ERC-7741: Authorize Operator
Set Operator via EIP-712 secp256k1 signatures
Abstract
A set of functions to enable meta-transactions and atomic interactions with contracts implementing an operator model, via signatures conforming to the EIP-712 typed message signing specification.
Motivation
The primary motivation for this standard is to enhance the flexibility, security, and efficiency of operator management. By leveraging EIP-712 signatures, this standard allows users to authorize operators without the need for on-chain transactions, reducing gas costs and improving user experience. This is particularly beneficial whenever frequent operator changes and cross-chain interactions are required.
Additionally, this standard aims to:
- Enable Meta-Transactions: Allow users to delegate the execution of transactions to operators, enabling meta-transactions where the user does not need to hold native tokens to pay for gas fees on each chain.
- Improve Security: Utilize the EIP-712 standard for typed data signing, which provides a more secure and user-friendly way to sign messages compared to raw data signing.
- Facilitate Interoperability: Provide a standardized interface for operator management that can be adopted across various vault protocols, promoting interoperability and reducing integration complexity for developers.
- Streamline Cross-Chain Operations: Simplify the process of managing operators across different chains, making it easier for protocols to maintain consistent operator permissions and interactions in a multi-chain environment.
By addressing these needs, the Authorize Operator
standard aims to streamline the process of managing operators in decentralized vault protocols, making it easier for users and developers to interact with smart contracts in a secure, cost-effective, and interoperable manner across multiple blockchain networks.
Specification
Operator-compatible contracts
This signed authorization scheme applies to any contracts implementing the following interface:
EIP-6909 and EIP-7540 already implement this interface.
The naming of the arguments is interchangeable, e.g. EIP-6909 uses spender
instead of operator
.
Methods
authorizeOperator
Grants or revokes permissions for operator
to manage Requests on behalf of the msg.sender
, using an EIP-712 signature.
MUST revert if the deadline
has passed.
MUST invalidate the nonce of the signature to prevent message replay.
MUST revert if the signature
is not a valid EIP-712 signature, with the given input parameters.
MUST set the operator status to the approved
value.
MUST log the OperatorSet
event.
MUST return true
.
invalidateNonce
Revokes the given nonce
for msg.sender
as the owner
.
authorizations
Returns whether the given nonce
has been used for the controller
.
DOMAIN_SEPARATOR
Returns the DOMAIN_SEPARATOR
as defined according to EIP-712. The DOMAIN_SEPARATOR
should be unique to the contract and chain to prevent replay attacks from other domains, and satisfy the requirements of EIP-712, but is otherwise unconstrained.
ERC-165 support
Smart contracts implementing this standard MUST implement the ERC-165 supportsInterface
function.
Contracts MUST return the constant value true
if 0x7a7911eb
is passed through the interfaceID
argument.
Rationale
Similarity to ERC-2612
The specification is intentionally designed to closely match ERC-2612. This should simplify new integrations of the standard.
The main difference is using bytes32
vs uint256
, which enables unordered nonces.
Reference Implementation
Security Considerations
Operators have significant control over users and the signed message can lead to undesired outcomes. The expiration date should be set as short as feasible to reduce the chance of an unused signature leaking at a later point.
Copyright
Copyright and related rights waived via CC0.