1

When I use approve and transferFrom, I notice the owner can give authority to spender. However, the owner CAN'T appoint an address for this approval that the token will be transfer to.

That means if the spender got the approval, it can transfer owner's token to any address it wants to, as far as I know.

Since approve and transferFrom are two separate processes, how to control the spender's behavior? Is there any idea or code to restrict the token receiver of an approval?

Huowuge
  • 41
  • 5

2 Answers2

0

In the original ERC-20 standard, there's no way to limit what exactly the spender can do (e.g. transfer to only specific addresses, disable burning the tokens, ...). Only how much they can spend.

So in order to enable limited approvals, you'll need to expand your token contract on top of the generic ERC-20 approvals.

Uniswap recently introduced their Permit2 contract / onchain service that enables users to give limited approvals through offchain signature. Take a look if it fits your use case.

Petr Hejda
  • 40,554
  • 8
  • 72
  • 100
0

To have a custom approval, you can use a custom smart contract

  • Sender approves funds on the given smart contract

  • Smart contract only allows withdrawal to a single address

Mikko Ohtamaa
  • 82,057
  • 50
  • 264
  • 435
  • 1
    Thanks Mikko, I use another approach. 1st: Sender approves funds on the given smart contract, and use create2 to deploy a new contract. 2nd: The new smart contract only transferFrom to a single address. I haven't test the contract yet, it may cost more gas than your solution. – Huowuge Feb 21 '23 at 14:27
  • 1
    I failed to do that, because the allowance may not exist in the new contract. – Huowuge Feb 22 '23 at 02:43