Approve now and for the last time; finally.

Balmy
4 min readAug 8, 2023

In the constant tension that is the rapidly evolving ecosystem of web3, combined with the immutable nature of blockchains and old standards, there is an innovation that has been overlooked and under-leveraged by most: Permit2 (Universal Approval). This innovation can reduce the risk for every day users interacting with decentralized applications, and can also highly improve the user experience by reducing the amount of approvals submitted, signed and then subsequently forgotten.

On this article we are going to expand on how Mean Finance is going to leverage Permit2 to start bringing the promise of a safer and more user-friendly decentralized applications a reality.

Understanding Universal Approval (Permit2)

To understand what Permit2’s innovation is all about, one should at least have a basic understanding of how current user interactions with decentralized applications and tokens work, particularly the concept of ‘approvals’. On EVM blockchains, when a user wants an application to interact with their tokens, they need to give permissions to it first, specifying the amount authorize to use. This way, the contract can only use up to that approved amount, ensuring the safety of the user’s remaining tokens. This permission is known as an ‘approval’.

The downside of this process is that it requires users to pay gas fees when submitting the approval transaction, which can be costly, time-consuming (because they need to wait for the transaction to be confirmed) and difficult to explain to new users. So, more often than not, applications decide to grant themselves maximum allowances (usage of users’ tokens), to avoid having users constantly execute these authorizations: choosing user experience and cost reduction over safety (can’t blame them!).

⚠️ Don’t believe us? Check exactly how many applications can move your funds at Revoke Cash — try not to faint while doing so.

To address these issues, the Permit2 (Universal Approval) smart contract was introduced (yes, there is a Permit1, but… it’s complicated! moving on).

The first time a user interacts through Universal Approval (Permit2) the user experience is the same as with the traditional approval process. The user must give maximum allowance to the immutable Permit2 smart contract, a process which is no different from granting approval to any other application.

However, the magic of Universal Approval (Permit2) really comes into play after this first approval. With the initial allowance set, it allows users to grant permissions to applications to utilize their funds by simply signing off-chain messages. This eliminates the need for users to submit costly approval transactions or give maximum permissions to each application they interact with, limiting their on-chain risk factors.

The beauty of this process lies in its universal nature. Once a user has granted approval to Universal Approval (Permit2), they won’t have to repeat this process for any other application leveraging it. Thus, the more projects that adopt Universal Approvals, the more standardized and user-friendly the experience becomes for all other applications.

A more technical in-depth description of all of this can be checked out on Uniswap’s post about Permit2.

Mean Finance’s Innovation & Benefits for Decentralized Applications

At Mean we focus on creating tools that will allow users to have the power to choose, and decide what’s the best option for their needs. On that pursuit we created our meta-aggregator: an aggregator of dex aggregator (yay! another abstraction layer) that would allow users to quote and execute their trades on the best known places to trade on our ecosystem: Odos, 1inch, 0x, Paraswap, Rango, Portals, Wido, and more. This is available on more than 25 EVM chains.

By doing this, we recognized that users were constantly submitting exact approvals, or giving maximum allowances to multiple parties, which in turn creates massive attack vectors against them.

So, we put upon ourselves to help users be able to interact and execute on the best price in whichever aggregator it may be without having to sacrifice their own safety in the way. As a result of this we ended up creating a smart contract that by leveraging Permit2 allows exactly that: execute on whichever aggregator, without having to approve their smart contract.

Furthermore, while implementing this new feature for ourselves, we realized that there was a way we could allow any protocol to leverage the power of Permit2 without having to re-deploy their smart contracts — Pretty powerful, huh?

This would not only reduce users’ vector surface, but could also save protocols that have allowance / approvals related exploits by not having permission over ANY user funds!

Leverage Permit2 on your application, now!

You can check out how to leverage Permit2 on your already deployed application by checking our Permit2’s related SDK documentation, or you can head to the Universal Permit 2 Adapter repository to learn more about our implementation that is already audited by Omniscia.

Additionally, we recommend you to check more about our fully-typed and open-source SDK that offers services like: token balances, token allowances, token prices and much more for over 25 EVM chains, with multiple providers!

Conclusion

Immutability within a fast-paced environment such as ours, always comes with a cost: it might be operational cost for decentralized applications having to re-iterate upon their already deployed products to update their implementations with new technology, or it might be users having to deal with old standards. But there is one thing that we believe is certain: we should strive for minimizing users risks and maximizing user experience by pushing new standards (like account abstraction, universal approvals, and so many others) that takes us towards the goal of making decentralized finance seamlessly accesible to everyone, and this is something that we should do together as a community.

--

--

Balmy

Balmy is your home for accessing the world of decentralized finance as it was meant to be: safe, open, and intuitive.