Skip to content

Add EIP-6464: Multi-operator, per-token ERC721 approval#6464

Merged
eth-bot merged 15 commits intoethereum:masterfrom
proofxyz:erc721-per-token-approvals
Mar 3, 2023
Merged

Add EIP-6464: Multi-operator, per-token ERC721 approval#6464
eth-bot merged 15 commits intoethereum:masterfrom
proofxyz:erc721-per-token-approvals

Conversation

@ARR4N
Copy link
Contributor

@ARR4N ARR4N commented Feb 8, 2023
edited by github-actions bot
Loading

Abstract

The ERC721 standard did not foresee the approval of multiple operators to manage a specific token on behalf of its owner. This lead to the establishment of setApprovalForAll() as the predominant way to authorise operators, which affords the approved address control over all assets and creates an unnecessarily broad security risk that has already been exploited in a multitude of phishing attacks. The presented EIP extends ERC721 by introducing a fine-grained, on-chain approval mechanism that allows owners to authorise multiple, specific operators on a per-token basis; this removes unnecessary access permissions and shrinks the surface for exploits to a minimum. The provided reference implementation further enables cheap revocation of all approvals on a per-owner or per-token basis.

TL;DR

Extend ERC721 with setExplicitApproval(address operator, uint256 tokenId, bool approved) to allow NFT owners to avoid use of setApprovalForAll() when selling on multiple marketplaces.

@ARR4N ARR4N requested a review from eth-bot as a code owner February 8, 2023 15:53
@github-actions github-actions bot added the s-draft This EIP is a Draft label Feb 8, 2023
@eth-bot
Copy link
Collaborator

eth-bot commented Feb 8, 2023
edited
Loading

All reviewers have approved. Auto merging...

@github-actions github-actions bot added the w-ci Waiting on CI to pass label Feb 8, 2023
@ARR4N ARR4N changed the title Multi-operator, per-token ERC721 approval Add EIP: Multi-operator, per-token ERC721 approval Feb 8, 2023
@github-actions github-actions bot added c-new Creates a brand new proposal t-erc and removed w-ci Waiting on CI to pass labels Feb 8, 2023
@ARR4N
Copy link
Contributor Author

ARR4N commented Feb 9, 2023

We've addressed all linter issues, including eth-bot's (using the presumptive EIP number 6464 based on the PR; it's a nice number so we'd love to keep it if possible, please).

I'll try get eth-bot to rerun in another comment but am guessing permissions won't allow it :)

@ARR4N
Copy link
Contributor Author

ARR4N commented Feb 9, 2023

@eth-bot rerun

1 similar comment
@Pandapip1
Copy link
Member

Pandapip1 commented Feb 24, 2023

@eth-bot rerun

@eth-bot eth-bot added e-consensus Waiting on editor consensus e-review Waiting on editor to review labels Feb 24, 2023
Pandapip1
Pandapip1 suggested changes Feb 24, 2023
View reviewed changes
Copy link
Member

@Pandapip1 Pandapip1 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rebase the branch. Your walidator version is outdated.

@github-actions github-actions bot added the w-ci Waiting on CI to pass label Feb 24, 2023
ARR4N and others added 12 commits February 25, 2023 11:01
@ARR4N
EIP Motivation and Specification for "Multi-operator, per-token ERC72…
569bba0 
…1 approval."
@ARR4N
Add remaining authors' names
a9265d6
@ARR4N
Interface overhaul with explanation in EIP markdown.
74dbf3b
@ARR4N
Add Abstract and @dev note about interplay with `setApprovalForAl…
1ef88db 
…l()`.
@ARR4N
Partial response to cxkoda review
26ee190
@ARR4N
Full response to cxkoda review
9935a2a
@ARR4N
Explicitly include OZ IERC{165,721}.sol instead of using a submodule
e072772
@ARR4N
Minor typo and wording changes to draft.
dfe2b88
@ARR4N
Prune authors to active participants as they can always be re-added l…
b508b46 
…ater
@aschlosberg
Revert .gitignore so as to not change it in the EIP draft (#7)
749689f
@aschlosberg
Set presumptive EIP number and fix linter complaints (#5)
8202523 
* Rename files and directories to include EIP number

* Address linter (`EIP Walidator`) issues

* Add presumed EIP number based on PR: 6464

* Revert `.gitignore` to get through initial draft acceptance

* Do the last commit properly ;)

* Add ERC category
@aschlosberg
Fix linter issues (#8)
7568b28
@github-actions
Copy link

github-actions bot commented Feb 25, 2023

The commit 7568b28 (as a parent of 38812c8) contains errors.
Please inspect the Run Summary for details.

Pandapip1
Pandapip1 suggested changes Feb 26, 2023
View reviewed changes
Copy link
Member

@Pandapip1 Pandapip1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix the walidator issues

@ARR4N
Copy link
Contributor Author

ARR4N commented Feb 26, 2023

@eth-bot rerun

@github-actions github-actions bot removed the w-ci Waiting on CI to pass label Feb 26, 2023
@ARR4N
Copy link
Contributor Author

ARR4N commented Feb 26, 2023

Thanks for taking a look, @Pandapip1, all walidator issues have been addressed.

@ARR4N ARR4N requested a review from Pandapip1 February 26, 2023 19:00
Pandapip1
Pandapip1 suggested changes Feb 27, 2023
View reviewed changes
@ARR4N
Copy link
Contributor Author

ARR4N commented Feb 28, 2023

I couldn't just swap out MIT for CC0 as those were OpenZeppelin versions, so I've replaced them with the originals from the EIPs themselves. Also changed ours to CC0 as requested.

@ARR4N ARR4N requested a review from Pandapip1 February 28, 2023 09:59
Pandapip1
Pandapip1 reviewed Feb 28, 2023
View reviewed changes
@ARR4N ARR4N requested a review from Pandapip1 February 28, 2023 14:36
@ARR4N ARR4N changed the title Add EIP: Multi-operator, per-token ERC721 approval Add EIP-6464: Multi-operator, per-token ERC721 approval Feb 28, 2023
Pandapip1
Pandapip1 approved these changes Mar 3, 2023
View reviewed changes
Copy link
Member

@Pandapip1 Pandapip1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still not sure that I understand this, but it looks complete and has no obvious errors. Hopefully you can make this a bit clearer before Review.

@eth-bot eth-bot enabled auto-merge (squash) March 3, 2023 18:56
@eth-bot eth-bot merged commit 607ec5d into ethereum:master Mar 3, 2023
@ARR4N
Copy link
Contributor Author

ARR4N commented Mar 3, 2023

I'm still not sure that I understand this, but it looks complete and has no obvious errors. Hopefully you can make this a bit clearer before Review.

Thanks for the reviews, @Pandapip1. Are we allowed to include lay descriptions in the Abstract? The template says it must be technical and very terse, but I think something like the following would go a long way to clarify:

The only way to sell NFTs on more than one marketplace simultaneously is to approve each marketplace to manage all of your tokens on a contract, not just the single token you wish to sell. This EIP introduces a fine-grained way to approve only specific token(s) and thus reduce the security risk from phishing scams that piggyback off marketplace contracts.

alexanderramos89
alexanderramos89 reviewed Mar 3, 2023
View reviewed changes
Copy link

@alexanderramos89 alexanderramos89 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those looks great thank you !

fulldecent pushed a commit to fulldecent/EIPs that referenced this pull request Mar 13, 2023
@aschlosberg @fulldecent
Add EIP-6464: Multi-operator, per-token ERC721 approval (ethereum#6464)
1a903f1 
* EIP Motivation and Specification for "Multi-operator, per-token ERC721 approval."

* Add remaining authors' names

* Interface overhaul with explanation in EIP markdown.

* Add `Abstract` and `@dev` note about interplay with `setApprovalForAll()`.

* Partial response to cxkoda review

* Full response to cxkoda review

* Explicitly include OZ `IERC{165,721}.sol` instead of using a submodule

* Minor typo and wording changes to draft.

* Prune authors to active participants as they can always be re-added later

* Revert `.gitignore` so as to not change it in the EIP draft (ethereum#7)

* Set presumptive EIP number and fix linter complaints (ethereum#5)

* Rename files and directories to include EIP number

* Address linter (`EIP Walidator`) issues

* Add presumed EIP number based on PR: 6464

* Revert `.gitignore` to get through initial draft acceptance

* Do the last commit properly ;)

* Add ERC category

* Fix linter issues (ethereum#8)

* Update EIP- references to ERC-

* Remove OpenZeppelin interfaces and replace with original EIP versions; change 6464 license to CC0

* Add `solidity` language tag to code block
axelcabee pushed a commit to axelcabee/EIPs that referenced this pull request May 6, 2023
@aschlosberg @axelcabee
Add EIP-6464: Multi-operator, per-token ERC721 approval (ethereum#6464)
1025f9b 
* EIP Motivation and Specification for "Multi-operator, per-token ERC721 approval."

* Add remaining authors' names

* Interface overhaul with explanation in EIP markdown.

* Add `Abstract` and `@dev` note about interplay with `setApprovalForAll()`.

* Partial response to cxkoda review

* Full response to cxkoda review

* Explicitly include OZ `IERC{165,721}.sol` instead of using a submodule

* Minor typo and wording changes to draft.

* Prune authors to active participants as they can always be re-added later

* Revert `.gitignore` so as to not change it in the EIP draft (ethereum#7)

* Set presumptive EIP number and fix linter complaints (ethereum#5)

* Rename files and directories to include EIP number

* Address linter (`EIP Walidator`) issues

* Add presumed EIP number based on PR: 6464

* Revert `.gitignore` to get through initial draft acceptance

* Do the last commit properly ;)

* Add ERC category

* Fix linter issues (ethereum#8)

* Update EIP- references to ERC-

* Remove OpenZeppelin interfaces and replace with original EIP versions; change 6464 license to CC0

* Add `solidity` language tag to code block
GAEAlimited pushed a commit to GAEAlimited/EIPs that referenced this pull request Jun 19, 2024
@aschlosberg @GAEAlimited
Add EIP-6464: Multi-operator, per-token ERC721 approval (ethereum#6464)
a5299b0 
* EIP Motivation and Specification for "Multi-operator, per-token ERC721 approval."

* Add remaining authors' names

* Interface overhaul with explanation in EIP markdown.

* Add `Abstract` and `@dev` note about interplay with `setApprovalForAll()`.

* Partial response to cxkoda review

* Full response to cxkoda review

* Explicitly include OZ `IERC{165,721}.sol` instead of using a submodule

* Minor typo and wording changes to draft.

* Prune authors to active participants as they can always be re-added later

* Revert `.gitignore` so as to not change it in the EIP draft (#7)

* Set presumptive EIP number and fix linter complaints (#5)

* Rename files and directories to include EIP number

* Address linter (`EIP Walidator`) issues

* Add presumed EIP number based on PR: 6464

* Revert `.gitignore` to get through initial draft acceptance

* Do the last commit properly ;)

* Add ERC category

* Fix linter issues (#8)

* Update EIP- references to ERC-

* Remove OpenZeppelin interfaces and replace with original EIP versions; change 6464 license to CC0

* Add `solidity` language tag to code block
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eth-bot eth-bot eth-bot approved these changes

+2 more reviewers

@alexanderramos89 alexanderramos89 alexanderramos89 left review comments

@Pandapip1 Pandapip1 Pandapip1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

c-new Creates a brand new proposal e-consensus Waiting on editor consensus e-review Waiting on editor to review s-draft This EIP is a Draft t-erc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ARR4N @eth-bot @Pandapip1 @alexanderramos89 @aschlosberg