research(contracts): delegated eip1271 signing scheme

[mfw78]

Problem

Only the owner of the order can sign for the order - this creates the limitation that all smart orders MUST belong to a smart contract (supporting ERC-1271).

Acceptance criteria

• All account types can support smart order types without vendor dependencies (e.g. no ERC-1271 smart contract wallets, EOAs, etc).

Details

Signing schemes supported currently include:

1. eth_sign
2. eip712 (i.e. eth_signTypedData_v4)
3. preSign (i.e. GPv2Settlement.setPreSignature)
4. eip1271

All of these signing schemes must be called by, or initiated by the owner of the order.

Possible Solutions

1. Add delegateEip1271 as a signing scheme, which allows for an smart contract supporting a constrained version of ERC-1271 to sign on-behalf of the user. Security wise, could allow a user to specify if the order asserts the receiver is equal to the order's owner.
2. Smart order types themselves implement eip1271 and take custody of user's funds, similar in style to Eth-Flow.

Research track

• User Experience
• Protocol Security

[fleupold]

This could also be implemented as a separate trade handling logic implementation (cf. #3 (comment)) but might be important enough to make it part of the default order type.

In particular this would be needed to allow TWAP and StopLoss orders for EOA without massive account abstraction implementation overhead (as EOA could simply defer signature to TWAP/StopLoss ERC1271 implementations).