Spinning up a thread for us to discuss scoped providers in the NFT and FT V2 standards. An un-scoped provider is akin to “Set Approval for All” in the EVM world which is a big source of scams and exploits. Various folks in the community have discussed this issue, and the V2 standard is a good opportunity for us to embed a solution to this into the standard instead of wrapped ones like some of us have tinkered with.
I’ll circle back to this later to add in the various approaches folks have taken, but if anyone has input I’d love to hear about it
It shouldn’t be a struct. If it is, the struct can be replicated and then things like fungible token allowances are not enforceable. Instead, it should be a resource.
We should probably add an optional expiration so that the scoped provider isn’t valid after a certain time.
I will make an attempt at those changes when I get the chance and pick this up afterwards unless other folks have ideas/feedback