, making them high-value targets.
C–D
CFG Scale — Not Web3 — this is an AI image generation parameter. If you’re here from the blog images discussion, wrong glossary.
Contract — A program deployed on a blockchain that executes automatically when called. Smart contracts hold the logic for DeFi protocols, token transfers, and approval management.
Custodial — A service that holds your private keys on your behalf (e.g., a centralised exchange). Opposite of non-custodial.
E–G
EIP-2612 — A standard that adds a permit() function to ERC-20 tokens, allowing approvals via off-chain signatures instead of on-chain transactions.
ERC-20 — The most common token standard on Ethereum and EVM chains. Defines functions including approve(), transferFrom(), and allowance().
EOA (Externally Owned Account) — A traditional wallet controlled by a private key. Not a smart contract. The default wallet type in MetaMask, Ledger, etc.
Gas — The fee paid to execute a transaction on a blockchain. Measured in the network’s native token (ETH, MATIC, etc.).
N–P
Non-Custodial — A service that never holds your private keys. You retain full control of your assets. AllowanceGuard is non-custodial by design.
Permit2 — A universal approval manager created by Uniswap Labs. You approve Permit2 once per token, then dApps request access via signed messages instead of on-chain transactions.
Private Key — The secret string that controls your wallet. Whoever has it can move all your assets. Never share it with anyone, including security tools.
R–S
Revoke — The act of setting an approval to zero, removing a spender’s permission to move your tokens. Costs a small gas fee. Reversible (you can re-approve later).
Risk Score — A numerical assessment of how dangerous a specific approval is. Factors include: amount (unlimited vs limited), spender verification, contract age, known exploit history, and token value at risk.
Seed Phrase — A 12–24 word recovery phrase that can regenerate your private key. Equivalent to your private key in terms of access. Never store digitally.
Session Key — A temporary, scoped permission granted by a smart account (ERC-4337). Expires automatically. Replaces blanket approvals in account-abstracted wallets.
Spender — The smart contract address that has been granted permission to move your tokens. Shown in approval dashboards as the entity your approval was granted to.
T–U
Token — A digital asset on a blockchain. ERC-20 (fungible), ERC-721 (NFT), and ERC-1155 (multi-token) are the most common standards.
transferFrom() — The ERC-20 function a spender calls to move tokens from your wallet. Only works if you’ve granted an approval for at least the requested amount.
Unlimited Approval — An approval set to the maximum possible amount (uint256.max). Means the spender can move your entire balance of that token, now and in the future. The most common and most dangerous approval type.