Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PSP22 and ERC20 are very inconvenient and somehow unsecure for every user. These problems come from the mechanism of giving other accounts an allowance to spend tokens.
A lot of users' transactions include interaction with smart contracts (like Dexes, Lending Protocols, Yield Optimizers, Bridges, etc.) that want to spend users' tokens. In most of the DeFi platforms users before interaction with the smart contract need to give the smart contract allowance, so it is allowed to access the users' funds.
Such a design creates inconvenience and unnecessary costs for DeFi users because they need to send two transactions.
Moreover, it puts additional responsibility and unnecessary risk on the user. Until very recently, when giving allowance to the smart contract most platforms and wallets by default vere set U256_MAX as the "amount to be allowed" parameter. This is of course, very convenient for the user if he wants to interact with the smart contract often but it also creates the risk in the case of the smart contract upgrade. If the smart contract logic is maliciously upgraded then the user is at risk of losing all of his funds. Thus we can see that the design we have right now (PSP22 and ERC20) put users at play between convenience and risk.
Here I propose a modified PSP22 token that solves these problems. The idea is to add an additional method transfer_from_with_signature(from: AccountId, to: AccountId, value: Balamce, signature: [u8], data: [u8] ) which allows transferring "value" of tokens from account "from" to account "to" without the need of account "to" to have an allowance from account "from" but with the need to provide the appropriate message signed by the account "from". The signed message should be Encoded struct {from: AccountId, to: AccountId, value: Balamce, data: [u8] }.