eip: 5334
title: 721 User And Expires And Level Extension
description: Add a time-limited role with restricted permissions to ERC-721 tokens.
author: Yan (@yan253319066)
discussions-to: EIP-5334: ERC-721 User And Expires And Level Extension
status: Draft
type: Standards Track
category: ERC
created: 2022-07-25
requires: 165, 721
Abstract
This standard is an extension of EIP-721. It proposes an additional role (user) which can be granted to addresses, and a time where the role is automatically revoked (expires) and (level) . The user role represents permission to “use” the NFT, but not the ability to transfer it or set users.
Motivation
Some NFTs have certain utilities. For example, virtual land can be “used” to build scenes, and NFTs representing game assets can be “used” in-game. In some cases, the owner and user may not always be the same. There may be an owner of the NFT that rents it out to a “user”. The actions that a “user” should be able to take with an NFT would be different from the “owner” (for instance, “users” usually shouldn’t be able to sell ownership of the NFT). In these situations, it makes sense to have separate roles that identify whether an address represents an “owner” or a “user” and manage permissions to perform actions accordingly.
Some projects already use this design scheme under different names such as “operator” or “controller” but as it becomes more and more prevalent, we need a unified standard to facilitate collaboration amongst all applications.
Furthermore, applications of this model (such as renting) often demand that user addresses have only temporary access to using the NFT. Normally, this means the owner needs to submit two on-chain transactions, one to list a new address as the new user role at the start of the duration and one to reclaim the user role at the end. This is inefficient in both labor and gas and so an “expires” and “level” function is introduced that would facilitate the automatic end of a usage term without the need of a second transaction.
Specification
The keywords “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY” and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.
Contract Interface
Solidity Interface with NatSpec & OpenZeppelin v4 Interfaces (also available at IERC5334.sol):
interface IERC5334 {
// Logged when the user of a NFT is changed or expires and level is changed
/// @notice Emitted when the `user` of an NFT or the `expires` of the `user` is changed or the user `level` is changed
/// The zero address for user indicates that there is no user address
event UpdateUser(uint256 indexed tokenId, address indexed user, uint64 expires, uint8 level);
/// @notice set the user and expires and level of a NFT
/// @dev The zero address indicates there is no user
/// Throws if `tokenId` is not valid NFT
/// @param user The new user of the NFT
/// @param expires UNIX timestamp, The new user could use the NFT before expires
/// @param level user level
function setUser(uint256 tokenId, address user, uint64 expires, uint8 level) external;
/// @notice Get the user address of an NFT
/// @dev The zero address indicates that there is no user or the user is expired
/// @param tokenId The NFT to get the user address for
/// @return The user address for this NFT
function userOf(uint256 tokenId) external view returns(address);
/// @notice Get the user expires of an NFT
/// @dev The zero value indicates that there is no user
/// @param tokenId The NFT to get the user expires for
/// @return The user expires for this NFT
function userExpires(uint256 tokenId) external view returns(uint256);
/// @notice Get the user level of an NFT
/// @dev The zero value indicates that there is no user
/// @param tokenId The NFT to get the user level for
/// @return The user level for this NFT
function userLevel(uint256 tokenId) external view returns(uint256);
}
The userOf(uint256 tokenId) function MAY be implemented as pure or view.
The userExpires(uint256 tokenId) function MAY be implemented as pure or view.
The userLevel(uint256 tokenId) function MAY be implemented as pure or view.
The setUser(uint256 tokenId, address user, uint64 expires) function MAY be implemented as public or external.
The UpdateUser event MUST be emitted when a user address is changed or the user expires is changed or the user level is changed.
The supportsInterface method MUST return true when called with 0xad092b5c.
Rationale
This model is intended to facilitate easy implementation. Here are some of the problems that are solved by this standard:
Clear Rights Assignment
With Dual “owner” and “user” roles, it becomes significantly easier to manage what lenders and borrowers can and cannot do with the NFT (in other words, their rights). Additionally, owners can control who the user is and it’s easy for other projects to assign their own rights to either the owners or the users.
Simple On-chain Time Management
Once a rental period is over, the user role needs to be reset and the “user” has to lose access to the right to use the NFT. This is usually accomplished with a second on-chain transaction but that is gas inefficient and can lead to complications because it’s imprecise. With the expires function, there is no need for another transaction because the “user” is invalidated automatically after the duration is over.
Easy Third-Party Integration
In the spirit of permission less interoperability, this standard makes it easier for third-party protocols to manage NFT usage rights without permission from the NFT issuer or the NFT application. Once a project has adopted the additional user role and expires and level, any other project can directly interact with these features and implement their own type of transaction. For example, a PFP NFT using this standard can be integrated into both a rental platform where users can rent the NFT for 30 days AND, at the same time, a mortgage platform where users can use the NFT while eventually buying ownership of the NFT with installment payments. This would all be done without needing the permission of the original PFP project.
Backwards Compatibility
As mentioned in the specifications section, this standard can be fully ERC-721 compatible by adding an extension function set.
In addition, new functions introduced in this standard have many similarities with the existing functions in ERC-721. This allows developers to easily adopt the standard quickly.
Test Cases
Test Contract
ERC5334Demo Implementation: ERC5334Demo.sol
// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.0;
import "./ERC5334.sol";
contract ERC5334Demo is ERC5334 {
constructor(string memory name, string memory symbol)
ERC5334(name,symbol)
{
}
function mint(uint256 tokenId, address to) public {
_mint(to, tokenId);
}
}
Test Code
const { assert } = require("chai");
const ERC5334Demo = artifacts.require("ERC5334Demo");
contract("test", async accounts => {
it("should set user to Bob", async () => {
// Get initial balances of first and second account.
const Alice = accounts[0];
const Bob = accounts[1];
const instance = await ERC5334Demo.deployed("T", "T");
const demo = instance;
await demo.mint(1, Alice);
let expires = Math.floor(new Date().getTime()/1000) + 1000;
let level = 1;
await demo.setUser(1, Bob, BigInt(expires), level);
let user_1 = await demo.userOf(1);
assert.equal(
user_1,
Bob,
"User of NFT 1 should be Bob"
);
let owner_1 = await demo.ownerOf(1);
assert.equal(
owner_1,
Alice ,
"Owner of NFT 1 should be Alice"
);
});
});
run in Terminal:
truffle test ./test/test.js
Reference Implementation
ERC5334 Implementation: ERC5334.sol
// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
import "./IERC5334.sol";
contract ERC5334 is ERC721, IERC5334 {
struct UserInfo
{
address user; // address of user role
uint64 expires; // unix timestamp, user expires
uint8 level; // user level
}
mapping (uint256 => UserInfo) internal _users;
constructor(string memory name_, string memory symbol_)
ERC721(name_,symbol_)
{
}
/// @notice set the user and expires and level of a NFT
/// @dev The zero address indicates there is no user
/// Throws if `tokenId` is not valid NFT
/// @param user The new user of the NFT
/// @param expires UNIX timestamp, The new user could use the NFT before expires
/// @param level user level
function setUser(uint256 tokenId, address user, uint64 expires, uint8 level) public virtual{
require(_isApprovedOrOwner(msg.sender, tokenId),"ERC721: transfer caller is not owner nor approved");
UserInfo storage info = _users[tokenId];
info.user = user;
info.expires = expires;
info.level = level
emit UpdateUser(tokenId,user,expires,level);
}
/// @notice Get the user address of an NFT
/// @dev The zero address indicates that there is no user or the user is expired
/// @param tokenId The NFT to get the user address for
/// @return The user address for this NFT
function userOf(uint256 tokenId)public view virtual returns(address){
if( uint256(_users[tokenId].expires) >= block.timestamp){
return _users[tokenId].user;
}
else{
return address(0);
}
}
/// @notice Get the user expires of an NFT
/// @dev The zero value indicates that there is no user
/// @param tokenId The NFT to get the user expires for
/// @return The user expires for this NFT
function userExpires(uint256 tokenId) public view virtual returns(uint256){
return _users[tokenId].expires;
}
/// @notice Get the user level of an NFT
/// @dev The zero value indicates that there is no user
/// @param tokenId The NFT to get the user level for
/// @return The user level for this NFT
function userLevel(uint256 tokenId) public view virtual returns(uint256){
return _users[tokenId].level;
}
/// @dev See {IERC165-supportsInterface}.
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC5334).interfaceId || super.supportsInterface(interfaceId);
}
function _beforeTokenTransfer(
address from,
address to,
uint256 tokenId
) internal virtual override{
super._beforeTokenTransfer(from, to, tokenId);
if (from != to && _users[tokenId].user != address(0)) {
delete _users[tokenId];
emit UpdateUser(tokenId, address(0), 0, 0);
}
}
}
Security Considerations
This EIP standard can completely protect the rights of the owner, the owner can change the NFT user and expires and level at any time.
Copyright
Copyright and related rights waived via CC0.