Modifying ERC20 - transferFrom without allowance(for trusted contracts)

I thought it would be a better user-experience(as well as gas savings) if users didn't have to approve(give allowance) to the contract for transferring the tokens.

So in the ERC20 token contract i would just create a new function that allows transfers without allowance. And the function can only be called by a trusted contract

contract BlahBlah is ERC20 {
	function transferToken(address sender, address recipient, uint256 amount) public returns (bool) {
			require(msg.sender == trustedContract);
			_transfer(sender, recipient, amount);
			return true;

Is this a good idea? Most sites give infinite allowance anyways, so i think the security is about the same?
If someone managed to alter the address of the trustedContract they could hack the whole system anyways, so i think there are no security downfalls for this? Any critiques?

Hello @cocacol33

I'm not sure this is the right place to pitch ideas like that. You should probably share that here.

What you are proposing is not part of the ERC20 standard. It is also potentially very dangerous:

  • what if the trustedContract is compromised.
  • who whitelists the trustedContract?

If it is something you want, it should be very easy for your to override some function in the OZ contract to enable this behavior directly in the transferFrom (or adding a new function), but if I was a user I would move away from tokens with such capability.

Also note that we recently updated the behavior of infinite approvals to save some gas (not updating the approval amount).