51 lines
2.4 KiB
Markdown
51 lines
2.4 KiB
Markdown
# PRD — Gasless Buyer Payments (Roadmap)
|
|
|
|
Status: **Roadmap / future improvement** for full gasless payments. The partial permit-approval relay shipped on backend `integrate-main-into-development` at `3a50dc4`.
|
|
|
|
## Background
|
|
|
|
The in-house checkout (Request Network fee-proxy + amn.scanner) has the buyer:
|
|
1. **approve** the RN fee-proxy to spend their token (on-chain tx, gas), then
|
|
2. **pay** via `transferFromWithReferenceAndFee` (on-chain tx, gas).
|
|
|
|
We want the buyer to pay **gasless** (sign only, never spend native gas) when the
|
|
token supports it.
|
|
|
|
## Partial (shipped — permit-approval only)
|
|
|
|
For EIP-2612 permit-capable tokens (USDC on mainnet/Base/Arbitrum/Polygon — see
|
|
`PERMIT_CAPABLE_TOKENS` in `sweepService.ts`; **mainnet USDT has NO permit**):
|
|
- Buyer signs an EIP-2612 **permit** (gasless signature) granting allowance to the
|
|
fee-proxy.
|
|
- A backend **relayer** broadcasts `token.permit(...)` (relayer pays that gas).
|
|
- Buyer still pays gas for the **transfer** (`transferFromWithReferenceAndFee`).
|
|
|
|
Net: removes the *approve* tx gas only. USDC-only. The buyer still sends 1 tx.
|
|
|
|
## Full gasless (THIS roadmap item — NOT done)
|
|
|
|
**Blocker:** `transferFromWithReferenceAndFee` pulls tokens from **`msg.sender`**,
|
|
so a relayer calling it would pull from the *relayer*, not the buyer. A relayer
|
|
cannot broadcast the payment on the buyer's behalf with the current contract.
|
|
|
|
To make the buyer fully gasless (sign only), build ONE of:
|
|
|
|
1. **Meta-tx forwarder / custom payment proxy** — a contract that accepts a buyer
|
|
EIP-2612 permit + a signed payment intent, then `transferFrom(buyer, …)` while
|
|
the **relayer** is `msg.sender` and sponsors gas. Requires a deployed,
|
|
audited contract + funded relayer wallet + replay/abuse protection.
|
|
2. **ERC-4337 account abstraction + paymaster** — buyer ops sponsored by a
|
|
paymaster. Requires bundler + paymaster funding + smart-account UX.
|
|
|
|
### Requirements / open questions
|
|
- Deployed contract (forwarder or AA stack) per supported chain.
|
|
- Funded relayer/paymaster wallet; gas-cost accounting (who eats the gas, caps).
|
|
- Abuse controls: bind each sponsored op to a real pending payment
|
|
(paymentId + buyer + spender + amount), rate-limit, deadline.
|
|
- Non-permit tokens (mainnet USDT) can never be permit-gasless — needs AA or a
|
|
pre-funded-allowance flow.
|
|
|
|
### Out of scope
|
|
- The partial permit-approval flow (separate, smaller change).
|
|
- Production relayer funding/ops.
|