Scoped Providers in FT and NFT v2 standards

austin · July 20, 2022, 4:33am

Spinning up a thread for us to discuss scoped providers in the NFT and FT V2 standards. An un-scoped provider is akin to “Set Approval for All” in the EVM world which is a big source of scams and exploits. Various folks in the community have discussed this issue, and the V2 standard is a good opportunity for us to embed a solution to this into the standard instead of wrapped ones like some of us have tinkered with.

I’ll circle back to this later to add in the various approaches folks have taken, but if anyone has input I’d love to hear about it

Tagging @flowjosh at their request

austin · July 21, 2022, 2:34pm

Kicking this off with a start PR I’d made in the a repo of Flowty’s that we plan to put various utility functions in.

https://github.com/Flowtyio/flow-utils/pull/6

Some feedback I have received from @bluesign and @amitzay were:

It shouldn’t be a struct. If it is, the struct can be replicated and then things like fungible token allowances are not enforceable. Instead, it should be a resource.
We should probably add an optional expiration so that the scoped provider isn’t valid after a certain time.

I will make an attempt at those changes when I get the chance and pick this up afterwards unless other folks have ideas/feedback

Topic		Replies	Views
New Deployments For Token Standards 🏄🏻‍♀️ Cadence cadence , fungibletoken , nft , metadata	0	459	December 20, 2022
Suggestion: Default events 🏄🏻‍♀️ Cadence	2	417	July 31, 2021
Fixed: Cadence Vulnerability 2021-04-20 Security Notifications	0	657	May 17, 2021
Recommended Marketplace Architecture - Fungible Token implementation? 🏄🏻‍♀️ Cadence	2	569	April 16, 2021
Fixed: Cadence Vulnerabilities 2023-09-16 Security Notifications	5	315	October 3, 2023

Scoped Providers in FT and NFT v2 standards

Related Topics