Permits
This doc relates to EIP2612 Signed token approvals, EIP3009 Transfer with Authorization, EIP712 Ethereum typed structured data hashing and signing. Inspiration comes from Salmonella Contract Rough Implementation is in Permit Singleton doc.
This doc is a creative collaboration between Nathan & Anett & Simon & Ronan.
Permits General
Permits allow 3rd party signing the contracts and let 3rd party to sign in and pay tx fees. User create a signature that permits 3rd party to move their tokens but they wont sign every detail of what they consent to.
Permits can allow contracts to use user tokens without the user first needing to first to send an
approve()transaction.Permits do not have any logic but can have logic mechanisms like time frame - deadline which adds time frame and time locks for security
Permits allow you to approve NFT by NFT without approving all the NFTs
__
Permits vs non-permits transactions
Permits Instead of signing the approved transaction, the user signs the data approved (spender, amount)
User signs the signature - via Permit which will sign the the approve (myContract.address, amount) function.
User submits signature to
myContract.doSomething(signature)
myContractusestoken.permitto increase allowance, followed bytoken.transferFrom
Regular tx
User submits
token.approve(myContract.address, amount)transactionWait for transaction confirmation
User submits second
myContract.doSomething()transaction which internally usestoken.transferFrom
Source: https://soliditydeveloper.com/erc20-permit
Usability of Permits
"Having a permit or something similar is pretty helpful, because it enables transactions without fees, and for transactions to be batched. For example if you have an NFT with a permit, and I am an exchange, then you can sign a “permision” which allows me to move your NFT to a certain address. I can now move your NFT for you and pay your transaction costs. If lots of people give me permission I can move all their NFT’s in a single transaction."- Nathan
Implementation & Examples
Here's an example of a vulnerable implementation: -Notice the 'to' address is not signed- https://github.com/archerdao/archerswap/blob/master/packages/smart-contracts/contracts/ArcherSwapRouter.sol#L63
Implementation: https://www.npmjs.com/package/eth-permit Same implementation but the GitHub link: https://github.com/dmihal/eth-permit
Example code: https://github.com/makerdao/developerguides/blob/master/dai/how-to-use-permit-function/how-to-use-permit-function.md
ERC20 implementation of DAI by Maker: https://docs.makerdao.com/smart-contract-modules/dai-module/dai-detailed-documentation#3-key-mechanisms-and-concepts
We recommend any users using the
approvalfor a specific amount be aware of this particular issue and use caution when authorizing other contracts to perform transfers on their behalf. There is a slight deviation intransferFromfunctionality: If thesrc == msg.senderthe function does not requireapprovalfirst and treats it as a normaltransferfrom themsg.senderto thedst.
Simple explanation
ELI5 explanation: Permits are permissions that send the approved TX to allow dApp to use / spend your tokens. Example: Uniswap asks you to use DAI in order to swap DAI for some other token
How to use the Permit function
(Needs to be implemented correctly)
The ERC721 and ERC1155 have implementation that allows 3rd party to transfer tokens between accounts, I assume this is helpful in case of the artist is new to blockchain, just installed MetaMask and someone sent the artist ETH for tx so the artist can upload the NFT and the platform handles the sale - artist sells the artwork to platform, platform sells the artwork to buyer on behalf or artist.
This is done via set Approval function which is a line of Solidity code that gives permission to Marketplace to sell your NFT to buyer - the account that bids the highest amount
Implementation use case Adding permits to the contract will require an artist (creator) to send approval tx for the NFT to be send to the owner (winner of the auction / buyer) when the auction ends or when someone will want to buy the NFT.
"When you sell an NFT on a Marketplace you do a call to approve the marketplace contract to manage this NFT for you. This way, when a sale occurs, the Marketplace transfers the NFT from you to the other account. But until then, the NFT stays in your account. You didn't put it in an escrow. " - Simon
Use case for New standard - suggestions Implementation
Marketplace contracts could just request the user to sign an approval message (no tx) and use that as part of the sale offer matching. Permit will remove the need to pre-approve the marketplace contract. It can be done just at the point of purchase.
Permit would allow sale of the NFT not create contract. The NFT will be created by usual tx, and there will be requirement to sign message - permit that would allow the NFT to be on sale.
It seems like we are going to have implementation that will be extension of both ERC721 and ERC1155 standards. Permits will be used as off chain message signatures that will approve (confirm) purchase of the NFT. Author of the NFT will sign message with his wallet which will trigger sale function.
How do permits reduce the need to do on-chain tx with less gas used?
Permits are messages, not transactions. They are informative pop-ups in wallets that inform you about the actions.
Futher reading
OpenZeppelin implementation of Permit function to ERC20 https://forum.openzeppelin.com/t/add-erc20-permit-function/2706
Uniswap Permits integration https://uniswap.org/docs/v2/smart-contract-integration/supporting-meta-transactions/
A Long Way To Go: On Gasless Tokens and ERC20-Permit https://soliditydeveloper.com/erc20-permit
Last updated