Uniswap Labs Blog

Introducing Permit2 & Universal Router
November 17, 2022

Today, Uniswap Labs has released two new smart contracts:

  1. Permit2 allows token approvals to be shared and managed across different applications creating a more unified, cost-efficient, and safer UX.

  2. Universal Router unifies ERC20 and NFT swapping into a single swap router. Integrated with Permit2, users can swap multiple tokens and NFTs in one swap while saving on gas fees.

We originally conceived Permit2 and Universal Router to improve our own products, optimizing gas costs, simplifying user transaction flows, and strengthening security. As we ideated, we realized that other applications could greatly benefit from integrating these contracts. Uniswap is committed to building public infrastructure that pushes crypto forward, which is why we designed these contracts to be used by the entire developer ecosystem, including extensive documentation, SDKs, and a two-week bug bounty.

Permit2 - Efficient, consistent, and secure approvals

Permit2 is a token approval contract that can safely share and manage token approvals across different smart contracts. As more projects integrate with Permit2, we can standardize token approvals across all applications. In turn, Permit2 will improve the user experience by reducing transaction costs while improving smart contract security.

Originally defined in EIP-20, the canonical token approve method suffered from a couple of weaknesses:

  1. Users had to send an approval transaction for each new application they wanted to use. This led to a confusing UX where users might be asked to send multiple transactions before using an application, wasting gas and time.

  2. For convenience's sake, applications asked users to approve the maximum allowance, giving applications access to a wallet’s entire token balance for an indefinite amount of time. Though Uniswap has never suffered from an exploit, infinite approvals can be hacked to steal user tokens. (PSA to revoke active allowances.)

EIP-2612 iterated on token approvals. Users could interact with application contracts without requiring prior approval by appending a signed permit message to their transaction. While EIP-2612 made token approves safer with granular allowance approvals, tokens launched before EIP-2612 did not support the permit function and not all newer tokens have adopted it.

How Permit2 improves UX

Permit2 further iterates on the token approval mechanism by introducing signature-based approvals and transfers for any ERC20 token, regardless of EIP-2612 support. Permit2 also comes with a host of exciting features that unlock more secure token approval options and enable a more consistent user experience across any integrating application. The full list of features can be found in our docs, but notably:

  1. Permits for any token. Applications can have a single transaction flow by sending a signature along with the transaction data for any token, including those not supporting a native permit method.

  2. Expiring approvals. Approvals can be time-bound, removing security concerns around hanging approvals on a wallet’s entire token balance. Revoking approvals do not necessarily have to be a new transaction.

  3. Signature-based transfers. Users can bypass setting allowances entirely by releasing tokens to a permissioned spender through a one-time signature.

  4. Batch approvals and transfers. Users can set approvals on multiple tokens or execute multiple transfers with one transaction.

  5. Batch revoking allowances. Remove allowances on any number of tokens and spenders in one transaction.

diagram-1

Integrate Permit2

Permit2 is a non-upgradable, unowned, and open-source contract that has been deployed to the same address across Ethereum, Optimism, Arbitrum, Polygon, and Celo. To start integrating, see the developer docs, SDK, and this guide.

As part of our robust smart contract development standards, we’ve also launched a bug bounty program for the Permit2 contracts.

Currently, Permit2 only supports ERC20 tokens. Uniswap Labs will be releasing a version for NFTs in the near future.

Universal Router - Unified token and NFT swaps

We’ve integrated Permit2 into another exciting contract we’re releasing. The Universal Router is Uniswap’s next-generation router that unifies token and NFT trades into a highly flexible, gas-optimized, secure, and extensible swap router. The Universal Router significantly improves product and user experience, which is why it will become the default swap router for all Uniswap swaps in the near future.

Swap routers take in defined parameters (e.g. swap route, maximum slippage, and swap recipient) and execute swaps against your desired venues (e.g. Uniswap pools, NFT marketplaces). Swap routers are optimized to find the lowest prices and execute them at the lowest gas cost.

However, current swap routers suffer from two inefficiencies:

  • Existing swap routers typically only support either NFTs or ERC20 tokens. Trades that involve both currently require multiple transactions. For example, buying an NFT with an ERC20 token would require two separate transactions. First, a swap from DAI to ETH, and then the final swap from ETH to NFT.
  • Because swap routers are responsible for transferring user tokens, users must approve every token on first use, making them costly to upgrade. This is especially problematic for aggregator swap routers as contracts must be redeployed each time a new protocol is supported.

How Universal Router unifies swaps

With the Universal Router, users can execute multiple token swaps on Uniswap V2 & V3, and buy NFTs from multiple marketplaces all in one transaction. For example, envision a swap that

  • Uses three different input tokens
  • Swaps on Uniswap V2 and V3 using a split route
  • Performs an ETH to WETH wrap
  • Buys an NFT on OpenSea

This entire flow can be executed as a single transaction.

diagram-2

The Universal Router is integrated with Permit2, meaning that users approve with Permit2 and pass their signature through to the Universal Router, abstracting the token approval flow from the router contracts. Developers can deploy new versions of the Universal Router without requiring users to send a separate approval transaction each time. This allows the Universal Router - or any integrated contract - to remain immutable, while also allowing new features to be added in the future.

Integrate Universal Router

The Universal Router is a non-upgradable, unowned, and open-source contract that has been deployed across Ethereum, Optimism, Arbitrum, Polygon, and Celo. To start integrating, see the SDK.

Similarly to Permit2, we are running a bug bounty program to keep Uniswap contracts to the highest security standards.

Acknowledgments

Uniswap Labs would like to thank merklejerk for his work on permit-everywhere which was the main inspiration for Permit2. We would also like to thank Paradigm’s transmissions11 for his contributions and feedback on Permit2.

Related posts