A place for talking about the Ethereum Virtual Machine on Farcaster.

Help me I had a stupid idea but I cant explain why it's stupid: could tx.origin be used instead of explicit approvals for authorizing token transfers? Like iff you initiate a transaction your tokens are all unlocked

Auditoooor at ChainSecurity
—
EPFL Cybersec MSc.
—
CTF player w/ 0rganizers
—
Hacker & Cypherpunk
—
🌸

I think it’s true that if my standard ERC20 token—let’s say I don’t use approvals or contexts—sits at 0xA and I send a transaction to 0xB then there’s no way I lose tokens. I think your proposal breaks this?

It breaks that rule yes (which alread has some subtleties e.g. the tx is not itself an approval, no native multicall, token with two entry points, Permit/Permit2 shenanigans or EIP-7702) In the new model you have to simulate the tx and audit 0xB to get similar guarantees. But you already do that anyway right?