The invisible attack surface, made visible.
Every time you use a dApp, you sign away permission. Most users sign once and forget. Attackers don’t.
AllowanceGuard finds every approval your wallet has ever granted, scores its risk against live threat intelligence, and lets you revoke it — across 27 chains, from one dashboard, without ever giving up custody.
Token approvals are the largest unaddressed attack vector in Web3.
More than $2 billion in user funds have been drained through approval-based exploits since 2022. Phishing kits, malicious dApps, and compromised front-ends all exploit the same primitive: a forgotten approve() call sitting on-chain, granting unlimited permission to a contract the user no longer trusts — or never understood in the first place.
The infrastructure to defend against this exists for institutions. It does not exist, in a usable form, for the people who actually hold the wallets. AllowanceGuard closes that gap.
A complete approval lifecycle, in one place.
Unified Allowance Dashboard
Every approval your wallet has ever granted, indexed in real time across 27 chains. Spender, token, amount, age, and risk — surfaced in one view, ranked by what can hurt you most. No more crawling block explorers to remember what you signed six months ago at 2am.
Live Risk Scoring
Each approval is graded against current threat intelligence: unlimited approvals, unverified bytecode, addresses tied to known exploits, and behavioural anomalies all raise the score. The danger surfaces first. You don’t have to be a security researcher to act like one.
Gas-Efficient Batch Revocation
Revoke a single approval in one click. Revoke twenty in one transaction. Our optimised batch contract bundles revocations to cut gas costs by up to 70%. Every transaction is constructed by us and signed by you — your keys, your wallet, your move.
Continuous Monitoring & Alerts
Set it once and stop checking. AllowanceGuard rescans your wallets on a schedule and alerts you the moment a new high-risk approval appears — by email, Telegram, or webhook. Treasuries, DAOs, and individuals get the same early warning the institutions get.
Tools no other approval manager offers.
Time Machine — Simulate Before You Spend
Toggle approvals on and off and watch your risk score recalculate in real time, before a single wei of gas leaves your wallet. Plan your cleanup, model the outcome, then execute with certainty. No competitor offers this.
Non-Custodial by Architecture, Not Promise
A read-only address is all we ever take. We do not hold keys. We do not hold seed phrases. We do not hold funds. We could not access your assets if a court ordered us to — the system is built so the option does not exist. Trust by design, not by terms of service.
Open-Core, AGPL-Licensed
The scanner that protects users is free, public, and auditable. Anyone can read the code, fork it, or self-host it. Premium services fund the core — but the core itself is a public good and will remain one. Security infrastructure that depends on closed black boxes is not security at all.
Compliance-Ready Audit Trail
DAOs, funds, and on-chain treasuries get exportable PDF and CSV reports of every approval, revocation, and risk event — timestamped and signed. The same evidence chain auditors and regulators expect from traditional finance, ported to a chain-native workflow.
Protection that travels with you.
Real-Time Transaction Screening
The dashboard catches the past. The extension catches the present. Every approval request is intercepted and analysed before you sign — unlimited amounts, unverified contracts, and known-malicious addresses are flagged in plain English the instant the prompt appears. The warning arrives before the mistake.
Self-custody without self-defence is just exposure.
The promise of Web3 is sovereignty — that anyone, anywhere, can hold and move value without permission. That promise collapses the moment the only people equipped to defend a wallet are the people who can afford a security team.
AllowanceGuard exists to give every wallet — a first-time user in Lagos, a DAO treasury in Berlin, a memecoin trader in Manila — the same standard of approval hygiene that an institutional desk takes for granted. Not as charity. As infrastructure.
We are building the public layer of Web3 wallet defence: open-source, chain-agnostic, custody-respecting, and free where it counts. Funding this work funds the only credible answer to a billion-dollar problem the industry has spent four years pretending it can solve with disclaimers.
See what your wallet has already agreed to.
Connect a wallet or paste an address. The first scan takes under a minute. The peace of mind lasts considerably longer.