Why is there the owner in the Permit typehash? Why it does not use directly the signer got from the EIP712 signature? If someone could make me understand the rationale of this design choice i would be grateful.
Hello @akerbabber
The designers of the standard had two option:
- include the "from" in the query, use it to recover the corresponding nonce, add the nonce the structure, and then verify the signature matches the from
- include the nonce in the query, use it to recover the signer, and then verify the nonce of the signer matches the one provided.
ERC-2612 decided to use the first option. ERC-5805 uses the second option. I tend to prefer the second option, because its easier to dump old message once the nonce is used. In the first option, you really can't say if a signature is valid or not, unless you can guess which nonce should be used (that is an issue if you have multiple messages pending relaying).
Note that OZ did not come up with ERC-2612, so you should ask the author (@Mrchico) why he took that decision in 2020.
Thank you for the exhaustive answer. Following this clarification I will define typehashes always including the signer.
bytes32 public constant MINT_TYPEHASH =
keccak256("Mint(address signer, address to,uint256 amount,uint256 nonce,uint256 deadline)");
instead of
bytes32 public constant MINT_TYPEHASH =
keccak256("Mint(address to,uint256 amount,uint256 nonce,uint256 deadline)");