The Token Revoke MCP is a server designed to enhance the security of AI-driven applications interacting with ERC-20 tokens. It empowers users to check and revoke ERC-20 token allowances across numerous EVM-compatible blockchains. This server retrieves token approvals for a specified wallet, displaying token details, balances, and USD values at risk, providing critical insights for risk management.

Developers can use this MCP to submit transactions that revoke token allowances for specific spenders, mitigating potential exploits. The server also verifies the status of submitted transactions, ensuring transparency and control. Supporting over 50 chains, including Ethereum, Polygon, and BSC, the Token Revoke MCP integrates seamlessly using standard client-server architecture. By leveraging this server, developers can build more secure and trustworthy AI applications that interact with decentralized finance. It requires a Moralis API key and a private key for signing transactions.

Fetch Token Approvals

This feature allows users to retrieve a comprehensive list of ERC-20 token approvals associated with a specific wallet address on a given blockchain. It provides detailed information about each approval, including the token's address, symbol, balance, USD price, and the USD value at risk. Crucially, it identifies the spender address, the approved amount, the transaction hash of the approval, and the timestamp of the approval event. This functionality leverages the Moralis API to access and aggregate on-chain data across numerous EVM-compatible chains.

This feature is invaluable for AI models that need to assess and manage financial risks associated with user wallets. For example, an AI-powered portfolio management tool can use this data to alert users about potentially excessive or unauthorized token allowances, enabling them to take proactive security measures. A practical scenario involves a user connecting their wallet to a DeFi platform; the AI can then use this feature to continuously monitor and report on the allowances granted to the platform's smart contracts, flagging any suspicious or unusually high approvals.

Technically, this feature relies on querying the Moralis API for token approval events and then parsing the returned data to extract relevant information. The server then formats this information into a structured JSON response for the client.

Revoke Token Allowances

The "Revoke Allowances" feature enables users to directly revoke ERC-20 token allowances previously granted to specific spender contracts. This is achieved by submitting a transaction to the blockchain that sets the allowance for the specified token and spender back to zero. The feature requires the user's private key to sign the revocation transaction, ensuring that only the wallet owner can authorize the allowance removal. Upon submission, the feature provides the transaction hash, allowing the user to track the status of the revocation on the blockchain.

This functionality directly addresses the security concerns associated with unlimited token allowances, a common vulnerability in the DeFi space. An AI model can use this feature to automatically revoke allowances that exceed a predefined risk threshold or that are associated with known malicious contracts. For instance, if an AI detects that a user has granted an unlimited allowance to a newly deployed and unverified smart contract, it can prompt the user to revoke the allowance and then execute the revocation transaction on their behalf.

The implementation involves constructing and signing an Ethereum transaction that calls the approve function on the ERC-20 token contract with an allowance of zero. The server then broadcasts this transaction to the blockchain and returns the transaction hash to the client.

Check Transaction Status

This feature allows users to verify the status of a previously submitted transaction, specifically those initiated through the "Revoke Allowances" feature. By providing the transaction hash and the chain ID, the server queries the blockchain to determine whether the transaction is still pending, has been successfully executed, or has failed. If the transaction is successful or failed, the feature returns the block number in which the transaction was included.

This feature is crucial for providing users with real-time feedback on the outcome of their revocation requests. An AI model can use this feature to monitor the progress of revocation transactions and notify users upon completion, ensuring that the allowance has been successfully removed. For example, after a user revokes an allowance, the AI can continuously check the transaction status and send a confirmation message once the transaction is confirmed on the blockchain, providing a seamless and reassuring user experience.

The technical implementation involves using a blockchain provider (likely accessed through the Moralis API) to query the transaction receipt based on the transaction hash. The server then parses the receipt to determine the transaction status and returns the relevant information to the client.