Title
Display approved token allowances and offer the functionality to change/revoke them directly from MetaMask.
Description
Web3 is all about transparency and truth. In order to benefit from these aspects, the wallet should provide all the information regarding the user’s assets, including approved token allowances.
This type of information should be easily understandable by the average, non-tech-savvy users in a correct, user-friendly way.
Purpose
ERC20, ERC721, ERC1155, and some other token types have token allowances.
An allowance gives a 3rd party the ability to request from the asset owner permission/allowance to manage some number of the predefined assets on the user’s behalf.
End-user can approve this allowance, revoke it or change it.
These functions are described in a number of ERC contracts (ERC20/721/1155…).
Currently, MetaMask users see their current portfolio, ERC20/721/1155 assets, but they don’t have a complete view of their crypto assets. They need to see what type of allowances they’ve approved.
Solution
As a MetaMask user,
I need an overview of the allowances I’ve approved.
I need to see the summary of each allowance :
- Date of the approval
- Approved Token
- Number of approved tokens
- Smart Contract that has an allowance
I should be able to change or completely revoke the allowance.
Implementation
This feature is feasible to implement.
MetaMask already displays the user’s activity list. We can easily provide a separate view of the allowances with detailed information.
In order to change/revoke the allowance, MetaMask needs the ABI code and address of the Smart Contract that has the allowance.
The address is included in the corresponding activity row.
The ABI code of the Smart Contract can be easily generated, the functions are standardized in the ERC interfaces.
Extension/Mobile/Portfolio Dapp
This feature will be usable in all of MetaMask’s products: web extension, mobile, and portfolio Dapp.
Bug
In the web extension MetaMask, when the user approves the allowance, there is an incorrect message under the Permission request section.
If Website-A prompts the user to change the allowance that was granted to Smart-Contract-B, MetaMask displays the following message :
Website-A may access and spend up to this max amount :
Approved: 1 ETH
Granted To: Smart-Contract-B
I think this message is not correct because Website-A is just calling the Token Smart Contract’s approve/setApproveForAll function. It cannot spend the selected amount. The address passed to the approve/setApproveForAll function can spend these assets.