The invisible attack surface, made visible.
Every time you use a dApp, you sign away permission. Most users sign once and forget. Attackers don’t. AllowanceGuard finds every approval your wallet has ever granted, scores its risk, and lets you revoke it — across 27 chains, from one dashboard, without ever giving up custody.
Token approvals are the largest unaddressed attack vector in Web3.
More than $3 billion in user funds have been drained through approval-based exploits since 2022. Phishing kits, malicious dApps, and compromised front-ends all exploit the same primitive: a forgotten approve() call sitting on-chain, granting unlimited permission to a contract the user no longer trusts.
The infrastructure to defend against this exists for institutions. It does not exist, in a usable form, for the people who actually hold the wallets. AllowanceGuard closes that gap.
A complete approval lifecycle, in one place.
Unified allowance dashboard.
Every approval your wallet has ever granted, indexed in real time across 27 chains. Spender, token, amount, age, and risk — surfaced in one view, ranked by what can hurt you most.
Live risk scoring.
Each approval is graded against current threat intelligence: unlimited amounts, unverified bytecode, addresses tied to known exploits, and behavioural anomalies all raise the score. The danger surfaces first.
Gas-efficient batch revocation.
Revoke a single approval in one click. Revoke twenty in one transaction. Our optimised batch contract bundles revocations to cut gas costs by up to 70%. Every transaction is constructed by us and signed by you.
Continuous monitoring & alerts.
Set it once and stop checking. AllowanceGuard rescans your wallets on a schedule and alerts you the moment a new high-risk approval appears — by email, Telegram, or webhook.
Tools no other approval manager offers.
Time Machine — simulate before you spend.
Toggle approvals on and off and watch your risk score recalculate in real time, before a single wei of gas leaves your wallet. Plan your cleanup, model the outcome, then execute with certainty.
Non-custodial by architecture, not promise.
A read-only address is all we ever take. We do not hold keys, seed phrases, or funds. We could not access your assets if a court ordered us to — the system is built so the option does not exist.
Open-core, AGPL-licensed.
The scanner is free, public, and auditable. Anyone can read the code, fork it, or self-host it. Premium services fund the core — but the core itself is a public good and will remain one.
Compliance-ready audit trail.
DAOs, funds, and on-chain treasuries get exportable PDF and CSV reports of every approval, revocation, and risk event — timestamped and signed. The same evidence chain auditors and regulators expect.
Protection that travels with you.
Real-time transaction screening.
The dashboard catches the past. The extension catches the present. Every approval request is intercepted and analysed before you sign — unlimited amounts, unverified contracts, and known-malicious addresses are flagged in plain English the instant the prompt appears.
Self-custody without self-defence is just exposure.
The promise of Web3 is sovereignty — that anyone, anywhere, can hold and move value without permission. That promise collapses the moment the only people equipped to defend a wallet are the people who can afford a security team.
AllowanceGuard exists to give every wallet the same standard of approval hygiene that an institutional desk takes for granted. Open-source, chain-agnostic, custody-respecting, and free where it counts.
See what your wallet
has already agreed to.
The scanner is live across 27 chains. Paste any wallet address to see every active approval — free, no install, no account.
Non-custodial · Open source · 27 chains