EIP-3074: Sponsored Transaction Precompile


Creates a new precompile, analogous to CALL, that sets CALLER based on an ECDSA signature.

This EIP creates two precompiles:

  • CALL_PRECOMPILE - forwards a CALL, setting msg.sender according to an ECDSA signature, using a relayer-sponsee nonce for replay protection.
  • NONCE_PRECOMPILE - provides access to relayer-sponsee nonces expected by CALL_PRECOMPILE.

The proposal has several problems, the two most important are:

  • It’s incompatible with EIP-712 and the mapping selected could be used to confuse existing wallets into signing an unintended message.

  • It doesn’t include the chainID in the signed fields , as advertised. Therefore it’s open to network reply attacks.

This is the list of fields signed, and how they map to a normal Ethereum transaction:
Normal -> EIP-3074
Nonce -> Nonce
GasPrice -> GasLimit
GasLimit -> ReceiveAddress
ReceiveAddress -> Value
Value -> Data
Data -> relayer
chainId (not present)
empty (not present)
empty (not present)

Thanks for the feedback! I updated the signed fields to include chainid.

Is EIP-712 final yet? I wanted to avoid it until it’s finalized.

If a malicious website wanted to confuse a user, they’d have to present something like this:

Nonce: 3
GasLimit: 66000000000 (66 Gwei, current gas price)
ReceiveAddress: 0x0000000000000000000000000000000000Be8c72 (current block gas limit)
Value: 611382286831621467233887798921.843936019654057231 ETH (some address)

I’ve probably missed some of the specifics of the RLP offsets, but it seems like it would be a very suspicious transaction. I’m not opposed to modifying the format to make it impossible though, if you have any suggestions.