yes, the hashing stuff in that permit function is subtle magic. https://soliditydeveloper.com/erc20-permit "Permit in Detail: Preventing Misuse and Replays" ... https://eips.ethereum.org/EIPS/eip-712 even says "As such, the adage “don’t roll your own crypto” applies. Instead, a peer-reviewed well-tested standard method needs to be used. This EIP aims to be that standard."
https://galois.com/blog/2021/03/actually-you-are-rolling-your-own-crypto/ <- another argument that cryptographic protocol design is too hard to do it again for each commerical arrangement. Language based security with ocaps is more scalable. (see "Where's the crypto" blog item)
I wonder if a side-by-side comparison of uniswap in solidity and our js swap code would bear this out.
I was going to reconsider, figuring the Uniswap code (V2 at least) relies on nothing other than message.sender, but I do see some crypto in the permit function ( https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/UniswapV2ERC20.sol#L81-L93 ) which seems to be a delegation mechanism. I wonder how many confused deputies are in there too.
yes, the hashing stuff in that permit function is subtle magic. https://soliditydeveloper.com/erc20-permit "Permit in Detail: Preventing Misuse and Replays" ... https://eips.ethereum.org/EIPS/eip-712 even says "As such, the adage “don’t roll your own crypto” applies. Instead, a peer-reviewed well-tested standard method needs to be used. This EIP aims to be that standard."