ICRC-2 Batch operations library

I don’t disagree that ICRC-4 will be a big improvement over ICRC-1/2, but in my experience these things take quite awhile to get rolled out. Do you or others have any idea how far ICRC-4 is from being rolled out?

This might be a discussion for another thread, but there seems to be quite a bit of divergence of opinion with respect to how users want to/should store tokens. Some are pushing for a singular wallet, while others prefer to have a distinct account per app.

I’m not a token expert, nor do I regularly attend the ledger and token standards WG, so this is my naive outsider perspective. Please take it with a grain of salt :sweat_smile:

With most safe wallets, applications do not have permission to spend user funds without explicit permission from the user. This means that until ICRC-2, applications could not implement asynchronous payment workflows unless they actually custodied and controlled user funds.

With the account per app (Internet Identity approach), by default most apps use the delegate principal or account identifier (legacy) for storing tokens on a ledger. The user is required to silo funds by app account, and the app can’t access those funds until the user logs in. Again, no opportunity for async payment workflows unless the app directly controlled user funds.

In both the wallet case and account per app (II case), ICRC-2 allows dapps to implement these async payment workflows - regardless of how the user chooses to store those funds. The app does not custody funds on the user’s behalf, it is only allowed to move the funds that it has been approved to move, instead of the funds that the user is “willing to risk”.

Can you elaborate on this part? How is this the same thing, especially if you are not custodying the funds. I’m thinking of an ICRC-2 approval more like the ability to charge a card monthly on your bill, vs. ICRC-1 (custodied by canister) sending a deposit to your landlord to cover incidental damage. At least to me, these feel very different from a security and legal perspective in terms of liability.

I actually believe ICRC-2 can be greatly improved by a batch method, in the same way that ICRC-1 is being upgraded to ICRC-4. I’m also curious to hear your thoughts around an All or nothing batch transaction icrc standard.

As for the approval storage in memory, this is indeed a concern as well as the ability to view all current approvals. In terms of memory though, there are plenty of vulnerabilities that could arise in programmatically creating a number of new accounts and then dusting those accounts with a trace amount of a token.

Adding in approval traceability per account, upping the cost per approval, and a reasonable outstanding approvals limit per account might help with this in the interim in moving the space from n^2 back to n (with constant multiple), but I’m not convinced that the idea of approvals is flawed. You can either have approvals, or you can end up with people creating the same number of subaccounts for every single app they have a user account in. It’s the same number of accounts and data.

There’s a time for synchronous payments, and a time for async, but imagine if all of the recurring things you pay for today (AWS bill, Netflix, Internet, Utilities, etc.) required you to move 2-3 months worth of funds in there ahead of time and manually add to those funds every month. It’s extremely inefficient and burdens the user with additional cognitive load. It sort of reminds me thinking about how before the first credit card, individual businesses kept a tab or “ledger” of everyone’s account and you had to go in and pay that at the end of each month.

1 Like