Description:
MetaMask has a security focused feature that encourages users to set limited spending caps for their tokens when prompted for approvals. The motivation for this is clear - specifically, this reduces the potential of long living allowances (unlimited approvals) that could be later be exploited.
However, there are certain scenarios where encouraging limited spending caps is highly disruptive while not providing significant security. One clear instance of this is users making approvals to Permit 2. Permit2 is a contract that allows any ERC20 token to leverage gasless, time limited way for users to allow token transfers out of their wallets (approvals).
By pushing the user to make limited spending cap approvals to Permit2, we reduce it’s effectiveness because having spent the spending cap, the user must again submit an on chain approval to continue using Permit2 gassless approvals. A user which fully spends and acquires a token frequently will be required to approve permit2 multiple times.
Purpose:
Given that Permit2 is already a highly tested and trusted contract in the eco system, for which users also have a high level expectation for user experience:
We propose to allow approvals to the canonical Permit2 contracts to skip the spending cap input page. This would be functionally similar to approvals originating from MetaMask’s portfolio application which are also afforded this benefit.
Extension/Mobile/Both:
Both
Images/Attacments:
