npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@leelongxi/permit2

v1.0.0

Published

Low-overhead, next generation token approval/meta-tx system to make token approvals easier, more secure, and more consistent across applications

Downloads

75

Readme

permit2

Permit2 introduces a low-overhead, next-generation token approval/meta-tx system to make token approvals easier, more secure, and more consistent across applications.

Features

  • Signature Based Approvals: Any ERC20 token, even those that do not support EIP-2612, can now use permit style approvals. This allows applications to have a single transaction flow by sending a permit signature along with the transaction data when using Permit2 integrated contracts.
  • Batched Token Approvals: Set permissions on different tokens to different spenders with one signature.
  • Signature Based Token Transfers: Owners can sign messages to transfer tokens directly to signed spenders, bypassing setting any allowance. This means that approvals aren't necessary for applications to receive tokens and that there will never be hanging approvals when using this method. The signature is valid only for the duration of the transaction in which it is spent.
  • Batched Token Transfers: Transfer different tokens to different recipients with one signature.
  • Safe Arbitrary Data Verification: Verify any extra data by passing through a witness hash and witness type. The type string must follow the EIP-712 standard.
  • Signature Verification for Contracts: All signature verification supports EIP-1271 so contracts can approve tokens and transfer tokens through signatures.
  • Non-monotonic Replay Protection: Signature based transfers use unordered, non-monotonic nonces so that signed permits do not need to be transacted in any particular order.
  • Expiring Approvals: Approvals can be time-bound, removing security concerns around hanging approvals on a wallet’s entire token balance. This also means that revoking approvals do not necessarily have to be a new transaction since an approval that expires will no longer be valid.
  • Batch Revoke Allowances: Remove allowances on any number of tokens and spenders in one transaction.

Architecture

Permit2 is the union of two contracts: AllowanceTransfer and SignatureTransfer.

The SignatureTransfer contract handles all signature-based transfers, meaning that an allowance on the token is bypassed and permissions to the spender only last for the duration of the transaction that the one-time signature is spent.

The AllowanceTransfer contract handles setting allowances on tokens, giving permissions to spenders on a specified amount for a specified duration of time. Any transfers that then happen through the AllowanceTransfer contract will only succeed if the proper permissions have been set.

Integrating with Permit2

Before integrating, contracts can request users’ tokens through Permit2, users must approve the Permit2 contract through the specific token contract. To see a detailed technical reference, visit the Uniswap documentation site.

Note on viaIR compilation

Permit2 uses viaIR compilation, so importing and deploying it in an integration for tests will require the integrating repository to also use viaIR compilation. This is often quite slow, so can be avoided using the precompiled DeployPermit2 utility:

import {DeployPermit2} from "permit2/test/utils/DeployPermit2.sol";

contract MyTest is DeployPermit2 {
    address permit2;

    function setUp() public {
        permit2 = deployPermit2();
    }
}

Bug Bounty

This repository is subject to the Uniswap Labs Bug Bounty program, per the terms defined here.

Contributing

You will need a copy of Foundry installed before proceeding. See the installation guide for details.

Setup

git clone https://github.com/Uniswap/permit2.git
cd permit2
forge install

Lint

forge fmt [--check]

Run Tests

# unit
forge test

# integration
source .env
FOUNDRY_PROFILE=integration forge test

Update Gas Snapshots

forge snapshot

Deploy

Run the command below. Remove --broadcast, ---rpc-url, --private-key and --verify options to test locally

forge script --broadcast --rpc-url <RPC-URL> --private-key <PRIVATE_KEY> --verify script/DeployPermit2.s.sol:DeployPermit2

Acknowledgments

Inspired by merklejerk's permit-everywhere contracts which introduce permit based approvals for all tokens regardless of EIP2612 support.