UOne of the most interesting functions of ERC-20 tokens (and the token ERC-777) of Ethereum is the "Allowance" o "Access permissions to tokens" within a series of parameters described by the programming of a platform. This is a fairly common function in the world of tokens and is intended to allow automatic interaction of tokens. smart contracts with money that is arranged in a certain direction. With this it is achieved that DApps y DEX can make use of these resources and carry out certain operations autonomously with them.
Allowance or access permissions, allow a third party to have the right to carry out a transaction of a certain amount of our tokens, which are associated with our address. All this without giving the private key of your address.
But why give access to our money to a smart contract instead of maintaining control over it? Well, here we will clarify the usefulness of this type of functions, and most importantly, how this function can greatly facilitate our interaction with smart contracts.
Why were allowance functions created?
En Ethereum, a token are currencies that are nothing more than units of account within a smart contract stored in the blockchain. The Ethereum project, since its inception, has been widely used to create tokens of different types, due to its enormous flexibility for this task. Faced with this situation, the Ethereum developers decided to create a specification to create these tokens in a standardized way, we are talking about the ERC-20 standard token.
This standard defined the basic structure of the smart contract, the form and the functionalities of the tokens in Ethereum. One of those functions is the allowance function, which allows the holders of these tokens to grant specific use permissions to the Dapps, DEX and DeFi for tokens contained in a given address.
In this way, the balance in tokens that a person has in an address can be managed by the Dapp with our consent. Thus, for example, if we want to send tokens automatically using a Dapp, the allowance function allows us to configure these actions without the need to be actively pending performing the action.
This is where the ability for you to be able to give permission to other addresses to move your tokens was designed. An address can be a smart contract or simply an address controlled by a person or machine.
However allowance is usually given to smart contracts, who comply with written, immutable and transparent rules. Being able to trust its good behavior and that it cannot steal from us.
On the other hand, the allowance function allows us to define the fair and necessary amount that we want to make available to use for a smart contract. This is undoubtedly another security measure that allows us to control the way in which smart contracts carry out their different operations while we are interacting with them. And best of all, it allows us to do this in a decentralized way without trusted third parties having to intervene in this process.
ERC-20 tokens and the arrival of Allowance
The arrival of the "allowance" to the crypto world can be said came with the arrival of the ERC-20 of Ethereum. This standard has in its structure a series of standard functions that facilitate the work of developers for the creation of smart contracts and Dapps that allow a decentralized interaction between the user and the Ethereum network and its associated tokens.
To achieve this, ERC-20s, among other smart contracts, have a specific function known as “allowance” and which is defined in a general way as follows:
function allowance (address tokenOwner, address spender)
Basically what the function asks for is a series of user permissions. These permissions allow the smart contract to transfer from our address to an address defined by the smart contract a certain amount of its token (called allocation). This transfer is limited to only an amount specified and accepted by the Dapp user. In fact, this is a security measure that allows the cost that the smart contract may incur in each interaction and in its entirety to be controlled.
An example of this functionality can be the following:
A user wants to interact with the smart contract of for example, Compound to make an investment in one of the pools of this protocol. This interaction is controlled by Compound's smart contracts and at that point, Compound will ask the user for an access (allowance) to a certain amount of tokens under its power. By accepting said interaction, Compound will take the tokens, make the investment in the corresponding pool and from there it will return the blocked balance in said pool, along with other data of interest to the user.
At all times we can see that the "allowance" process is a request process and which requires the express permission of the user. Thus, for example, if a Dapp requests unsolicited access to a balance, you must reject that malicious access.