Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

preapprove

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

preapprove

On-chain pre-approval registry for NFTs. Library included.

  • 1.0.0
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

PreApprove

NPM CI MIT License

On-chain registry for pre-approvals of ERC721 transfers.

Useful for pre-approving contracts in your dApp ecosystem to manage NFTs without individual approvals.

Deployments

ChainPreApproveRegistryPreApproveListerFactory
Ethereum0x000000000000B89C3cBDBBecb313Bd896b09144d0x000000002f8c58a122F28C7CC8d644227a8FBa06
Goerli0x000000000000B89C3cBDBBecb313Bd896b09144d0x000000002f8c58a122F28C7CC8d644227a8FBa06
Polygon0x000000000000B89C3cBDBBecb313Bd896b09144d0x000000002f8c58a122F28C7CC8d644227a8FBa06
Mumbai0x000000000000B89C3cBDBBecb313Bd896b09144d0x000000002f8c58a122F28C7CC8d644227a8FBa06

Please open an issue if you need help to deploy to an EVM chain of your choice.

Contracts

src
├─ PreApproveChecker.sol — "Library for querying the pre-approve registry efficiently"
├─ PreApproveLister.sol — "Ownable lister contract that can add/remove operators"
├─ PreApproveListerFactory.sol — "Factory to deploy lister contracts"
├─ PreApproveRegistry.sol — "The pre-approve registry"
├─ example
│  └─ ExampleERC721A.sol — "ERC721A example"
└─ utils
   └─ EnumerableAddressSetMap.sol — "Library for mapping of enumerable sets"

Examples

TypeContract
ERC721Asrc/example/ExampleERC721A.sol

Installation

You can use the src/PreApproveChecker.sol library in your NFT contracts to query the registry efficiently.

To install with Foundry:

forge install vectorized/preapprove

To install with Hardhat or Truffle:

npm install preapprove

Glossary

  • Collectors

    NFT collectors.

  • Operators

    Externally Owned Accounts (EOAs) or Smart Contracts that can manage NFTs on behalf of collectors.

  • Listers

    Externally Owned Accounts (EOAs) or Smart Contracts that can add or remove operators.
    Collectors can subscribe to listers.

  • NFT Contracts

    ERC721 or ERC1155 compliant contracts that can override
    isApprovedForAll(address collector, address operator) to consult the registry,
    returning true if the operator is pre-approved by the specified lister which the collector is subscribed to.

  • Registry

    The PreApproveRegistry which can allow collectors to subscribe to listers, and listers to add/remove operators.

Security

  • Collectors can subscribe and unsubscribe to listers. Subscription is opt-in.

    • The NFT contract developer has to specify which lister on the registry is queried by the NFT contract.
      We recommend that the lister address is hardcoded as a constant in the NFT contract's code, for security (if the lister is created via our factory) and gas efficiency.
  • A lister can add operators, but takes 7 days to take effect.

  • A lister can remove operators immediately anytime, even if the operator is not yet in effect.

  • The list of operators managed by a lister can only be modified by the lister.

  • A lister can be an EOA or a smart contract.

    We highly recommend using our pre-approve lister factory to create a lister contract with the following security benefits:

    • Ability for a separate locker address to lock the lister anytime, in case the lister's owner is compromised.

    • Once locked:

      • No more operators can be added by the lister's owner.
      • The list of operators can be emptied immediately by any account (flight back to default safety).
    • We highly recommend using a multisig for the lister's owner, and an EOA for the lister's locker.
      This is because a multisig's signers may be changed immediately if it is compromised.
      The locker EOA should not be part of the lister's owner multisig.

    • A backup locker is configurable by the lister's owner in case the locker cannot be accessed (e.g. private key lost).
      We recommend setting it up as soon as the lister contract is deployed, if possible.

    • The lister's owner, locker, backup locker, cannot be changed once initialized.

Safety

The codebase has gone though intensive internal reviews by a16z crypto and soundxyz engineers.

Nevertheless, this codebase is provided on an "as is" and "as available" basis.

We do not give any warranties and will not be liable for any loss incurred through any use of this codebase.

Acknowledgements

This repository is inspired by and directly modified from:

FAQs

Package last updated on 16 Dec 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc