POC feat[lang]: add EIP-3074 support #3958
Conversation
POC, add EIP-3074 support to the language via new `authcall` call type and `authorize()` builtin.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -32,7 +32,7 @@ | |||
| ) | |||
| from vyper.semantics.data_locations import DataLocation | |||
| from vyper.semantics.types.base import KwargSettings, VyperType | |||
| from vyper.semantics.types.primitives import BoolT | |||
| from vyper.semantics.types.primitives import BoolT, AddressT | |||
Check notice
Code scanning / CodeQL
Cyclic import Note
I feel like while it is not necessary to use a context manager based on how this EIP works, we might be able to ensure a little better level of safety by using one: from ethereum.ercs import IERC20
@external
def do_transfer(token: IERC20, receiver: address, amount: uint256, sig: Bytes[97]):
commit: bytes32 = abi_encode(...) # could be an empty bytes32 literal
with authorize(msg.sender, sig, commit=commit): # Calls `AUTH`
# NOTE: EIP-3074 doesn't require `token.approve` workflow
authcall token.transfer(receiver, amount) # happens within `authorize` context
# authcall outside of context raises compile-time exception |
prank? :) with prank(msg.sender, sig):
extcall token.transfer(receiver, amount)but yea it's a somewhat interesting design space because AUTH and AUTHCALL are actually so closely coupled. another possibility is authcall token.transfer(receiver, amount, auth=sig)or token = authorize(address, sig)
# "token" is a compile-time concept which gets erased at runtime
# it is invalidated at compile-time if any other call to `authorize()` happens
extcall token.transfer(receiver, amount, auth=token) |
should still be |
|
i think with any of the above techniques to link the AUTH invocation with AUTHCALL, we no longer need the |
actually, more I think about this the more I like it. the assert extcall token.transfer(receiver, amount, auth=...) # can't do this for obvious reasons
auth1 = authorize(acct1, sig1)
assert extcall token.transfer(receiver, amount, auth=auth1, default_return_value=True)
auth2 = authorize(acct2, sig2) # auth1 is now "stale"
assert extcall token.transfer(receiver, amount, auth=auth2, default_return_value=True)
assert extcall token.transfer(receiver, amount, auth=auth1, default_return_value=True) # raisesBest part is we don't have to argue what happens when you exit context, the context persists until we exit the call, or |
POC, add EIP-3074 support to the language via new
authcallcall type andauthorize()builtin.What I did
How I did it
How to verify it
example usage:
Commit message
Commit message for the final, squashed PR. (Optional, but reviewers will appreciate it! Please see our commit message style guide for what we would ideally like to see in a commit message.)
Description for the changelog
Cute Animal Picture