Files
nick-doc/PRD - Gasless Buyer Payments (Roadmap).md

51 lines
2.4 KiB
Markdown

# PRD — Gasless Buyer Payments (Roadmap)
Status: **Roadmap / future improvement** for full gasless payments. The partial permit-approval relay shipped on backend `integrate-main-into-development` at `3a50dc4`.
## Background
The in-house checkout (Request Network fee-proxy + amn.scanner) has the buyer:
1. **approve** the RN fee-proxy to spend their token (on-chain tx, gas), then
2. **pay** via `transferFromWithReferenceAndFee` (on-chain tx, gas).
We want the buyer to pay **gasless** (sign only, never spend native gas) when the
token supports it.
## Partial (shipped — permit-approval only)
For EIP-2612 permit-capable tokens (USDC on mainnet/Base/Arbitrum/Polygon — see
`PERMIT_CAPABLE_TOKENS` in `sweepService.ts`; **mainnet USDT has NO permit**):
- Buyer signs an EIP-2612 **permit** (gasless signature) granting allowance to the
fee-proxy.
- A backend **relayer** broadcasts `token.permit(...)` (relayer pays that gas).
- Buyer still pays gas for the **transfer** (`transferFromWithReferenceAndFee`).
Net: removes the *approve* tx gas only. USDC-only. The buyer still sends 1 tx.
## Full gasless (THIS roadmap item — NOT done)
**Blocker:** `transferFromWithReferenceAndFee` pulls tokens from **`msg.sender`**,
so a relayer calling it would pull from the *relayer*, not the buyer. A relayer
cannot broadcast the payment on the buyer's behalf with the current contract.
To make the buyer fully gasless (sign only), build ONE of:
1. **Meta-tx forwarder / custom payment proxy** — a contract that accepts a buyer
EIP-2612 permit + a signed payment intent, then `transferFrom(buyer, …)` while
the **relayer** is `msg.sender` and sponsors gas. Requires a deployed,
audited contract + funded relayer wallet + replay/abuse protection.
2. **ERC-4337 account abstraction + paymaster** — buyer ops sponsored by a
paymaster. Requires bundler + paymaster funding + smart-account UX.
### Requirements / open questions
- Deployed contract (forwarder or AA stack) per supported chain.
- Funded relayer/paymaster wallet; gas-cost accounting (who eats the gas, caps).
- Abuse controls: bind each sponsored op to a real pending payment
(paymentId + buyer + spender + amount), rate-limit, deadline.
- Non-permit tokens (mainnet USDT) can never be permit-gasless — needs AA or a
pre-funded-allowance flow.
### Out of scope
- The partial permit-approval flow (separate, smaller change).
- Production relayer funding/ops.