Skip to content
Control ERC20 token approvals
TypeScript HTML Other
Branch: development
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

Token Allowance Checker ("TAC")


Token Allowance Checker is running at

There is also an outdated screencast (no audio):

The unlimited approval problem

Many DApps have the habit of requiring you to approve effectively unlimited amount of tokens. This helps improving the user experience, as you only have to sign off an approval once and it will be enough for all future transactions.

However this also means that the DApp (or the person/entity controlling it) can at any time transfer all of your tokens, without requiring any further approval.

In addition, there is no concept of expiring approvals. Once approved, the approval will remain forever. If you do not trust a DApp or its operators anymore, there is usually no easy way to remove the approval.

Empowering the user

Token Allowance Checker scans the complete Ethereum transaction history for ERC20-Approvals made by the provided address. It collects all ERC20 token contracts and any spender addresses that have been approved by the user in the past.

This information is displayed to the user, together with the up-to-date allowance amount.

For all entries, the user can edit or delete the allowance.


Originally this project started as an entry to the Gitcoin "Sustain web3" hackathon, for bounty Since then it has evolved further, moving from a plain javascript react app to react-redux and typescript.

Funding and development support

If you want to support further development of TAC, please consider contributing to the gitcoin grant at

Technologies used

  • dfuse to search for allowances approved in the past.
  • Onboard.js for setting up web3 provider and accessing user wallet/accounts
  • Redux-Toolkit for efficient Redux development
  • typechain to generate typings for ERC20 contract ABI

Release workflow

  • PRs should go against development branch
  • To create a new release:
    • checkout development branch
    • issue npm run release - This will update the with all changes and create a new version tag
    • Create a PR against master
    • When the PR gets merged, travisCI will automatically deploy the latest release to gh-pages.
You can’t perform that action at this time.