Token Allowance an interesting function of Ethereum's ERC-20 and ERC-777 tokens, with which we can grant specific permissions to access and use funds to DApps and DEX so that they can carry out operations autonomously and safely.
UOne of the most interesting functions of ERC-20 tokens (and the token ERC-777) of Ethereum is the "Allowance" o "Access permissions to tokens" within a series of parameters described by the programming of a platform. This is a fairly common function in the world of tokens and is intended to allow automatic interaction of tokens. smart contracts with money that is arranged in a certain direction. With this it is achieved that DApps y DEX can make use of these resources and carry out certain operations autonomously with them.
Allowance or access permissions, allow a third party to have the right to carry out a transaction of a certain amount of our tokens, which are associated with our address. All this without giving the private key of your address.
But why give access to our money to a smart contract instead of maintaining control over it? Well, here we will clarify the usefulness of this type of functions, and most importantly, how this function can greatly facilitate our interaction with smart contracts.
Why were allowance functions created?
En Ethereum, a token are currencies that are nothing more than units of account within a smart contract stored in the blockchain. The Ethereum project, since its inception, has been widely used to create tokens of different types, due to its enormous flexibility for this task. Faced with this situation, the Ethereum developers decided to create a specification to create these tokens in a standardized way, we are talking about the ERC-20 standard token.
This standard defined the basic structure of the smart contract, the form and the functionalities of the tokens in Ethereum. One of those functions is the allowance function, which allows the holders of these tokens to grant specific use permissions to the Dapps, DEX and DeFi for tokens contained in a given address.
In this way, the balance in tokens that a person has in an address can be managed by the Dapp with our consent. Thus, for example, if we want to send tokens automatically using a Dapp, the allowance function allows us to configure these actions without the need to be actively pending performing the action.
This is where the ability for you to be able to give permission to other addresses to move your tokens was designed. An address can be a smart contract or simply an address controlled by a person or machine.
However allowance is usually given to smart contracts, who comply with written, immutable and transparent rules. Being able to trust its good behavior and that it cannot steal from us.
On the other hand, the allowance function allows us to define the fair and necessary amount that we want to make available to use for a smart contract. This is undoubtedly another security measure that allows us to control the way in which smart contracts carry out their different operations while we are interacting with them. And best of all, it allows us to do this in a decentralized way without trusted third parties having to intervene in this process.
ERC-20 tokens and the arrival of Allowance
The arrival of the "allowance" to the crypto world can be said came with the arrival of the ERC-20 of Ethereum. This standard has in its structure a series of standard functions that facilitate the work of developers for the creation of smart contracts and Dapps that allow a decentralized interaction between the user and the Ethereum network and its associated tokens.
To achieve this, ERC-20s, among other smart contracts, have a specific function known as “allowance” and which is defined in a general way as follows:
function allowance (address tokenOwner, address spender)
Basically what the function asks for is a series of user permissions. These permissions allow the smart contract to transfer from our address to an address defined by the smart contract a certain amount of its token (called allocation). This transfer is limited to only an amount specified and accepted by the Dapp user. In fact, this is a security measure that allows the cost that the smart contract may incur in each interaction and in its entirety to be controlled.
Allowance example
An example of this functionality can be the following:
A user wants to interact with the smart contract of for example, Compound to make an investment in one of the pools of this protocol. This interaction is controlled by Compound's smart contracts and at that point, Compound will ask the user for an access (allowance) to a certain amount of tokens under its power. By accepting said interaction, Compound will take the tokens, make the investment in the corresponding pool and from there it will return the blocked balance in said pool, along with other data of interest to the user.
At all times we can see that the "allowance" process is a request process and which requires the express permission of the user. Thus, for example, if a Dapp requests unsolicited access to a balance, you must reject that malicious access.
How much do you know, cryptonuta?
Can the allowance represent a security risk for our funds?FALSE!
The allowance function is intended to be a secure function and only provides limited access to the address and tokens it requires. Because this entire system is non-middleman and decentralized, you can be sure that it won't compromise your security. However, we recommend that you always pay attention to access requests and only accept those that you have explicitly requested.
Allowance on other smart contacts
Of course, the previous example applied to ERC-20s, also applies to other standardized or not smart contracts. A good example is the ERC-777 token that has this functionality planned to offer more advanced and compatible features than the popular ERC-20 tokens. But also, there are other smart contracts where this type of property does not exist. For example, there are different platforms that make use of smart contracts that make use of allowance to interact with the tokens of their users.
However, a little more elaborate cases can occur. For example in CryptoKitties allowance is used when acquiring the platform's digital kittens. This is because permission is needed to spend money to acquire and maintain them. But the "digital kittens" themselves do not have this property, since they are non-fungible or NFT tokens, under Ethereum's ERC-721 standard. Basically being non-expendable and unique, these kittens cannot be spent or accessed in multiple ways, so it lacks this feature.
As we can see, this function is quite useful as a means of segmenting access and security within smart contracts and decentralized applications (Dapp), which undoubtedly proves to be an effective solution to provide high security in environments of this type.