ERC-7598: Use contract signature for signed transfer
An ERC to extend ERC-3009 Transfer with Authorization to support ERC-1271 signature validation.
EIP: Contract signature validation extension for ERC-3009 Transfer with Authorization
Abstract
This proposal aims to extend the functionality of the existing ERC-3009 standard, "Transfer With Authorization," to support transfer operations initiated by smart contract wallets.
Motivation
The existing ERC-3009 standard enables asset transfers with ECDSA signatures. However, as smart contract wallets become more prevalent in the ecosystem, the current standard is no longer sufficient.
This proposal aims to enhance the usability and composeability of the standard by extending ERC-3009 with smart contract wallet signature validation, as defined in ERC-1271. By incorporating this extension, users will have greater flexibility in managing their assets while ensuring a secure authorization process.
Specification
The following events and interfaces must still be present given the initial spec defined in ERC-3009.
- Event
AuthorizationUsed
. - Constants
TRANSFER_WITH_AUTHORIZATION_TYPEHASH
andRECEIVE_WITH_AUTHORIZATION_TYPEHASH
. - View function interface
authorizationState(address authorizer, bytes32 nonce)
In addition, the following interfaces must be added to be compliant with the standard:
Optional:
The AuthorizationCanceled
event and CANCEL_AUTHORIZATION_TYPEHASH
constant as defined in the ERC-3009 spec.
Rationale
By replacing the existing V, R, S signature validation scheme and introducing support for unstructured bytes input, contract developers can use a unified interface to validate signature from both EOAs and SC wallets. This allows for the utilization of different signature schemes and algorithms fitting the wallet type, paving the way for smart contract wallets and advanced wallet types to enhance their signature validation processes, promoting flexibility and innovation.
Backwards Compatibility
This proposal is fully backward-compatible with the existing ERC-3009 standard. Contracts that currently rely on the V, R, S signature validation scheme will continue to function without any issues.
In the event that both the existing V, R, S signature validation scheme and the new unstructured bytes signature validation need to be supported for backward compatibility, developers can reduce duplicates by adapting the following code block as an example:
Reference Implementation
Security Considerations
- For contract wallets, the security of
transferWithAuthorization
,receiveWithAuthorization
, andcancelAuthorization
rely onContractWallet.isValidSignature()
to ensure the signature bytes represent the desired execution from contract wallet owner(s). Contract wallet developers must exercise caution when implementing custom signature validation logic to ensure the security of their contracts.
Copyright
Copyright and related rights waived via CC0.