diff --git a/packages/connector-ui/public/skills/SKILL.md b/packages/connector-ui/public/skills/SKILL.md
index 1d373b2..e8feeb8 100644
--- a/packages/connector-ui/public/skills/SKILL.md
+++ b/packages/connector-ui/public/skills/SKILL.md
@@ -20,15 +20,15 @@ description: "Complete Polygon agent toolkit for on-chain operations on Polygon.
 
 ## Environment Variables
 
-### Access key — auto-loaded, no export needed
+### Access key — one key, many names
 
-After `setup` runs, the access key is stored in `~/.polygon-agent/builder.json`. The CLI bootstraps it into `SEQUENCE_PROJECT_ACCESS_KEY` and `SEQUENCE_INDEXER_ACCESS_KEY` automatically on every invocation. Trails commands additionally fall back through `session.projectAccessKey` → `SEQUENCE_PROJECT_ACCESS_KEY`, so `TRAILS_API_KEY` also does not need to be exported manually.
+`SEQUENCE_PROJECT_ACCESS_KEY`, `SEQUENCE_INDEXER_ACCESS_KEY`, and `TRAILS_API_KEY` are **all the same key** — the Sequence project access key created during `setup`. The CLI treats them as aliases and falls back through all of them automatically.
 
-**In a fresh agent session with no environment variables set**, simply run commands — the CLI reads credentials from disk. No `export` step is required between phases.
+After `setup` runs the key is stored in `~/.polygon-agent/builder.json`. Every CLI invocation bootstraps it into the environment — no `export` is needed. In a fresh agent session with no environment variables set, simply run commands and the CLI reads credentials from disk.
 
 Only set these manually to override the stored value (e.g. to point at a different project):
 ```bash
-export SEQUENCE_PROJECT_ACCESS_KEY=<override-key>
+export SEQUENCE_PROJECT_ACCESS_KEY=<key>  # also covers TRAILS_API_KEY and indexer calls
 ```
 
 ### Optional overrides
@@ -203,9 +203,7 @@ For specific workflows, fetch and load the relevant sub-skill:
 | `Timed out waiting for wallet approval` | Add `--timeout 600` |
 | `Invalid code: hash mismatch` | Wrong 6-digit code entered — retry (3 attempts allowed) |
 | `Relay request not found` | Session expired or already used — re-run `wallet create` (or `wallet create --print-url`) |
-| Deposit session rejected | Re-create wallet with `--contract <depositAddress>` |
-| `withdraw` / broadcast: wrong chain or session rejects | Use `wallet create --chain <same as --chain>` and `--contract` for pool/vault + underlying ERC-20 on that chain; omit tight `--usdc-limit` if it blocks fee transfers |
-| `Stored explicit session is missing pk` | Re-link: `wallet import --code …` after `wallet create` |
+| Deposit session rejected | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required: token approve + pool call) |
 | Wrong recipient in Trails widget | Run `polygon-agent fund` (do not construct the URL manually) |
 | `x402-pay`: no 402 response | Endpoint doesn't require x402 payment, or URL is wrong |
 | `x402-pay`: payment token mismatch | Chain/token in the 402 response differs from wallet — check `--wallet` points to the right chain |
diff --git a/packages/connector-ui/public/skills/polygon-defi/SKILL.md b/packages/connector-ui/public/skills/polygon-defi/SKILL.md
index b2edf43..3d9dc9f 100644
--- a/packages/connector-ui/public/skills/polygon-defi/SKILL.md
+++ b/packages/connector-ui/public/skills/polygon-defi/SKILL.md
@@ -153,27 +153,25 @@ Whitelist the **pool** (Aave) or **vault** contract on the session if the wallet
 
 ### Session Whitelisting
 
-If the deposit is rejected with a session permission error, the pool's contract address needs to be whitelisted when creating the wallet session:
+A deposit sends **two transactions**: an ERC-20 `approve()` on the token contract, then the pool deposit call. Both contracts must be whitelisted in the session. If the deposit is rejected with a session permission error:
 
 ```bash
-# 1. Dry-run first to get the depositAddress
+# 1. Dry-run first — output includes both addresses under `transactions[0].to` (token) and `depositAddress` (pool)
 polygon-agent deposit --asset USDC --amount 0.3
-# → note the depositAddress in output
+# → note the token contract address (e.g. USDC: 0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359)
+# → note the depositAddress (e.g. Aave V3: 0x794a61358d6845594f94dc1db02a252b5b4814ad)
 
-# 2. Re-create wallet session with that contract whitelisted
-polygon-agent wallet create --contract <depositAddress>
+# 2. Re-create wallet session with BOTH contracts whitelisted
+polygon-agent wallet create --contract <tokenAddress> --contract <depositAddress>
 
 # 3. Retry
 polygon-agent deposit --asset USDC --amount 0.3 --broadcast
 ```
 
-When creating a wallet specifically for yield, add `--contract` flags for all intended vaults upfront and omit `--usdc-limit`:
-
-```bash
-polygon-agent wallet create \
-  --contract 0x794a61358d6845594f94dc1db02a252b5b4814ad \
-  --contract 0x781fb7f6d845e3be129289833b04d43aa8558c42
-```
+Common token contracts on Polygon mainnet (already auto-whitelisted in sessions created by the CLI):
+- USDC: `0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359`
+- USDT: `0xc2132D05D31c914a87C6611C10748AEb04B58e8F`
+- WETH: `0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619`
 
 ### Yield Vault Contract Whitelist
 
@@ -225,7 +223,7 @@ polygon-agent swap --from USDC --to USDC --amount 0.5 --to-chain arbitrum --broa
 
 | Error | Cause | Fix |
 |-------|-------|-----|
-| `Deposit session rejected` | Pool contract not whitelisted in session | Re-create wallet with `--contract <depositAddress>` |
+| `Deposit session rejected` | Pool or token contract not whitelisted | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required) |
 | `Protocol X not yet supported` | Trails returned a protocol other than aave/morpho | Use `polygon-agent swap` to obtain the yield-bearing token manually |
 | `Fee option errors` | Wallet has insufficient balance | Run `polygon-agent balances` and fund the wallet |
 | `swap`: no route found | Insufficient liquidity for the pair | Try a different amount or token pair |
diff --git a/packages/polygon-agent-cli/skills/SKILL.md b/packages/polygon-agent-cli/skills/SKILL.md
index 1d373b2..9617e24 100644
--- a/packages/polygon-agent-cli/skills/SKILL.md
+++ b/packages/polygon-agent-cli/skills/SKILL.md
@@ -20,15 +20,15 @@ description: "Complete Polygon agent toolkit for on-chain operations on Polygon.
 
 ## Environment Variables
 
-### Access key — auto-loaded, no export needed
+### Access key — one key, many names
 
-After `setup` runs, the access key is stored in `~/.polygon-agent/builder.json`. The CLI bootstraps it into `SEQUENCE_PROJECT_ACCESS_KEY` and `SEQUENCE_INDEXER_ACCESS_KEY` automatically on every invocation. Trails commands additionally fall back through `session.projectAccessKey` → `SEQUENCE_PROJECT_ACCESS_KEY`, so `TRAILS_API_KEY` also does not need to be exported manually.
+`SEQUENCE_PROJECT_ACCESS_KEY`, `SEQUENCE_INDEXER_ACCESS_KEY`, and `TRAILS_API_KEY` are **all the same key** — the Sequence project access key created during `setup`. The CLI treats them as aliases and falls back through all of them automatically.
 
-**In a fresh agent session with no environment variables set**, simply run commands — the CLI reads credentials from disk. No `export` step is required between phases.
+After `setup` runs the key is stored in `~/.polygon-agent/builder.json`. Every CLI invocation bootstraps it into the environment — no `export` is needed. In a fresh agent session with no environment variables set, simply run commands and the CLI reads credentials from disk.
 
 Only set these manually to override the stored value (e.g. to point at a different project):
 ```bash
-export SEQUENCE_PROJECT_ACCESS_KEY=<override-key>
+export SEQUENCE_PROJECT_ACCESS_KEY=<key>  # also covers TRAILS_API_KEY and indexer calls
 ```
 
 ### Optional overrides
@@ -131,7 +131,7 @@ polygon-agent agent feedback --agent-id <id> --value <score> [--tag1 <t>] [--tag
 - **`balances --chains`** — comma-separated chains (max 20); two or more return JSON with `multiChain: true` and a `chains` array (same wallet address on each)
 - **Fee preference** — auto-selects USDC over native POL when both available
 - **`fund`** — reads `walletAddress` from the wallet session and sets it as `toAddress` in the Trails widget URL. Always run `polygon-agent fund` to get the correct URL — never construct it manually or hardcode any address.
-- **`deposit`** — picks highest-TVL pool via Trails `getEarnPools`. If session rejects (contract not whitelisted), re-create wallet with `--contract <depositAddress>`
+- **`deposit`** — picks highest-TVL pool via Trails `getEarnPools`. Sends two txs: ERC-20 `approve()` on the token contract, then the pool deposit. If session rejects, re-create wallet with both `--contract <tokenAddress> --contract <depositAddress>` (the dry-run output shows both addresses).
 - **`withdraw`** — `--position` = aToken or ERC-4626 vault; `--amount` = `max` or underlying units (Aave / vault). Dry-run JSON includes `poolAddress` / `vault`. Broadcast needs session on the **same chain** as `--chain`, with pool/vault + underlying token whitelisted where the relayer touches them
 - **`x402-pay`** — probes endpoint for 402, smart wallet funds builder EOA with exact token amount, EOA signs EIP-3009 payment. Chain auto-detected from 402 response
 - **`send-native --direct`** — bypasses ValueForwarder contract for direct EOA transfer
@@ -203,7 +203,7 @@ For specific workflows, fetch and load the relevant sub-skill:
 | `Timed out waiting for wallet approval` | Add `--timeout 600` |
 | `Invalid code: hash mismatch` | Wrong 6-digit code entered — retry (3 attempts allowed) |
 | `Relay request not found` | Session expired or already used — re-run `wallet create` (or `wallet create --print-url`) |
-| Deposit session rejected | Re-create wallet with `--contract <depositAddress>` |
+| Deposit session rejected | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required: token approve + pool call) |
 | `withdraw` / broadcast: wrong chain or session rejects | Use `wallet create --chain <same as --chain>` and `--contract` for pool/vault + underlying ERC-20 on that chain; omit tight `--usdc-limit` if it blocks fee transfers |
 | `Stored explicit session is missing pk` | Re-link: `wallet import --code …` after `wallet create` |
 | Wrong recipient in Trails widget | Run `polygon-agent fund` (do not construct the URL manually) |
diff --git a/packages/polygon-agent-cli/skills/polygon-defi/SKILL.md b/packages/polygon-agent-cli/skills/polygon-defi/SKILL.md
index 2ab310c..cdd61fe 100644
--- a/packages/polygon-agent-cli/skills/polygon-defi/SKILL.md
+++ b/packages/polygon-agent-cli/skills/polygon-defi/SKILL.md
@@ -134,27 +134,25 @@ Vault/pool addresses are resolved dynamically from Trails — they are not hardc
 
 ### Session Whitelisting
 
-If the deposit is rejected with a session permission error, the pool's contract address needs to be whitelisted when creating the wallet session:
+A deposit sends **two transactions**: an ERC-20 `approve()` on the token contract, then the pool deposit call. Both contracts must be whitelisted in the session. If the deposit is rejected with a session permission error:
 
 ```bash
-# 1. Dry-run first to get the depositAddress
+# 1. Dry-run first — output includes both addresses under `transactions[0].to` (token) and `depositAddress` (pool)
 polygon-agent deposit --asset USDC --amount 0.3
-# → note the depositAddress in output
+# → note the token contract address (e.g. USDC: 0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359)
+# → note the depositAddress (e.g. Aave V3: 0x794a61358d6845594f94dc1db02a252b5b4814ad)
 
-# 2. Re-create wallet session with that contract whitelisted
-polygon-agent wallet create --contract <depositAddress>
+# 2. Re-create wallet session with BOTH contracts whitelisted
+polygon-agent wallet create --contract <tokenAddress> --contract <depositAddress>
 
 # 3. Retry
 polygon-agent deposit --asset USDC --amount 0.3 --broadcast
 ```
 
-When creating a wallet specifically for yield, add `--contract` flags for all intended vaults upfront and omit `--usdc-limit`:
-
-```bash
-polygon-agent wallet create \
-  --contract 0x794a61358d6845594f94dc1db02a252b5b4814ad \
-  --contract 0x781fb7f6d845e3be129289833b04d43aa8558c42
-```
+Common token contracts on Polygon mainnet (already auto-whitelisted in sessions created by the CLI):
+- USDC: `0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359`
+- USDT: `0xc2132D05D31c914a87C6611C10748AEb04B58e8F`
+- WETH: `0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619`
 
 ### Yield Vault Contract Whitelist
 
@@ -206,7 +204,7 @@ polygon-agent swap --from USDC --to USDC --amount 0.5 --to-chain arbitrum --broa
 
 | Error | Cause | Fix |
 |-------|-------|-----|
-| `Deposit session rejected` | Pool contract not whitelisted in session | Re-create wallet with `--contract <depositAddress>` |
+| `Deposit session rejected` | Pool or token contract not whitelisted | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required) |
 | `Protocol X not yet supported` | Trails returned a protocol other than aave/morpho | Use `polygon-agent swap` to obtain the yield-bearing token manually |
 | `Fee option errors` | Wallet has insufficient balance | Run `polygon-agent balances` and fund the wallet |
 | `swap`: no route found | Insufficient liquidity for the pair | Try a different amount or token pair |
diff --git a/packages/polygon-agent-cli/src/commands/operations.ts b/packages/polygon-agent-cli/src/commands/operations.ts
index f49ea22..855ae80 100644
--- a/packages/polygon-agent-cli/src/commands/operations.ts
+++ b/packages/polygon-agent-cli/src/commands/operations.ts
@@ -1256,7 +1256,7 @@ export const depositCommand: CommandModule = {
               chainId,
               chain: network.name,
               transactions,
-              note: `Re-run with --broadcast to submit the deposit. If session rejects the call, re-create with: polygon-agent wallet create --contract ${pool.depositAddress}`
+              note: `Re-run with --broadcast to submit the deposit. If session rejects the call, re-create with: polygon-agent wallet create --contract ${asset.address} --contract ${pool.depositAddress}`
             },
             bigintReplacer,
             2
@@ -1277,8 +1277,8 @@ export const depositCommand: CommandModule = {
       } catch (txErr) {
         if ((txErr as Error).message?.includes('No signer supported')) {
           throw new Error(
-            `Session does not permit calls to ${pool.depositAddress} (${pool.protocol} pool). ` +
-              `Re-create the wallet session with: polygon-agent wallet create --contract ${pool.depositAddress}\n` +
+            `Session does not permit calls to ${pool.depositAddress} (${pool.protocol} pool) or ${asset.address} (${assetSymbol} approve). ` +
+              `Re-create the wallet session with: polygon-agent wallet create --contract ${asset.address} --contract ${pool.depositAddress}\n` +
               `Original error: ${(txErr as Error).message}`
           );
         }
diff --git a/packages/polygon-agent-cli/src/commands/wallet-ui.tsx b/packages/polygon-agent-cli/src/commands/wallet-ui.tsx
index d06a701..b5daf20 100644
--- a/packages/polygon-agent-cli/src/commands/wallet-ui.tsx
+++ b/packages/polygon-agent-cli/src/commands/wallet-ui.tsx
@@ -32,9 +32,30 @@ interface SessionPermissionArgs {
 }
 
 const AUTO_WHITELISTED_CONTRACTS = [
-  '0x8004A169FB4a3325136EB29fA0ceB6D2e539a432',
-  '0x8004BAa17C55a88189AE136b182e5fdA19dE9b63',
-  '0xABAAd93EeE2a569cF0632f39B10A9f5D734777ca'
+  '0x8004A169FB4a3325136EB29fA0ceB6D2e539a432', // ERC-8004 IdentityRegistry
+  '0x8004BAa17C55a88189AE136b182e5fdA19dE9b63', // ERC-8004 ReputationRegistry
+  '0xABAAd93EeE2a569cF0632f39B10A9f5D734777ca', // ValueForwarder (required for send native POL)
+
+  // Polygon mainnet (chainId 137) — ERC-20 token contracts (needed for approve() in deposits/swaps)
+  '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359', // USDC (native)
+  '0xc2132D05D31c914a87C6611C10748AEb04B58e8F', // USDT
+  '0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619', // WETH
+
+  // Polygon mainnet (chainId 137) — yield vaults
+  '0x794a61358d6845594f94dc1db02a252b5b4814ad', // Aave V3 Pool (all markets)
+  '0x781fb7f6d845e3be129289833b04d43aa8558c42', // Morpho Compound USDC
+  '0xf5c81d25ee174d83f1fd202ca94ae6070d073ccf', // Morpho Compound WETH
+  '0x3f33f9f7e2d7cfbcbdf8ea8b870a6e3d449664c2', // Morpho Compound POL
+
+  // Katana (chainId 747474) — Morpho vaults
+  '0x1ecdc3f2b5e90bfb55ff45a7476ff98a8957388e', // Gauntlet USDT (~$97M TVL)
+  '0x61d4f9d3797ba4da152238c53a6f93fb665c3c1d', // Steakhouse Prime USDC (~$54M TVL)
+  '0xfade0c546f44e33c134c4036207b314ac643dc2e', // Yearn OG ETH (~$16M TVL)
+  '0xce2b8e464fc7b5e58710c24b7e5ebfb6027f29d7', // Yearn OG USDC (~$16M TVL)
+  '0xe4248e2105508fcbad3fe95691551d1af14015f7', // Gauntlet USDC (~$8M TVL)
+  '0x8ed68f91afbe5871dce31ae007a936ebe8511d47', // Yearn OG USDT (~$8M TVL)
+  '0xc5e7ab07030305fc925175b25b93b285d40dcdff', // Gauntlet WETH (~$6M TVL)
+  '0xef77f8c53af95f3348cee0fb2a02ee02ab9cdca5' // Hyperithm vbUSDC Apex (~$3M TVL)
 ];
 
 function applySessionPermissionParams(url: URL, argv: SessionPermissionArgs): void {
diff --git a/packages/polygon-agent-cli/src/commands/wallet.ts b/packages/polygon-agent-cli/src/commands/wallet.ts
index ba89bbe..d257460 100644
--- a/packages/polygon-agent-cli/src/commands/wallet.ts
+++ b/packages/polygon-agent-cli/src/commands/wallet.ts
@@ -51,6 +51,11 @@ const AUTO_WHITELISTED_CONTRACTS = [
   // NOTE: Trails deposit contract for swap --from POL is dynamic (changes per route/quote)
   // and cannot be reliably pre-whitelisted here.
 
+  // Polygon mainnet (chainId 137) — ERC-20 token contracts (needed for approve() in deposits/swaps)
+  '0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359', // USDC (native)
+  '0xc2132D05D31c914a87C6611C10748AEb04B58e8F', // USDT
+  '0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619', // WETH
+
   // Polygon mainnet (chainId 137) — yield vaults
   '0x794a61358d6845594f94dc1db02a252b5b4814ad', // Aave V3 Pool (all markets)
   '0x781fb7f6d845e3be129289833b04d43aa8558c42', // Morpho Compound USDC
diff --git a/skills/SKILL.md b/skills/SKILL.md
index 1d373b2..9617e24 100644
--- a/skills/SKILL.md
+++ b/skills/SKILL.md
@@ -20,15 +20,15 @@ description: "Complete Polygon agent toolkit for on-chain operations on Polygon.
 
 ## Environment Variables
 
-### Access key — auto-loaded, no export needed
+### Access key — one key, many names
 
-After `setup` runs, the access key is stored in `~/.polygon-agent/builder.json`. The CLI bootstraps it into `SEQUENCE_PROJECT_ACCESS_KEY` and `SEQUENCE_INDEXER_ACCESS_KEY` automatically on every invocation. Trails commands additionally fall back through `session.projectAccessKey` → `SEQUENCE_PROJECT_ACCESS_KEY`, so `TRAILS_API_KEY` also does not need to be exported manually.
+`SEQUENCE_PROJECT_ACCESS_KEY`, `SEQUENCE_INDEXER_ACCESS_KEY`, and `TRAILS_API_KEY` are **all the same key** — the Sequence project access key created during `setup`. The CLI treats them as aliases and falls back through all of them automatically.
 
-**In a fresh agent session with no environment variables set**, simply run commands — the CLI reads credentials from disk. No `export` step is required between phases.
+After `setup` runs the key is stored in `~/.polygon-agent/builder.json`. Every CLI invocation bootstraps it into the environment — no `export` is needed. In a fresh agent session with no environment variables set, simply run commands and the CLI reads credentials from disk.
 
 Only set these manually to override the stored value (e.g. to point at a different project):
 ```bash
-export SEQUENCE_PROJECT_ACCESS_KEY=<override-key>
+export SEQUENCE_PROJECT_ACCESS_KEY=<key>  # also covers TRAILS_API_KEY and indexer calls
 ```
 
 ### Optional overrides
@@ -131,7 +131,7 @@ polygon-agent agent feedback --agent-id <id> --value <score> [--tag1 <t>] [--tag
 - **`balances --chains`** — comma-separated chains (max 20); two or more return JSON with `multiChain: true` and a `chains` array (same wallet address on each)
 - **Fee preference** — auto-selects USDC over native POL when both available
 - **`fund`** — reads `walletAddress` from the wallet session and sets it as `toAddress` in the Trails widget URL. Always run `polygon-agent fund` to get the correct URL — never construct it manually or hardcode any address.
-- **`deposit`** — picks highest-TVL pool via Trails `getEarnPools`. If session rejects (contract not whitelisted), re-create wallet with `--contract <depositAddress>`
+- **`deposit`** — picks highest-TVL pool via Trails `getEarnPools`. Sends two txs: ERC-20 `approve()` on the token contract, then the pool deposit. If session rejects, re-create wallet with both `--contract <tokenAddress> --contract <depositAddress>` (the dry-run output shows both addresses).
 - **`withdraw`** — `--position` = aToken or ERC-4626 vault; `--amount` = `max` or underlying units (Aave / vault). Dry-run JSON includes `poolAddress` / `vault`. Broadcast needs session on the **same chain** as `--chain`, with pool/vault + underlying token whitelisted where the relayer touches them
 - **`x402-pay`** — probes endpoint for 402, smart wallet funds builder EOA with exact token amount, EOA signs EIP-3009 payment. Chain auto-detected from 402 response
 - **`send-native --direct`** — bypasses ValueForwarder contract for direct EOA transfer
@@ -203,7 +203,7 @@ For specific workflows, fetch and load the relevant sub-skill:
 | `Timed out waiting for wallet approval` | Add `--timeout 600` |
 | `Invalid code: hash mismatch` | Wrong 6-digit code entered — retry (3 attempts allowed) |
 | `Relay request not found` | Session expired or already used — re-run `wallet create` (or `wallet create --print-url`) |
-| Deposit session rejected | Re-create wallet with `--contract <depositAddress>` |
+| Deposit session rejected | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required: token approve + pool call) |
 | `withdraw` / broadcast: wrong chain or session rejects | Use `wallet create --chain <same as --chain>` and `--contract` for pool/vault + underlying ERC-20 on that chain; omit tight `--usdc-limit` if it blocks fee transfers |
 | `Stored explicit session is missing pk` | Re-link: `wallet import --code …` after `wallet create` |
 | Wrong recipient in Trails widget | Run `polygon-agent fund` (do not construct the URL manually) |
diff --git a/skills/polygon-defi/SKILL.md b/skills/polygon-defi/SKILL.md
index 0afcbff..32ad8d2 100644
--- a/skills/polygon-defi/SKILL.md
+++ b/skills/polygon-defi/SKILL.md
@@ -150,27 +150,25 @@ Whitelist the **pool** (Aave) or **vault** contract on the session if the wallet
 
 ### Session Whitelisting
 
-If the deposit is rejected with a session permission error, the pool's contract address needs to be whitelisted when creating the wallet session:
+A deposit sends **two transactions**: an ERC-20 `approve()` on the token contract, then the pool deposit call. Both contracts must be whitelisted in the session. If the deposit is rejected with a session permission error:
 
 ```bash
-# 1. Dry-run first to get the depositAddress
+# 1. Dry-run first — output includes both addresses under `transactions[0].to` (token) and `depositAddress` (pool)
 polygon-agent deposit --asset USDC --amount 0.3
-# → note the depositAddress in output
+# → note the token contract address (e.g. USDC: 0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359)
+# → note the depositAddress (e.g. Aave V3: 0x794a61358d6845594f94dc1db02a252b5b4814ad)
 
-# 2. Re-create wallet session with that contract whitelisted
-polygon-agent wallet create --contract <depositAddress>
+# 2. Re-create wallet session with BOTH contracts whitelisted
+polygon-agent wallet create --contract <tokenAddress> --contract <depositAddress>
 
 # 3. Retry
 polygon-agent deposit --asset USDC --amount 0.3 --broadcast
 ```
 
-When creating a wallet specifically for yield, add `--contract` flags for all intended vaults upfront and omit `--usdc-limit`:
-
-```bash
-polygon-agent wallet create \
-  --contract 0x794a61358d6845594f94dc1db02a252b5b4814ad \
-  --contract 0x781fb7f6d845e3be129289833b04d43aa8558c42
-```
+Common token contracts on Polygon mainnet (already auto-whitelisted in sessions created by the CLI):
+- USDC: `0x3c499c542cEF5E3811e1192ce70d8cC03d5c3359`
+- USDT: `0xc2132D05D31c914a87C6611C10748AEb04B58e8F`
+- WETH: `0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619`
 
 ### Yield Vault Contract Whitelist
 
@@ -222,7 +220,7 @@ polygon-agent swap --from USDC --to USDC --amount 0.5 --to-chain arbitrum --broa
 
 | Error | Cause | Fix |
 |-------|-------|-----|
-| `Deposit session rejected` | Pool contract not whitelisted in session | Re-create wallet with `--contract <depositAddress>` |
+| `Deposit session rejected` | Pool or token contract not whitelisted | Re-create wallet with `--contract <tokenAddress> --contract <depositAddress>` (both required) |
 | `Protocol X not yet supported` | Trails returned a protocol other than aave/morpho | Use `polygon-agent swap` to obtain the yield-bearing token manually |
 | `Fee option errors` | Wallet has insufficient balance | Run `polygon-agent balances` and fund the wallet |
 | `swap`: no route found | Insufficient liquidity for the pair | Try a different amount or token pair |