Skip to content
AllowanceGuard
Back to Blog
CommunityApril 13, 2026 · 6 min read

Why We Open-Sourced Our Security Scanner

The story behind AllowanceGuard and the decision to build in the open.

open-sourceallowanceguardtransparencyagplcommunity

AllowanceGuard started with a spreadsheet.

In early 2024, after yet another approval-based exploit made headlines, we sat down and tried to catalogue every token approval across our own wallets. We had a dozen wallets across eight chains. Some had been active for years. The spreadsheet grew to hundreds of rows — and we still weren’t confident it was complete.

That was the moment we knew this needed to be a tool, not a spreadsheet. And we knew it needed to be open source.

The Problem We Set Out to Solve

Token approvals are the most common attack vector in DeFi, yet the tools available to manage them were either incomplete, hard to use, or limited to a single chain. Most users had no idea how many active approvals they had, let alone which ones were risky.

We wanted to build something that:

  • Scanned multiple chains in a single pass
  • Scored risk, not just listed approvals
  • Made revocation simple and safe
  • Never required custody or access to your private keys

Why Open Source?

A security tool that asks you to trust it with your wallet data has a credibility problem if its code is a black box. We believe in a simple principle: trust is earned through transparency.

Open-sourcing AllowanceGuard means:

  • You can verify what the code does. Every RPC call, every risk heuristic, every data transformation is visible on GitHub. We don’t ask you to take our word for it.
  • Security researchers can audit it. Open code gets more eyes. Vulnerabilities are found and fixed faster when anyone can inspect the codebase.
  • The community can contribute. Chain support, risk scoring improvements, UI enhancements — contributions from the community make the tool better for everyone.
  • The tool survives us. If AllowanceGuard the company disappeared tomorrow, the code would still be available. Anyone could fork it and keep it running. Your security shouldn’t depend on our business continuity.

Open Source Doesn’t Mean Unsustainable

We’re building AllowanceGuard as an open-core product. The core scanner — scan your wallet, see your approvals, revoke the risky ones — is free and open source. Always.

Premium features for power users and teams (continuous monitoring, automated rules, compliance exports, API access) are paid. This isn’t a contradiction. It’s how we fund the development of the free tool that everyone uses.

We chose the AGPL-3.0 license specifically because it protects the community. Anyone can use, modify, and redistribute the code. But if someone takes it, modifies it, and runs it as a competing web service, they must share their modifications. This prevents free-riding while keeping the ecosystem open.

What We’ve Built So Far

  • 27 EVM chains scanned in a single pass
  • Risk scoring that flags unlimited approvals, unverified contracts, and known threats
  • Batch revocation to clean up multiple approvals in one transaction
  • Non-custodial by design — we never touch your keys, never move your tokens
  • No account required for the free scanner — paste an address and go

What’s Next

We’re working on a native mobile app, a developer SDK for embedding security scanning in other dApps, and expanding chain coverage beyond EVM networks. If you want to be the first to know, join the waitlist.

And if you want to contribute, the repo is open. We welcome pull requests, bug reports, and security disclosures.

AllowanceGuard exists because Web3 security should be accessible to everyone — not just those who can read Solidity. Building it in the open is how we earn the trust to make that possible.

Take control of your approvals.

AllowanceGuard scans your wallet for risky token permissions and helps you revoke them — free, open source, non-custodial.

Join the waitlistRead the docs
Allowance Guard