Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ERC20 Permit (EIP-2612) #2237

Merged
merged 38 commits into from
Dec 11, 2020
Merged
Show file tree
Hide file tree
Changes from 36 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
19a413a
Initial storage-based implementation
nventuro May 15, 2020
48c41df
Improve gas efficiency and docs
nventuro May 15, 2020
d1e0f4b
Initial sketch for tests
nventuro May 15, 2020
cf718ee
Fix encoding before hash
nventuro May 26, 2020
53516bc
Implement nonce using Counter
nventuro Jun 5, 2020
be37397
Merge branch 'master' into erc20-permit
frangio Nov 20, 2020
743fe9a
adjust pragma and add license
frangio Nov 20, 2020
0c02fdc
adapt test to buidler
frangio Nov 20, 2020
255e11a
disable eslint in wip file
frangio Nov 20, 2020
d5037d2
add solhint exceptions
frangio Nov 20, 2020
b11d7ab
use a cheaper strategy for domain separator caching
frangio Nov 27, 2020
58c7098
add DOMAIN_SEPARATOR function
frangio Dec 1, 2020
1bd9922
Merge branch 'master' into erc20-permit
frangio Dec 1, 2020
cb00f8a
add eip712 from #2418
frangio Dec 1, 2020
c5d01e9
move to drafts directory
frangio Dec 1, 2020
aacea0c
use EIP712 contract
frangio Dec 1, 2020
b57f655
fix test
frangio Dec 2, 2020
0560ea8
emit contract in api/drafts page
frangio Dec 2, 2020
4552f52
fix api/drafts page title
frangio Dec 2, 2020
9a916f7
add constructor documentation
frangio Dec 2, 2020
91e98a4
lint
frangio Dec 2, 2020
e331820
extract eip712 helpers
frangio Dec 4, 2020
ade3af2
test DOMAIN_SEPARATOR function
frangio Dec 4, 2020
9a661c9
test permit postconditions
frangio Dec 4, 2020
f4b7f93
use different account for nonce test
frangio Dec 4, 2020
8f7f47c
add test for rejected transaction
frangio Dec 4, 2020
b7b5abd
test expired permit
frangio Dec 4, 2020
24e4582
remove note about domain separator and chain id
frangio Dec 4, 2020
737fa3b
Merge remote-tracking branch 'upstream/master' into erc20-permit
frangio Dec 4, 2020
f410734
ensure deadline is before next block timestamp
frangio Dec 4, 2020
9d60a71
Update contracts/token/ERC20/README.adoc
frangio Dec 9, 2020
3beaf01
add test that reused signature is rejected
frangio Dec 9, 2020
837586d
use valid signature when testing expired deadline
frangio Dec 9, 2020
add4067
Merge remote-tracking branch 'upstream/master' into erc20-permit
frangio Dec 9, 2020
f26f0e3
rename IERC2612Permit to IERC20Permit
frangio Dec 9, 2020
acd82cd
review documentation
frangio Dec 9, 2020
4444d3b
Merge branch 'master' into erc20-permit
frangio Dec 11, 2020
71c9e3d
add changelog entry
frangio Dec 11, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions contracts/cryptography/ECDSA.sol
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,14 @@ library ECDSA {
v := byte(0, mload(add(signature, 0x60)))
}

return recover(hash, v, r, s);
}

/**
* @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,
* `r` and `s` signature fields separately.
*/
function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
// EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
// unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
// the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
Expand Down
76 changes: 76 additions & 0 deletions contracts/drafts/ERC20Permit.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
// SPDX-License-Identifier: MIT

pragma solidity >=0.6.5 <0.8.0;

import "../token/ERC20/ERC20.sol";
import "./IERC20Permit.sol";
import "../cryptography/ECDSA.sol";
import "../utils/Counters.sol";
import "./EIP712.sol";

/**
* @dev Implementation of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
abstract contract ERC20Permit is ERC20, IERC20Permit, EIP712 {
using Counters for Counters.Counter;

mapping (address => Counters.Counter) private _nonces;

// solhint-disable-next-line var-name-mixedcase
bytes32 private immutable _PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");

/**
* @dev Initializes the {EIP712} domain separator using the `name` parameter, and setting `version` to `"1"`.
*
* It's a good idea to use the same `name` that is defined as the ERC20 token name.
*/
constructor(string memory name) internal EIP712(name, "1") {
}

/**
* @dev See {IERC20Permit-permit}.
*/
function permit(address owner, address spender, uint256 amount, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public virtual override {
// solhint-disable-next-line not-rely-on-time
require(block.timestamp <= deadline, "ERC20Permit: expired deadline");

bytes32 structHash = keccak256(
abi.encode(
_PERMIT_TYPEHASH,
owner,
spender,
amount,
_nonces[owner].current(),
deadline
)
);

bytes32 hash = _hashTypedDataV4(structHash);

address signer = ECDSA.recover(hash, v, r, s);
require(signer == owner, "ERC20Permit: invalid signature");

_nonces[owner].increment();
_approve(owner, spender, amount);
}

/**
* @dev See {IERC20Permit-nonces}.
*/
function nonces(address owner) public view override returns (uint256) {
return _nonces[owner].current();
}

/**
* @dev See {IERC20Permit-DOMAIN_SEPARATOR}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view override returns (bytes32) {
return _domainSeparatorV4();
}
}
51 changes: 51 additions & 0 deletions contracts/drafts/IERC20Permit.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

/**
* @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
* https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
*
* Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
* presenting a message signed by the account. By not relying on `{IERC20-approve}`, the token holder account doesn't
* need to send a transaction, and thus is not required to hold Ether at all.
*/
interface IERC20Permit {
/**
* @dev Sets `amount` as the allowance of `spender` over `owner`'s tokens,
* given `owner`'s signed approval.
*
* IMPORTANT: The same issues {IERC20-approve} has related to transaction
* ordering also apply here.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `spender` cannot be the zero address.
* - `deadline` must be a timestamp in the future.
* - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
* over the EIP712-formatted function arguments.
* - the signature must use ``owner``'s current nonce (see {nonces}).
*
* For more information on the signature format, see the
* https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
* section].
*/
function permit(address owner, address spender, uint256 amount, uint256 deadline, uint8 v, bytes32 r, bytes32 s) external;

/**
* @dev Returns the current nonce for `owner`. This value must be
* included whenever a signature is generated for {permit}.
*
* Every successful call to {permit} increases ``owner``'s nonce by one. This
* prevents a signature from being used multiple times.
*/
function nonces(address owner) external view returns (uint256);

/**
* @dev Returns the domain separator used in the encoding of the signature for `permit`, as defined by {EIP712}.
*/
// solhint-disable-next-line func-name-mixedcase
function DOMAIN_SEPARATOR() external view returns (bytes32);
}
8 changes: 7 additions & 1 deletion contracts/drafts/README.adoc
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
= Draft EIPS
= Draft EIPs

This directory contains implementations of EIPs that are still in Draft status.

Expand All @@ -7,3 +7,9 @@ Due to their nature as drafts, the details of these contracts may change and we
== Cryptography

{{EIP712}}

== ERC 20

{{IERC20Permit}}

{{ERC20Permit}}
23 changes: 23 additions & 0 deletions contracts/mocks/ERC20PermitMock.sol
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

import "../drafts/ERC20Permit.sol";

contract ERC20PermitMock is ERC20Permit {
constructor (
string memory name,
string memory symbol,
address initialAccount,
uint256 initialBalance
) public payable ERC20(name, symbol) ERC20Permit(name) {
_mint(initialAccount, initialBalance);
}

function getChainId() external pure returns (uint256 chainId) {
// solhint-disable-next-line no-inline-assembly
assembly {
chainId := chainid()
}
}
}
6 changes: 6 additions & 0 deletions contracts/token/ERC20/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ There a few core contracts that implement the behavior specified in the EIP:
Additionally there are multiple custom extensions, including:

* designation of addresses that can pause token transfers for all users ({ERC20Pausable}).
* gasless approval of tokens ({ERC20Permit}).
* efficient storage of past token balances to be later queried at any point in time ({ERC20Snapshot}).
* destruction of own tokens ({ERC20Burnable}).
* enforcement of a cap to the total supply when minting tokens ({ERC20Capped}).
Expand All @@ -24,6 +25,11 @@ Finally, there are some utilities to interact with ERC20 contracts in various wa
* {SafeERC20} is a wrapper around the interface that eliminates the need to handle boolean return values.
* {TokenTimelock} can hold tokens for a beneficiary until a specified time.

The following related EIPs are in draft status and can be found in the drafts directory.

- {IERC20Permit}
- {ERC20Permit}

NOTE: This core set of contracts is designed to be unopinionated, allowing developers to access the internal functions in ERC20 (such as <<ERC20-_mint-address-uint256-,`_mint`>>) and expose them as external functions in the way they prefer. On the other hand, xref:ROOT:erc20.adoc#Presets[ERC20 Presets] (such as {ERC20PresetMinterPauser}) are designed using opinionated patterns to provide developers with ready to use, deployable contracts.

== Core
Expand Down
Loading