x402 icon indicating copy to clipboard operation
x402 copied to clipboard
Published 1 month ago verified publisher icon coinbase

Add ERC20-Permit and Permit2 Support

Open AmazingAng opened this issue 2 months ago • 15 comments

Description

This PR introduces support for ERC20-Permit (EIP-2612) and Permit2 (Uniswap Universal Approval). It extends the x402 protocol to cover both ERC-2612 tokens and generic ERC20 tokens, providing broader compatibility across wallets and dApps.

Testing

Checklist

  • [x] EIP-2612 Permit Support
  • [x] Permit2 (Uniswap Universal Approval) Support
  • [x] Refactor schemas/evm directory
  • [x] permit-erc20 Example
  • [x] permit2-universal Example
  • [ ] Refactor x402-axios to support new standard
  • [ ] Refactor x402-express to support new standard
  • [ ] Refactor x402-fetch to support new standard
  • [ ] Refactor x402-hono to support new standard
  • [ ] Refactor x402-next to support new standard

AmazingAng avatar Oct 24 '25 10:10 AmazingAng

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

cb-heimdall avatar Oct 24 '25 10:10 cb-heimdall

@chongqiangchen is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

vercel[bot] avatar Oct 24 '25 10:10 vercel[bot]

@cb-heimdall @tsubasakong we encountered confusion in implementing the permit, because permit + transfer is a two-step process, and if multiple users access it simultaneously, it may cause this step to be interrupted. Do we need a contract to assist in this process?

dxiongya avatar Oct 24 '25 14:10 dxiongya

Another questions: I'm a bit confused about the use of two parameters in the current repository, maxAmountRequired and authorization.value, not sure which is the right one for me to use in settle?

dxiongya avatar Oct 24 '25 15:10 dxiongya

Hey, appreciate the effort to put this together, and we are working on a way to expand support for all erc20s that support permit, but I can't accept PR in this form because it goes against our trust minimizing principle of not allowing the facilitator to arbitrarily move funds (given a permit signature, there is not mechanism in this implementation that enforces the facilitator to move funds as the client expects. In general I'd recommend opening a PR with a spec for comment first.

Are you saying that users should control the flow of their money?

dxiongya avatar Oct 26 '25 07:10 dxiongya

Hey, appreciate the effort to put this together, and we are working on a way to expand support for all erc20s that support permit, but I can't accept PR in this form because it goes against our trust minimizing principle of not allowing the facilitator to arbitrarily move funds (given a permit signature, there is not mechanism in this implementation that enforces the facilitator to move funds as the client expects. In general I'd recommend opening a PR with a spec for comment first.

Thx for the reply. Do you have any suggestions that will enforces the facilitator to move funds as the client expects without having a new standard facilitator contract?

AmazingAng avatar Oct 26 '25 09:10 AmazingAng

One more question: How is facilitator compensated in x402? It spends gas to settle txns without any incentives at current setup.

AmazingAng avatar Oct 26 '25 09:10 AmazingAng

👍

qingfeng avatar Oct 27 '25 03:10 qingfeng

I think exposing the Permit2 EIP712 "with witness" feature would be amazing here. the client could then sign over other data with the same signature

zeroknots avatar Oct 27 '25 03:10 zeroknots

I think exposing the Permit2 EIP712 "with witness" feature would be amazing here. the client could then sign over other data with the same signature

yep, I found it too.

dxiongya avatar Oct 27 '25 04:10 dxiongya

@AmazingAng

https://github.com/coinbase/x402/pull/485#issuecomment-3448278738

Economics of a facilitator are market driven off chain (some facilitators may choose to charge SaaS fees to their customers)

erikreppel-cb avatar Oct 27 '25 20:10 erikreppel-cb

In the Permit signature, the Spender should be the facilitator's wallet address. However, since there can be multiple facilitators, how does the client discover and select the appropriate facilitator?

daydaylubi avatar Oct 30 '25 13:10 daydaylubi

Authorizing the facilitator creates a single point of failure risk. If the facilitator's wallet is compromised, it could lead to significant security issues. Right?

daydaylubi avatar Oct 30 '25 13:10 daydaylubi

Hey, appreciate the effort to put this together, and we are working on a way to expand support for all erc20s that support permit, but I can't accept PR in this form because it goes against our trust minimizing principle of not allowing the facilitator to arbitrarily move funds (given a permit signature, there is not mechanism in this implementation that enforces the facilitator to move funds as the client expects. In general I'd recommend opening a PR with a spec for comment first.

Hi, we submitted a spec PR for comment. It follows x402 trust minimizing priciples. #576

AmazingAng avatar Nov 05 '25 07:11 AmazingAng

In the Permit signature, the Spender should be the facilitator's wallet address. However, since there can be multiple facilitators, how does the client discover and select the appropriate facilitator?

Hi, we have changed our spec with EIP7702, so that buyers can directly permit seller wallet. #576

AmazingAng avatar Nov 05 '25 07:11 AmazingAng