In the blockchain world,there are many barriers for new users to enter this field. One of the biggest barriers is that each operation requires a transaction fee,which is called gas in Ethereum
In the blockchain world,there are many barriers for new users to enter this field. One of the biggest barriers is that each operation requires a transaction fee,which is called gas in Ethereum. Metatransactions are the most promising solution to this problem,but there are also certain risks at present.
0x1 What is Meta Transaction
Imagine a scenario where you are attracted by the high returns of DeFi,so you decide to transfer all the USDCs in the exchange to your wallet and invest them in DeFi. After the withdrawal is completed,your wallet does indeed receive USDCs,but you find that you cannot complete any on chain operations,trade,or pledge. So,you need to purchase some ETH again from the exchange before mentioning the wallet
Under normal circumstances,if a user wants to publish a transaction on the blockchain,they need to have enough native tokens such as ETH and BTC) in their account as transaction fees before they can be linked. In the case of using meta transactions,users can entrust a relay to publish the transaction instead of publishing it themselves,which naturally eliminates the need for users to have enough native tokens themselves.
To achieve transaction delegation,the target smart contract needs to support meta transactions,which are generally achieved using message signing technology. Signing with a wallet does not require any transaction fees,as this is completely an off chain behavior. Users construct corresponding meta transaction data and sign,and then send this information to the relay. The relay then calls the target contract,accompanied by data and signature,After receiving this information,the target contract will be validated before executing the corresponding business.
One thing to understand is that although a meta transaction is GasLess gas free),it does not mean there is no need for a fee. Whether or not a fee is required,and what kind of asset is paid as a fee,mainly depends on the intermediary. Generally speaking,mainstream tokens can be used for payment,so you need to sign another meta transaction that pays the fee to the intermediary.
In summary,the essence of meta transactions is a set of information vouchers,which are proof of the user's expected behavior and have real executable power. Third parties can use this information to perform the desired actions on behalf of the user.
0x2ERC20 Permit EIP-2612)
Scenario continues: When you are preparing to purchase ETH as a transaction fee,you suddenly realize that USDC supports meta transactions and only needs to sign a message to complete the authorization,which is simply not too convenient!
ERC20 is the implementation standard for creating token on Ethereum,but it does not support meta transaction. If the token needs to support authorization meta transaction,it needs to be extended according to the EIP-2612 specification,as follows:
Three new Functions have been added:
Function Permitaddressowner,addressspender,UintValue,Uintdeadline,Uint8v,bytes32r,bytes32s)ExternalFunction Noncesaddressowner)External view returns Uint)Function DOMAIN_ SEPARATOR)External view returns bytes32)- Permitapprove
- NoncesnoncePermitnonce
- DOMAIN_ SEPARATORchainIdEVMETCBSC
Permituniswap
https://github.com/Uniswap/v2-core/blob/master/contracts/UniswapV2ERC20.sol
Function PermitAddressowner,addressspender,Uint Value,Uint deadline,Uint8 v,bytes32 r,bytes32 s)External { requiredeadline >= block.timestamp,'UniswapV2: EXPIRED'); bytes32 digest = keccak256 abi.encodePacked 'x19x01', DOMAIN_ SEPARATOR, keccak256abi.encodePERMIT_TYPEHASH,owner,spender,Value,Nonces[owner]++,deadline)) ) ); address recoveredAddress = ecrecoverdigest,v,r,s); requirerecoveredAddress != address0) && recoveredAddress == owner,UniswapV2: INVALID_ Signature '); _approveowner,spender,ValueA few short lines of code show that after signature verification and other checks, authorization operations are executed, so the entire process is actually very simple. The user completes the off chain signature, and the relay makes the on chain call, that's all.
0x3 hidden danger
Scenario end: The wallet pops up with a 'request for signature' message, which you may not understand. However, the wallet does not have any warning messages and there is no need to spend money. You easily complete the confirmation, and after two minutes, all the USDCs in your wallet disappear
1. Mainstream currency support
ERC20-Permit
- USDC
- DAI
- UNI
- 1 INCH
- ENS
2. Missing warning message
Compared to approved authorization phishing, wallet has almost no warning for meta transaction authorization. The following tests the latest version of mainstream wallet warnings
MetaMask, no special reminders
TokenPocket, no special reminders, signature content not processed
Imtoken, no special reminder
3. Strong concealment
Traditional authorization phishing leaves an approval record on the chain, while meta transaction phishing is completely an off chain behavior that can affect the on chain behavior. For users whose meta transaction signatures have been leaked, it is a time bomb and not yet known.
4. Low cost
For operations that require going up the chain, users may be relatively cautious due to operational costs and other reasons, but for offline signatures, they will be much more relaxed and cost free, making it difficult for users to realize that signing operations can also affect asset security.
5. Difficult to understand
In addition to the ERC20 authorization meta transaction based on EIP-2612, there are also many self designed meta transaction implementations by project parties, which are non-standard and therefore cannot be understood by wallets and generate corresponding warnings, making it difficult for users to understand their meanings.
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])
