APPROVED_SPENDERS Policy: Control Which Contracts Your AI Agent Can Approve

2026-05-16

The biggest fear in AI agent development isn't that your bot will make bad trades—it's that it will drain your entire wallet by approving unlimited token access to malicious contracts. The APPROVED_SPENDERS policy in WAIaaS gives you surgical control over which contracts your AI agent can approve, preventing the classic "infinite approval" attack that has cost users millions.

Why Token Approvals Are the Biggest Security Risk

When your AI agent interacts with DeFi protocols, it needs to approve contracts to spend your tokens. Most wallets default to unlimited approvals for convenience—your agent approves a DEX to spend "infinite" USDC, then that approval stays forever. If the DEX gets hacked, exploited, or turns malicious, they can drain all your USDC instantly.

Traditional wallets make this worse by hiding approval amounts in tiny text or defaulting to maximum values. Your AI agent, operating autonomously, has no intuition about "this approval seems too high." It just follows its programming and approves whatever the protocol requests.

Default-Deny: Block Unlimited Approvals by Default

WAIaaS implements default-deny for token approvals through the APPROVED_SPENDERS policy. Without this policy configured, your AI agent cannot approve any contract to spend your tokens—transactions are blocked with POLICY_DENIED.

When you do configure APPROVED_SPENDERS, you specify exactly which contracts can receive approvals and set maximum amounts:

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "APPROVED_SPENDERS",
    "rules": {
      "spenders": [
        {
          "address": "0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45",
          "name": "Uniswap Universal Router",
          "maxAmount": "1000000000"
        },
        {
          "address": "0xDEF1C0DED9bec7F1a1670819833240f027b25EfF",
          "name": "0x Protocol",
          "maxAmount": "500000000"
        }
      ]
    }
  }'

This policy means your AI agent can only approve these two specific contracts, and only up to the specified amounts (in token base units). Any attempt to approve other contracts or exceed these limits gets blocked.

Layered Security: Approval Amount + Spending Tier

APPROVED_SPENDERS works alongside other WAIaaS policies for defense in depth. Even if a spender is whitelisted, large approvals can still trigger higher security tiers:

# First, create the APPROVED_SPENDERS whitelist
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "APPROVED_SPENDERS",
    "rules": {
      "spenders": [
        {
          "address": "0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45",
          "name": "Uniswap Universal Router",
          "maxAmount": "10000000000"
        }
      ]
    }
  }'

# Then, set approval-specific spending limits
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: my-secret-password" \
  -d '{
    "walletId": "<wallet-uuid>",
    "type": "APPROVE_AMOUNT_LIMIT",
    "rules": {
      "instant_max_usd": 50,
      "notify_max_usd": 200,
      "delay_max_usd": 1000,
      "delay_seconds": 300,
      "block_unlimited": true
    }
  }'

Now your AI agent can approve Uniswap, but:

Approvals ≤ $50 USD: Execute instantly
$50-200: Execute with notification
$200-1000: 5-minute delay (cancellable by you)
>$1000: Requires your explicit approval
Unlimited approvals: Blocked entirely

Human-in-the-Loop for High-Risk Approvals

For approvals that exceed your comfort zone, WAIaaS queues them for human approval. You get notified via your preferred channel and can approve or reject:

# Your AI agent tries to approve $2000 worth of tokens
# WAIaaS blocks it and sends you a notification:
{
  "status": "PENDING_APPROVAL",
  "reason": "APPROVE_AMOUNT_LIMIT policy requires approval for $2000 > $1000 limit",
  "action": "Approve Uniswap Universal Router to spend 2000 USDC",
  "approve_url": "https://walletconnect.app/...",
  "expires_at": "2026-05-15T10:30:00Z"
}

You can approve via WalletConnect, sign a message, or use the Admin Web UI. If you don't respond within the timeout, the approval is automatically rejected.

Contract Reputation and Verification

APPROVED_SPENDERS integrates with WAIaaS's ERC-8004 Trustless Agents system for onchain contract reputation. You can set minimum reputation thresholds:

{
  "spenders": [
    {
      "address": "0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45",
      "name": "Uniswap Universal Router",
      "maxAmount": "1000000000",
      "min_reputation": 850,
      "require_verification": true
    }
  ]
}

This blocks approvals to contracts below reputation threshold 850 or without verified source code, even if they're on your whitelist.

Monitoring and Kill Switch

All approval transactions flow through WAIaaS's 7-stage pipeline with full audit logging:

# Check recent approvals
curl http://127.0.0.1:3100/v1/transactions \
  -H "Authorization: Bearer wai_sess_<token>" \
  -G -d "type=APPROVE&limit=10"

# Emergency: revoke all active approvals
curl -X POST http://127.0.0.1:3100/v1/emergency/revoke-all-approvals \
  -H "X-Owner-Signature: <signature>" \
  -H "X-Owner-Message: <signed-message>"

The kill switch immediately sends zero-amount approval transactions to revoke all active approvals, effectively cutting off malicious contracts from your funds.

Quick Start: Lock Down Your Agent's Approvals

Here's how to implement approval security for your AI trading agent in under 5 minutes:

1. Start WAIaaS with Docker

git clone https://github.com/minhoyoo-iotrust/WAIaaS.git
cd WAIaaS
docker compose up -d

2. Create wallet and session

npm install -g @waiaas/cli
waiaas quickset --mode mainnet  # Creates wallet + session

3. Configure APPROVED_SPENDERS policy

# Replace <wallet-id> with your wallet UUID from step 2
curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(cat ~/.waiaas/recovery.key)" \
  -d '{
    "walletId": "<wallet-id>",
    "type": "APPROVED_SPENDERS",
    "rules": {
      "spenders": [
        {
          "address": "0x68b3465833fb72A70ecDF485E0e4C7bD8665Fc45",
          "name": "Uniswap Universal Router",
          "maxAmount": "1000000000"
        }
      ]
    }
  }'

4. Add approval limits

curl -X POST http://127.0.0.1:3100/v1/policies \
  -H "Content-Type: application/json" \
  -H "X-Master-Password: $(cat ~/.waiaas/recovery.key)" \
  -d '{
    "walletId": "<wallet-id>",
    "type": "APPROVE_AMOUNT_LIMIT", 
    "rules": {
      "instant_max_usd": 100,
      "notify_max_usd": 500,
      "delay_max_usd": 2000,
      "delay_seconds": 300,
      "block_unlimited": true
    }
  }'

5. Test with your agent

# Your agent tries to approve a non-whitelisted contract
# Result: Transaction blocked with POLICY_DENIED

# Your agent tries to approve Uniswap for $50
# Result: Executes instantly

# Your agent tries to approve Uniswap for $1500  
# Result: 5-minute delay, you can cancel if suspicious

Now your AI agent can only approve contracts you've explicitly whitelisted, with amount limits and human oversight for large approvals. No more infinite approval attacks.

Related posts that dive deeper into WAIaaS security:

Policy Engine: 21 Ways to Control Your AI Agent's Spending 3-Layer Security: How WAIaaS Prevents AI Agents from Draining Your Wallet

What's Next

The APPROVED_SPENDERS policy gives you surgical control over token approvals, but it's just one of 21 policy types in WAIaaS. Combine it with CONTRACT_WHITELIST, ALLOWED_TOKENS, and SPENDING_LIMIT for comprehensive protection. Ready to build AI agents with enterprise-grade security? Check out the full source code at GitHub or visit waiaas.ai to get started.