Skip to main content

How Suberra Works


Most dApps require users to grant an allowance to spend tokens before any transactions on the dApp are possible. For example, if you are trying to trade on Uniswap, Uniswap will require you to approve their contracts to spend tokens on your behalf.

This is done by calling the approve function on the token contract. The approve function takes two arguments:

address : The address of the spender (the contract that will be spending the tokens on your behalf)

amount : The amount of tokens to be approved (the maximum amount of tokens that can be spent by the spender)

The approve function is a one-time function, meaning that you can only call it once. If you want to change the amount of tokens that can be spent by the spender, you will have to call the approve function again with the new amount.

This is a security feature to prevent dApps from stealing your tokens. However, it is a very inconvenient UX for users, since they have to approve the dApp every time they want to use it.

As a result, many developers of programs that are designed to repeat the same actions over time choose to request for a large (or unlimited) approval from the user, for a better UX. This is ofcourse a bad practice - a huge security risk. The funds in the users wallets can be drained completely if the developer is malicious, or if the dApp is compromised.

Our Solution: Periodic allowances

Suberra protects users by building another layer of stricter constraints on EIP-20 allowances. These constraints restrict the amount of tokens that can be spent by the dApp. This is done by setting a maximum allowance that can be spent in a period of time (e.g. 50 USDC per month). Once the smart contract uses up the allowance for the given period of time, it can no longer spend any tokens from the user's wallet. This periodic allowance is reset upon the next unit interval.

Technical Specifications

approve

function approve(
address token,
address spender,
uint192 amount,
uint64 duration,
uint64 startTime
)

permit

Supports EIP-20 approvals ("permits") via EIP-712 secp256k1 signatures

    function permit(
address owner,
address token,
address spender,
uint192 amount,
uint64 duration,
uint64 startTime,
uint256 deadline,
uint8 v,
bytes32 r,
bytes32 s
)
```

transferFrom

Transfers the underlying token from owner to recipient. Owner should have given approved the periodic allowance contract to spend tokens on his behalf for the designated token.

    function transferFrom(
address token,
address owner,
address recipient,
uint192 amount
)

allowanceInfo

Gets the current allowance information given the owner, token and spender.

  function allowanceInfo(
address owner,
address token,
address spender
)