Hi @miohtama ,
The user experience of two transactions is definitely problematic.various developing standards for approve and call mechanisms.
I would suggest looking at the OpenZeppelin Contracts implementation of ERC777 (https://docs.openzeppelin.com/contracts/2.x/erc777 ).
PoolTogether uses ERC777 and you could look at the audit report and PoolTogether’s audit disclosures:
An alternate option could be looking at something like Dai’s permit function.
function permit(address holder, address spender, uint256 nonce, uint256 expiry,
bool allowed, uint8 v, bytes32 r, bytes32 s) external
{
bytes32 digest =
keccak256(abi.encodePacked(
"\x19\x01",
DOMAIN_SEPARATOR,
keccak256(abi.encode(PERMIT_TYPEHASH,
holder,
spender,
nonce,
expiry,
allowed))
));
require(holder != address(0), "Dai/invalid-address-0");
require(holder == ecrecover(digest, v, r, s), "Dai/invalid-permit");
require(expiry == 0 || now <= expiry, "Dai/permit-expired");
require(nonce == nonces[holder]++, "Dai/invalid-nonce");
uint wad = allowed ? uint(-1) : 0;
show original