Alert Source Discuss
⚠️ Draft Standards Track: ERC

ERC-7741: Authorize Operator

Set Operator via EIP-712 secp256k1 signatures

Authors Jeroen Offerijns (@hieronx), João Martins (@0xTimepunk)
Created 2024-06-03
Discussion Link https://ethereum-magicians.org/t/erc-7741-authorize-operator/20531
Requires EIP-712, EIP-1271

Abstract

A set of functions to enable meta-transactions and atomic interactions with contracts implementing an operator model, via signatures conforming to the EIP-712 typed message signing specification.

Motivation

The primary motivation for this standard is to enhance the flexibility, security, and efficiency of operator management. By leveraging EIP-712 signatures, this standard allows users to authorize operators without the need for on-chain transactions, reducing gas costs and improving user experience. This is particularly beneficial whenever frequent operator changes and cross-chain interactions are required.

Additionally, this standard aims to:

  1. Enable Meta-Transactions: Allow users to delegate the execution of transactions to operators, enabling meta-transactions where the user does not need to hold native tokens to pay for gas fees on each chain.
  2. Improve Security: Utilize the EIP-712 standard for typed data signing, which provides a more secure and user-friendly way to sign messages compared to raw data signing.
  3. Facilitate Interoperability: Provide a standardized interface for operator management that can be adopted across various vault protocols, promoting interoperability and reducing integration complexity for developers.
  4. Streamline Cross-Chain Operations: Simplify the process of managing operators across different chains, making it easier for protocols to maintain consistent operator permissions and interactions in a multi-chain environment.

By addressing these needs, the Authorize Operator standard aims to streamline the process of managing operators in decentralized vault protocols, making it easier for users and developers to interact with smart contracts in a secure, cost-effective, and interoperable manner across multiple blockchain networks.

Specification

Operator-compatible contracts

This signed authorization scheme applies to any contracts implementing the following interface:

  interface IOperator {
    event OperatorSet(address indexed owner, address indexed operator, bool approved);

    function setOperator(address operator, bool approved) external returns (bool);
    function isOperator(address owner, address operator) external returns (bool status);
  }

EIP-6909 and EIP-7540 already implement this interface.

The naming of the arguments is interchangeable, e.g. EIP-6909 uses spender instead of operator.

Methods

authorizeOperator

Grants or revokes permissions for operator to manage Requests on behalf of the msg.sender, using an EIP-712 signature.

MUST revert if the deadline has passed.

MUST invalidate the nonce of the signature to prevent message replay.

MUST revert if the signature is not a valid EIP-712 signature, with the given input parameters.

MUST set the operator status to the approved value.

MUST log the OperatorSet event.

MUST return true.

- name: authorizeOperator
  type: function
  stateMutability: nonpayable

  inputs:
    - name: owner
      type: address
    - name: operator
      type: address
    - name: approved
      type: bool
    - name: nonce
      type: bytes32
    - name: deadline
      type: uint256
    - name: signature
      type: bytes

  outputs:
    - name: success
      type: bool

invalidateNonce

Revokes the given nonce for msg.sender as the owner.

- name: invalidateNonce
  type: function
  stateMutability: nonpayable

  inputs:
    - name: nonce
      type: bytes32

authorizations

Returns whether the given nonce has been used for the controller.

- name: authorizations
  type: function
  stateMutability: nonpayable

  inputs:
    - name: controller
      type: address
    - name: nonce
      type: bytes32
  outputs:
    - name: used
      type: bool

DOMAIN_SEPARATOR

Returns the DOMAIN_SEPARATOR as defined according to EIP-712. The DOMAIN_SEPARATOR should be unique to the contract and chain to prevent replay attacks from other domains, and satisfy the requirements of EIP-712, but is otherwise unconstrained.

- name: DOMAIN_SEPARATOR
  type: function
  stateMutability: nonpayable

  outputs:
    - type: bytes32

ERC-165 support

Smart contracts implementing this standard MUST implement the ERC-165 supportsInterface function.

Contracts MUST return the constant value true if 0xa9e50872 is passed through the interfaceID argument.

Rationale

Similarity to ERC-2612

The specification is intentionally designed to closely match ERC-2612. This should simplify new integrations of the standard.

The main difference is using bytes32 vs uint256, which enables unordered nonces.

Reference Implementation

    // This code snippet is incomplete pseudocode used for example only and is no way intended to be used in production or guaranteed to be secure

    bytes32 public constant AUTHORIZE_OPERATOR_TYPEHASH =
        keccak256("AuthorizeOperator(address controller,address operator,bool approved,bytes32 nonce,uint256 deadline)");

    mapping(address owner => mapping(bytes32 nonce => bool used)) authorizations;

    function DOMAIN_SEPARATOR() public view returns (bytes32) {
      // EIP-712 implementation 
    }

    function isValidSignature(address signer, bytes32 digest, bytes memory signature) internal view returns (bool valid) {
      // ERC-1271 implementation 
    }

    function authorizeOperator(
        address controller,
        address operator,
        bool approved,
        bytes32 nonce,
        uint256 deadline,
        bytes memory signature
    ) external returns (bool success) {
        require(block.timestamp <= deadline, "ERC7540Vault/expired");
        require(controller != address(0), "ERC7540Vault/invalid-controller");
        require(!authorizations[controller][nonce], "ERC7540Vault/authorization-used");

        authorizations[controller][nonce] = true;

        bytes32 digest = keccak256(
            abi.encodePacked(
                "\x19\x01",
                DOMAIN_SEPARATOR(),
                keccak256(abi.encode(AUTHORIZE_OPERATOR_TYPEHASH, controller, operator, approved, nonce, deadline))
            )
        );

        require(SignatureLib.isValidSignature(controller, digest, signature), "ERC7540Vault/invalid-authorization");

        isOperator[controller][operator] = approved;
        emit OperatorSet(controller, operator, approved);

        success = true;
    }
    
    function invalidateNonce(bytes32 nonce) external {
        authorizations[msg.sender][nonce] = true;
    }

Security Considerations

Operators have significant control over users and the signed message can lead to undesired outcomes. The expiration date should be set as short as feasible to reduce the chance of an unused signature leaking at a later point.

Copyright and related rights waived via CC0.

Citation

Please cite this document as:

Jeroen Offerijns (@hieronx), João Martins (@0xTimepunk), "ERC-7741: Authorize Operator [DRAFT]," Ethereum Improvement Proposals, no. 7741, June 2024. [Online serial]. Available: https://eips.ethereum.org/EIPS/eip-7741.