Add ERC7674 (draft)

[Amxx]

ERC-7674 is still WIP, but having it implemented as a draft contract would be valuable for users

Pending discussions:

• if (value > 0) {...} in ERC20._spendAllowance vs if (value > 0) super._spendAllowance(...) in ERC20TemporaryApproval
  • remove _approve call when value is 0
  • skip super call if temporary allowance covers everything
• emit event when temporary allowance is set/updated ?

PR Checklist

• Tests
• Documentation
• Changeset entry (run npx changeset add)

[changeset-bot]

🦋 Changeset detected

Latest commit: f8c2e7d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
openzeppelin-solidity	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[ernestognw]

Didn't we decide against address poisoning for similar reasons we would decide against filtering value == 0?

[Amxx]

About address poisoning we decided to:

• not revert if value is 0 (for many reason)
• keep emitting the transfer event.

The changes here don't introduce a revert, and don't remove any event.

The logic here is the following:

• if the temporary allowance is enough, we should not sload/sstore the persistent value (otherwize it break the point of gas savings). So we can do it in two ways:
  • in ERC20TemporaryApproval._spendAllowance only do the super call if value > 0
    • this is bad practice if someone else overrides _spendAllowance
  • in ERC20 change the semantics of _spendAllowance to mean "if there is nothing to spend, we are good anyway".

If we look at ERC20._spendAllowance, this has the following impact

• if value = 0, currentAllowance cannot be smaller than value. ERC20InsufficientAllowance is never triggered, so the if doesn't change anything regarding the revert.
• if value is 0, 5.0 code does:
  • load the allowance (from a potentially overridable function)
  • substract zero from it
  • set it as the new allowance, without emitting an event.

So there is a change, we are no longer calling _approve with the current value. It may be possible to create edge cases where the missed call to an overrident _approve has an effect. IMO its a non issue.

[Amxx]

About address poisoning, it doesn't change the possibility of doing it (or not doing it). It makes it cheaper though, because the poisonning call would not read/write the zero allowance.

[Amxx]

@frangio curious to having your opinion on this if in the core ERC20.

[frangio]

It may be possible to create edge cases where the missed call to an overrident _approve has an effect.

Hm, I have a vague memory that this actually was a concern for a project once... It does seem quite risky to change this in a minor version.

[Amxx]

Could we implement this by overriding only allowance and _approve instead of _spendAllowance?

I have no idea how. In particular I'm not sure how to make transferFrom spend only temporary allowance, without touching the normal allowance, when the temporary allowance is enough

[frangio]

I think it's possible, but not without the same problem of not invoking super._approve. There seems to be no way around that.

[frangio]

• in ERC20TemporaryApproval._spendAllowance only do the super call if value > 0

  • this is bad practice if someone else overrides _spendAllowance

This is true, but it may be preferable than changing the behavior of ERC20 in a minor version. I think it's worth considering.

[Amxx]

Its what I used to do, before realizing there was a way to have the super call always happen.
I'm leanning toward the current version, but I'm open to re-using the old one

[Amxx]

As discussed, I re-implemented the old one.

It negativelly affect the tests because the error emitted in some edge conditions depends on _approve being called (with spender = 0 and value = 0).
See 0490902

[ernestognw]

This raises an interesting discussion about using events for signaling transient storage updates.
I first thought it shouldn't be needed, but it may disrupt indexers. The case I'm considering is when a company uses an indexer to report financial operations to authorities, for such cases there may be some transfer events they can't track because they were transient.

Whether it's relevant or not for most people is another discussion, but I see one of the main points of the ERC is to provide cheaper allowances, in that case, it'd be a matter of time before getting it widely adopted where possible.

What do you think?

[cairoeth]

IMO not having events would make it harder to look for historical activity/usage -- especially when transient operations will occur inside other contracts, so it's not as easy as just looking for the temporaryApproval selector in transactions' calldata.

i think that optimizations related to removing events is a separate discussion with regards to shadow logs.

[Amxx]

We already not have event to notify of allowance changes in transferFrom. Honestly, if we don't have those, I'm not sure why we would need one here.

On thing event are usefull for it tracking state changes ... but here, the (allowance) state doesn't really change. At the end of the tx its reset anyway. Its not like you are setting an allowance that will stay forever if you forger about it (that IMO needs to be notified)

[frangio]

I've thought about this in the past for ERC-6909X (a proposed extension I designed) and ended up deciding to make events a "SHOULD":

ERC-6909 requires Approval and OperatorSet events to be emitted when allowance and operator status respectively are set. ERC-6909X tokens SHOULD emit these events as part of temporary approvals for strict compliance. The omission of these events during temporary approvals may confuse indexers that rely on events to track allowances and operators. For example, an indexer that assumes the events are complete may conclude that a spender has zero allowance in a case where in fact it has non-zero allowance.

It's not a "MUST" because I understand that for max savings tokens would want to omit them.

But that was in the context of ERC-6909 compliance... which by default has transfer events that include the operator.

We already not have event to notify of allowance changes in transferFrom. Honestly, if we don't have those, I'm not sure why we would need one here.

This is a valid point.

[ernestognw]

IMO not having events would make it harder to look for historical activity/usage

Right. Based on other's comments I realize it's not a big deal since users may decide whether or not to add an event. That's the decision we took by removing the event from ERC20's _spendAllowance.

We already not have event to notify of allowance changes in transferFrom. Honestly, if we don't have those, I'm not sure why we would need one here.

Yes, I agree with this. The difference is that the event is not defined in this case whereas regular ERC20 users would identify the lack of the Approval event during testing and before deploying/upgrading.

Seems like this is a recommendation in the ERC already. It should be specific: https://github.com/ethereum/ERCs/pull/358/files#r1633892313

[cairoeth]

IMO not having events would make it harder to look for historical activity/usage -- especially when transient operations will occur inside other contracts, so it's not as easy as just looking for the temporaryApproval selector in transactions' calldata.

i think that optimizations related to removing events is a separate discussion with regards to shadow logs.

[ernestognw]

Suggested change

	*/
	* NOTE: This function skips calling `super._spendAllowance` if the temporary allowance
	* is enough to cover the spending.
	*/