Scoped Providers in FT and NFT v2 standards

Spinning up a thread for us to discuss scoped providers in the NFT and FT V2 standards. An un-scoped provider is akin to “Set Approval for All” in the EVM world which is a big source of scams and exploits. Various folks in the community have discussed this issue, and the V2 standard is a good opportunity for us to embed a solution to this into the standard instead of wrapped ones like some of us have tinkered with.

I’ll circle back to this later to add in the various approaches folks have taken, but if anyone has input I’d love to hear about it

Tagging @flowjosh at their request

1 Like

Kicking this off with a start PR I’d made in the a repo of Flowty’s that we plan to put various utility functions in.

Some feedback I have received from @bluesign and @amitzay were:

  1. It shouldn’t be a struct. If it is, the struct can be replicated and then things like fungible token allowances are not enforceable. Instead, it should be a resource.
  2. We should probably add an optional expiration so that the scoped provider isn’t valid after a certain time.

I will make an attempt at those changes when I get the chance and pick this up afterwards unless other folks have ideas/feedback