Given the important push for inclusion of this EIP in the next hardfork, I would like to formally express my concerns about the usage of the signer’s nonce for invalidation of the AUTH, and the inconsistencies that creates.
Lets says Alice has nonce 10, and signs an Auth with nonce 10. This signature is valid, and Bob can relay it to perform some operation in Alice’s name. After the operation is done, Alice’s nonce does not change, so it is essential that the forwarder (contract that uses the Auth and does AuthCall) includes some replay protection.
However, if Bob doesn’t relay the message, and Alice wants to do it herself (Alice might be using a “multicall” forwarder), then the nonce Alice used is invalid, because the transaction that Alice submits increases the nonce BEFORE the Auth is verified.
This means that if Alice plans to relay the Auth herself, she needs to sign something different (nonce 11) than if she plans to have Bob relay it (nonce 10).
I think this is really messed up, and I would like to propose that if authority is tx.origin, then the nonce that is used should be the one before the current transaction (ie. the current one minus one).
I believe this change would make signing a Auth agnostic of the relayer (which I believe is a good thing).