# Permits This doc relates to EIP2612 Signed token approvals, EIP3009 Transfer with Authorization, EIP712 Ethereum typed structured data hashing and signing. Inspiration comes from Salmonella Contract\ Rough Implementation is in Permit Singleton doc. This doc is a creative collaboration between Nathan & Anett & Simon & Ronan. ## Permits General * Permits allow 3rd party signing the contracts and let 3rd party to sign in and pay tx fees. User create a signature that permits 3rd party to move their tokens but they wont sign every detail of what they consent to. * Permits can allow contracts to use user tokens without the user first needing to first to send an `approve()` transaction. * Permits do not have any logic but can have logic mechanisms like time frame - deadline which adds time frame and time locks for security * Permits allow you to approve NFT by NFT without approving all the NFTs \_\_ ## Permits vs non-permits transactions **Permits**\ Instead of signing the approved transaction, the user signs the data approved (spender, amount) > * User signs the signature - via Permit which will sign the the approve (myContract.address, amount) function. > * User submits signature to `myContract.doSomething(signature)` > * `myContract` uses `token.permit` to increase allowance, followed by `token.transferFrom` **Regular tx** > * User submits `token.approve(myContract.address, amount)` transaction > * Wait for transaction confirmation > * User submits second `myContract.doSomething()` transaction which internally uses `token.transferFrom` Source: ### Usability of Permits "Having a permit or something similar is pretty helpful, because it enables transactions without fees, and for transactions to be batched.\ For example if you have an NFT with a permit, and I am an exchange, then you can sign a “permision” which allows me to move your NFT to a certain address. I can now move your NFT for you and pay your transaction costs. If lots of people give me permission I can move all their NFT’s in a single transaction."- Nathan ## Implementation & Examples Here's an example of a vulnerable implementation:\ -Notice the 'to' address is not signed-\ Implementation: Same implementation but the GitHub link: Example code: ERC20 implementation of DAI by Maker: > We recommend any users using the `approval` for a specific amount be aware of this particular issue and use caution when authorizing other contracts to perform transfers on their behalf.\ > There is a slight deviation in `transferFrom` functionality: If the `src == msg.sender` the function does not require `approval` first and treats it as a normal `transfer` from the `msg.sender` to the `dst`. ## Simple explanation ELI5 explanation:\ Permits are permissions that send the approved TX to allow dApp to use / spend your tokens.\ Example: Uniswap asks you to use DAI in order to swap DAI for some other token ## How to use the Permit function (Needs to be implemented correctly) The ERC721 and ERC1155 have implementation that allows 3rd party to transfer tokens between accounts, I assume this is helpful in case of the artist is new to blockchain, just installed MetaMask and someone sent the artist ETH for tx so the artist can upload the NFT and the platform handles the sale - artist sells the artwork to platform, platform sells the artwork to buyer on behalf or artist. > This is done via set Approval function which is a line of Solidity code that gives permission to Marketplace to sell your NFT to buyer - the account that bids the highest amount **Implementation use case**\ Adding permits to the contract will require an artist (creator) to send approval tx for the NFT to be send to the owner (winner of the auction / buyer) when the auction ends or when someone will want to buy the NFT. "When you sell an NFT on a Marketplace you do a call to approve the marketplace contract to manage this NFT for you.\ This way, when a sale occurs, the Marketplace transfers the NFT from you to the other account. But until then, the NFT stays in your account. You didn't put it in an escrow. " - Simon ### Use case for New standard - suggestions Implementation Marketplace contracts could just request the user to sign an approval message (no tx) and use that as part of the sale offer matching. Permit will remove the need to pre-approve the marketplace contract. It can be done just at the point of purchase. Permit would allow sale of the NFT not create contract.\ The NFT will be created by usual tx, and there will be requirement to sign message - permit that would allow the NFT to be on sale. It seems like we are going to have implementation that will be extension of both ERC721 and ERC1155 standards. Permits will be used as off chain message signatures that will approve (confirm) purchase of the NFT. Author of the NFT will sign message with his wallet which will trigger sale function. #### How do permits reduce the need to do on-chain tx with less gas used? Permits are messages, not transactions. They are informative pop-ups in wallets that inform you about the actions. ## Futher reading * OpenZeppelin implementation of Permit function to ERC20 * Uniswap Permits integration * A Long Way To Go: On Gasless Tokens and ERC20-Permit --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nft-standards.gitbook.io/nft-standards-wiki/nft-security/permits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.