# PRD — Gasless Buyer Payments (Roadmap) Status: **Roadmap / future improvement** for full gasless payments. The partial permit-approval relay shipped on backend `integrate-main-into-development` at `3a50dc4`. ## Background The in-house checkout (Request Network fee-proxy + amn.scanner) has the buyer: 1. **approve** the RN fee-proxy to spend their token (on-chain tx, gas), then 2. **pay** via `transferFromWithReferenceAndFee` (on-chain tx, gas). We want the buyer to pay **gasless** (sign only, never spend native gas) when the token supports it. ## Partial (shipped — permit-approval only) For EIP-2612 permit-capable tokens (USDC on mainnet/Base/Arbitrum/Polygon — see `PERMIT_CAPABLE_TOKENS` in `sweepService.ts`; **mainnet USDT has NO permit**): - Buyer signs an EIP-2612 **permit** (gasless signature) granting allowance to the fee-proxy. - A backend **relayer** broadcasts `token.permit(...)` (relayer pays that gas). - Buyer still pays gas for the **transfer** (`transferFromWithReferenceAndFee`). Net: removes the *approve* tx gas only. USDC-only. The buyer still sends 1 tx. ## Full gasless (THIS roadmap item — NOT done) **Blocker:** `transferFromWithReferenceAndFee` pulls tokens from **`msg.sender`**, so a relayer calling it would pull from the *relayer*, not the buyer. A relayer cannot broadcast the payment on the buyer's behalf with the current contract. To make the buyer fully gasless (sign only), build ONE of: 1. **Meta-tx forwarder / custom payment proxy** — a contract that accepts a buyer EIP-2612 permit + a signed payment intent, then `transferFrom(buyer, …)` while the **relayer** is `msg.sender` and sponsors gas. Requires a deployed, audited contract + funded relayer wallet + replay/abuse protection. 2. **ERC-4337 account abstraction + paymaster** — buyer ops sponsored by a paymaster. Requires bundler + paymaster funding + smart-account UX. ### Requirements / open questions - Deployed contract (forwarder or AA stack) per supported chain. - Funded relayer/paymaster wallet; gas-cost accounting (who eats the gas, caps). - Abuse controls: bind each sponsored op to a real pending payment (paymentId + buyer + spender + amount), rate-limit, deadline. - Non-permit tokens (mainnet USDT) can never be permit-gasless — needs AA or a pre-funded-allowance flow. ### Out of scope - The partial permit-approval flow (separate, smaller change). - Production relayer funding/ops.