ERC-7741: Authorize Operator

Set Operator via EIP-712 secp256k1 signatures


Metadata
Status: DraftStandards Track: ERCCreated: 2024-06-03
Authors
Jeroen Offerijns (@hieronx), João Martins (@0xTimepunk)
Requires

Abstract


A set of functions to enable meta-transactions and atomic interactions with contracts implementing an operator model, via signatures conforming to the EIP-712 typed message signing specification.

Motivation


The primary motivation for this standard is to enhance the flexibility, security, and efficiency of operator management. By leveraging EIP-712 signatures, this standard allows users to authorize operators without the need for on-chain transactions, reducing gas costs and improving user experience. This is particularly beneficial whenever frequent operator changes and cross-chain interactions are required.

Additionally, this standard aims to:

  1. Enable Meta-Transactions: Allow users to delegate the execution of transactions to operators, enabling meta-transactions where the user does not need to hold native tokens to pay for gas fees on each chain.
  2. Improve Security: Utilize the EIP-712 standard for typed data signing, which provides a more secure and user-friendly way to sign messages compared to raw data signing.
  3. Facilitate Interoperability: Provide a standardized interface for operator management that can be adopted across various vault protocols, promoting interoperability and reducing integration complexity for developers.
  4. Streamline Cross-Chain Operations: Simplify the process of managing operators across different chains, making it easier for protocols to maintain consistent operator permissions and interactions in a multi-chain environment.

By addressing these needs, the Authorize Operator standard aims to streamline the process of managing operators in decentralized vault protocols, making it easier for users and developers to interact with smart contracts in a secure, cost-effective, and interoperable manner across multiple blockchain networks.

Specification


Operator-compatible contracts

This signed authorization scheme applies to any contracts implementing the following interface:


EIP-6909 and EIP-7540 already implement this interface.

The naming of the arguments is interchangeable, e.g. EIP-6909 uses spender instead of operator.

Methods

authorizeOperator

Grants or revokes permissions for operator to manage Requests on behalf of the msg.sender, using an EIP-712 signature.

MUST revert if the deadline has passed.

MUST invalidate the nonce of the signature to prevent message replay.

MUST revert if the signature is not a valid EIP-712 signature, with the given input parameters.

MUST set the operator status to the approved value.

MUST log the OperatorSet event.

MUST return true.


invalidateNonce

Revokes the given nonce for msg.sender as the owner.


authorizations

Returns whether the given nonce has been used for the controller.


DOMAIN_SEPARATOR

Returns the DOMAIN_SEPARATOR as defined according to EIP-712. The DOMAIN_SEPARATOR should be unique to the contract and chain to prevent replay attacks from other domains, and satisfy the requirements of EIP-712, but is otherwise unconstrained.


ERC-165 support

Smart contracts implementing this standard MUST implement the ERC-165 supportsInterface function.

Contracts MUST return the constant value true if 0x7a7911eb is passed through the interfaceID argument.

Rationale


Similarity to ERC-2612

The specification is intentionally designed to closely match ERC-2612. This should simplify new integrations of the standard.

The main difference is using bytes32 vs uint256, which enables unordered nonces.

Reference Implementation



Security Considerations


Operators have significant control over users and the signed message can lead to undesired outcomes. The expiration date should be set as short as feasible to reduce the chance of an unused signature leaking at a later point.

Copyright


Copyright and related rights waived via CC0.