This proposal aims to extend the functionality of the existing ERC-3009 standard, "Transfer With Authorization," to support transfer operations initiated by smart contract wallets.
The existing ERC-3009 standard enables asset transfers with ECDSA signatures. However, as smart contract wallets become more prevalent in the ecosystem, the current standard is no longer sufficient.
This proposal aims to enhance the usability and composeability of the standard by extending ERC-3009 with smart contract wallet signature validation, as defined in ERC-1271. By incorporating this extension, users will have greater flexibility in managing their assets while ensuring a secure authorization process.
The following events and interfaces must still be present given the initial spec defined in ERC-3009.
AuthorizationUsed.TRANSFER_WITH_AUTHORIZATION_TYPEHASH and RECEIVE_WITH_AUTHORIZATION_TYPEHASH.authorizationState(address authorizer, bytes32 nonce)In addition, the following interfaces must be added to be compliant with the standard:
Optional:
The AuthorizationCanceled event and CANCEL_AUTHORIZATION_TYPEHASH constant as defined in the ERC-3009 spec.
By replacing the existing V, R, S signature validation scheme and introducing support for unstructured bytes input, contract developers can use a unified interface to validate signature from both EOAs and SC wallets. This allows for the utilization of different signature schemes and algorithms fitting the wallet type, paving the way for smart contract wallets and advanced wallet types to enhance their signature validation processes, promoting flexibility and innovation.
This proposal is fully backward-compatible with the existing ERC-3009 standard. Contracts that currently rely on the V, R, S signature validation scheme will continue to function without any issues.
In the event that both the existing V, R, S signature validation scheme and the new unstructured bytes signature validation need to be supported for backward compatibility, developers can reduce duplicates by adapting the following code block as an example:
transferWithAuthorization, receiveWithAuthorization, and cancelAuthorization rely on ContractWallet.isValidSignature() to ensure the signature bytes represent the desired execution from contract wallet owner(s). Contract wallet developers must exercise caution when implementing custom signature validation logic to ensure the security of their contracts.Copyright and related rights waived via CC0.