Spending limit

The Spending Limit feature is implemented through the DailyERC20SpendingLimitHook contract. This hook allows users to set and manage daily spending limits for both ETH and ERC20 tokens, providing enhanced security by preventing excessive spending within a 24-hour period.

Overview

The spending limit mechanism operates on a daily reset cycle (UTC timezone) and includes a time-lock system for limit modifications. This ensures both flexibility in managing funds and security against unauthorized changes.

Implementation Details

Step 1: Installation and Configuration

Users install the Spending Limit Hook in their wallet by providing initial configuration data:

TokenLimit
    address token
    uint256 spendingLimit

Example initialization:

address[] memory tokens = new address[](2);
tokens[0] = ETH_TOKEN_ADDRESS;  // Special address for ETH
tokens[1] = USDC_ADDRESS;       // USDC token address

uint256[] memory limits = new uint256[](2);
limits[0] = 1 ether;           // 1 ETH daily limit
limits[1] = 1000 * 10**6;      // 1000 USDC daily limit

bytes memory initData = abi.encode(tokens, limits);

Step 2: Daily Operations

The hook automatically manages spending limits through several mechanisms:

Limit Validation: Each transaction is validated against the daily limit
Spending Tracking: Accumulates spending amounts throughout the day
Automatic Reset: Limits reset at UTC midnight (00:00 UTC)
Multi-token Support: Separate tracking for ETH and each ERC20 token

Step 3: Limit Modifications

Changes to spending limits follow a time-locked process:

Initiate Change: Call initiateSetLimit(token, newLimit) to start the process
Waiting Period: 24-hour time-lock period begins
Apply/Cancel: After the time-lock, either:
- Apply the new limit with applySetLimit(token)
- Cancel the change with cancelSetLimit(token), can be done at any time

Technical Flow

Security Considerations

Time-lock Protection
- All limit increases require a 24-hour waiting period
- Changes can be cancelled during the waiting period
- Prevents immediate limit modifications by attackers
Token Isolation
- Each token has its own independent limit
- ETH and ERC20 tokens are tracked separately
- Zero limits indicate unlimited spending

Usage Guidelines

Initial Setup

bytes[] memory hooks = new bytes[](1);
uint8 capabilityFlags = 2; // preUserOpValidationHook only
hooks[0] = abi.encodePacked(
    address(dailyLimitHook), 
    initData, 
    capabilityFlags
);

Limit Management
- Set appropriate limits based on usage patterns
- Consider time-lock period when planning limit changes
- Monitor daily spending through provided queries

Common Operations

Query current limit: getCurrentLimit(token)
View pending changes: getPendingLimit(token)
Initiate limit change: initiateSetLimit(token, newLimit)
Apply pending change: applySetLimit(token)
Cancel pending change: cancelSetLimit(token)

Previouszk email recovery NextPassKey

Last updated 1 year ago

hashtagSpending limit

hashtagOverview

hashtagImplementation Details

hashtagStep 1: Installation and Configuration

hashtagStep 2: Daily Operations

hashtagStep 3: Limit Modifications

hashtagTechnical Flow

hashtagSecurity Considerations

hashtagUsage Guidelines

hashtagCommon Operations