docs: sync from backend 3a50dc4 - promote postgres integration
This commit is contained in:
50
PRD - Gasless Buyer Payments (Roadmap).md
Normal file
50
PRD - Gasless Buyer Payments (Roadmap).md
Normal file
@@ -0,0 +1,50 @@
|
||||
# PRD — Gasless Buyer Payments (Roadmap)
|
||||
|
||||
Status: **Roadmap / future improvement** for full gasless payments. The partial permit-approval relay shipped on backend `integrate-main-into-development` at `3a50dc4`.
|
||||
|
||||
## Background
|
||||
|
||||
The in-house checkout (Request Network fee-proxy + amn.scanner) has the buyer:
|
||||
1. **approve** the RN fee-proxy to spend their token (on-chain tx, gas), then
|
||||
2. **pay** via `transferFromWithReferenceAndFee` (on-chain tx, gas).
|
||||
|
||||
We want the buyer to pay **gasless** (sign only, never spend native gas) when the
|
||||
token supports it.
|
||||
|
||||
## Partial (shipped — permit-approval only)
|
||||
|
||||
For EIP-2612 permit-capable tokens (USDC on mainnet/Base/Arbitrum/Polygon — see
|
||||
`PERMIT_CAPABLE_TOKENS` in `sweepService.ts`; **mainnet USDT has NO permit**):
|
||||
- Buyer signs an EIP-2612 **permit** (gasless signature) granting allowance to the
|
||||
fee-proxy.
|
||||
- A backend **relayer** broadcasts `token.permit(...)` (relayer pays that gas).
|
||||
- Buyer still pays gas for the **transfer** (`transferFromWithReferenceAndFee`).
|
||||
|
||||
Net: removes the *approve* tx gas only. USDC-only. The buyer still sends 1 tx.
|
||||
|
||||
## Full gasless (THIS roadmap item — NOT done)
|
||||
|
||||
**Blocker:** `transferFromWithReferenceAndFee` pulls tokens from **`msg.sender`**,
|
||||
so a relayer calling it would pull from the *relayer*, not the buyer. A relayer
|
||||
cannot broadcast the payment on the buyer's behalf with the current contract.
|
||||
|
||||
To make the buyer fully gasless (sign only), build ONE of:
|
||||
|
||||
1. **Meta-tx forwarder / custom payment proxy** — a contract that accepts a buyer
|
||||
EIP-2612 permit + a signed payment intent, then `transferFrom(buyer, …)` while
|
||||
the **relayer** is `msg.sender` and sponsors gas. Requires a deployed,
|
||||
audited contract + funded relayer wallet + replay/abuse protection.
|
||||
2. **ERC-4337 account abstraction + paymaster** — buyer ops sponsored by a
|
||||
paymaster. Requires bundler + paymaster funding + smart-account UX.
|
||||
|
||||
### Requirements / open questions
|
||||
- Deployed contract (forwarder or AA stack) per supported chain.
|
||||
- Funded relayer/paymaster wallet; gas-cost accounting (who eats the gas, caps).
|
||||
- Abuse controls: bind each sponsored op to a real pending payment
|
||||
(paymentId + buyer + spender + amount), rate-limit, deadline.
|
||||
- Non-permit tokens (mainnet USDT) can never be permit-gasless — needs AA or a
|
||||
pre-funded-allowance flow.
|
||||
|
||||
### Out of scope
|
||||
- The partial permit-approval flow (separate, smaller change).
|
||||
- Production relayer funding/ops.
|
||||
Reference in New Issue
Block a user