The Delegatable Framework is a generalized access control system for EVM compatible blockchains using counterfactual, revocable delegations.
Enabling complex transaction execution conditionals using a Capabilities inspired architecture used in UNIX systems.
Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses traditional UNIX permissions and Access Control Lists.
The Delegatable framework is a principled peer-to-peer access control system for the EVM Operating Systems.
- Counterfactual Delegations
- Peer-to-Peer Access Controls
- Transaction Execution Conditionals
- Non-Blocking Nonce Queues
On-chain access controls are invoked using capabilities enabled off-chain signatures.
In other words, fine-tuned transaction execution conditionals (access controls) can be crafted/shared off-chain (saving gas). Instead of requiring an on-chain delegation or single-use delegation, the Delegatable framework, enables Users to define more complex, peer-to-peer access controls that are both privacy preserving and scalable in nature.
All of this done without compromising on the security guarantees of final execution in the smart contract.
Without a centralized registry or any on-chain transaction, a
Wallet is able to grant permissions to another
Wallet to act on their behalf. The delegated permissions can also be bounded by timestamps, blockNumbers, allowances, oracles, and more!
The Situation -
Alice has a balance of
1000 tokens in
Alice wants to give a
Bob permission to borrow tokens, in case of an emergency. And
Bob is very thankful for the generosity of
How it works with Delegatable:
Bobpermission to transfer
VaultBfor 30 days.
Delegationto a local device.
Bobare the only parties who know about this delegation.
Bobafter 1 week, decides to
VaultBfor 30 days.
Magic 🪄 a Web of Trust is beginning to emerge.
Transaction Execution Conditionals (Caveat Enforcers)
Core to the Delegatable framework is the ability to define transaction execution conditionals. Accounts can limit when and how a transaction is executed using existing and/or customer enforcers.
Existing enforcers include:
- Allowed Methods
- ERC20 Allowance
Meta-transactions, a technology pioneered at uPort/ConsenSys (CTO Christian Lundkvist), enables third-party accounts to pay gas costs for a transaction. The Delegatable framework includes a meta-transaction sub-system, so all Delegations are automatically meta-transaction compatible.
Account signing a Delegation DO NOT have to submit and pay for the transaction.
Non-Blocking Nonce Queues
A challenge with today's EOA and Smart Wallet is the usage of single nonce. All transactions must be processed in sequential order. The Delegatable framework introduces horizontally scalable nonce queues to overcome the limitations of a single threaded account.