[Feature] Spender permit feature

contracts/RFQ.sol

@@ -2,6 +2,8 @@
 pragma solidity 0.7.6;
 pragma abicoder v2;
 
+import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import "@openzeppelin/contracts/token/ERC20/SafeERC20.sol";
 import "@openzeppelin/contracts/math/SafeMath.sol";
 import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 import "@openzeppelin/contracts/utils/Address.sol";
@@ -10,6 +12,7 @@ import "./interfaces/IRFQ.sol";
 import "./utils/StrategyBase.sol";
 import "./utils/RFQLibEIP712.sol";
 import "./utils/BaseLibEIP712.sol";
+import "./utils/SpenderLibEIP712.sol";
 import "./utils/SignatureValidator.sol";
 import "./utils/LibConstant.sol";
 
@@ -18,6 +21,7 @@ import "./utils/LibConstant.sol";
 contract RFQ is IRFQ, StrategyBase, ReentrancyGuard, SignatureValidator, BaseLibEIP712 {
     using SafeMath for uint256;
     using Address for address;
+    using SafeERC20 for IERC20;
 
     // Constants do not have storage slot.
     string public constant SOURCE = "RFQ v1";
@@ -98,7 +102,9 @@ contract RFQ is IRFQ, StrategyBase, ReentrancyGuard, SignatureValidator, BaseLib
     function fill(
         RFQLibEIP712.Order calldata _order,
         bytes calldata _mmSignature,
-        bytes calldata _userSignature
+        bytes calldata _userSignature,
+        bytes calldata _makerAssetPermitSig,
+        bytes calldata _takerAssetPermitSig
     ) external payable override nonReentrant onlyUserProxy returns (uint256) {
         // check the order deadline and fee factor
         require(_order.deadline >= block.timestamp, "RFQ: expired order");
@@ -115,7 +121,7 @@ contract RFQ is IRFQ, StrategyBase, ReentrancyGuard, SignatureValidator, BaseLib
         // Set transaction as seen, PermanentStorage would throw error if transaction already seen.
         permStorage.setRFQTransactionSeen(vars.transactionHash);
 
-        return _settle(_order, vars);
+        return _settle(_order, vars, _makerAssetPermitSig, _takerAssetPermitSig);
     }
 
     function _emitFillOrder(
@@ -140,15 +146,45 @@ contract RFQ is IRFQ, StrategyBase, ReentrancyGuard, SignatureValidator, BaseLib
     }
 
     // settle
-    function _settle(RFQLibEIP712.Order memory _order, GroupedVars memory _vars) internal returns (uint256) {
+    function _settle(
+        RFQLibEIP712.Order memory _order,
+        GroupedVars memory _vars,
+        bytes memory _makerAssetPermitSig,
+        bytes memory _takerAssetPermitSig
+    ) internal returns (uint256) {
+        // Declare the 'maker sends makerAsset to this contract' SpendWithPermit struct from _order parameter
+        SpenderLibEIP712.SpendWithPermit memory makerAssetPermit = SpenderLibEIP712.SpendWithPermit(
+            _order.makerAssetAddr,
+            address(this),
+            _order.makerAddr,
+            address(this),
+            _order.makerAssetAmount,
+            _vars.orderHash,
+            uint64(_order.deadline)
+        );
+
+        // Declare the 'taker sends takerAsset to this contract' SpendWithPermit struct from _order parameter
+        SpenderLibEIP712.SpendWithPermit memory takerAssetPermit = SpenderLibEIP712.SpendWithPermit(
+            _order.takerAssetAddr,
+            address(this),
+            _order.takerAddr,
+            address(this),
+            _order.takerAssetAmount,
+            _vars.transactionHash,
+            uint64(_order.deadline)
+        );
+
         // Transfer taker asset to maker
         if (address(weth) == _order.takerAssetAddr) {
             // Deposit to WETH if taker asset is ETH
             require(msg.value == _order.takerAssetAmount, "RFQ: insufficient ETH");
             weth.deposit{ value: msg.value }();
             weth.transfer(_order.makerAddr, _order.takerAssetAmount);
         } else {
-            spender.spendFromUserTo(_order.takerAddr, _order.takerAssetAddr, _order.makerAddr, _order.takerAssetAmount);
+            // Transfer taker asset to this contract first,
+            spender.spendFromUserToWithPermit(takerAssetPermit, _takerAssetPermitSig);
+            // then transfer from this to maker.
+            IERC20(_order.takerAssetAddr).safeTransfer(_order.makerAddr, _order.takerAssetAmount);
         }
 
         // Transfer maker asset to taker, sub fee
@@ -158,18 +194,20 @@ contract RFQ is IRFQ, StrategyBase, ReentrancyGuard, SignatureValidator, BaseLib
             settleAmount = settleAmount.sub(fee);
         }
 
-        // Transfer token/Eth to receiver
+        // Transfer maker asset to this contract first
+        spender.spendFromUserToWithPermit(makerAssetPermit, _makerAssetPermitSig);
+
+        // Transfer maker asset less fee from this contract to receiver
         if (_order.makerAssetAddr == address(weth)) {
-            // Transfer from maker
-            spender.spendFromUser(_order.makerAddr, _order.makerAssetAddr, settleAmount);
             weth.withdraw(settleAmount);
             payable(_order.receiverAddr).transfer(settleAmount);
         } else {
-            spender.spendFromUserTo(_order.makerAddr, _order.makerAssetAddr, _order.receiverAddr, settleAmount);
+            IERC20(_order.makerAssetAddr).safeTransfer(_order.receiverAddr, settleAmount);
         }
-        // Collect fee
+
+        // Transfer fee from this contract to feeCollector
         if (fee > 0) {
-            spender.spendFromUserTo(_order.makerAddr, _order.makerAssetAddr, feeCollector, fee);
+            IERC20(_order.makerAssetAddr).safeTransfer(feeCollector, fee);
         }
 
         _emitFillOrder(_order, _vars, settleAmount);

contracts/Spender.sol

@@ -1,18 +1,22 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.7.6;
+pragma abicoder v2;
 
 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "@openzeppelin/contracts/math/SafeMath.sol";
 
 import "./utils/LibConstant.sol";
 import "./utils/Ownable.sol";
+import "./utils/SpenderLibEIP712.sol";
+import "./utils/BaseLibEIP712.sol";
+import "./utils/SignatureValidator.sol";
 import "./interfaces/ISpender.sol";
 import "./interfaces/IAllowanceTarget.sol";
 
 /**
  * @dev Spender contract
  */
-contract Spender is ISpender, Ownable {
+contract Spender is ISpender, Ownable, BaseLibEIP712, SignatureValidator {
     using SafeMath for uint256;
 
     // Constants do not have storage slot.
@@ -32,6 +36,7 @@ contract Spender is ISpender, Ownable {
     mapping(address => bool) public consumeGasERC20Tokens;
     mapping(uint256 => address) public pendingAuthorized;
     mapping(address => bool) private authorized;
+    mapping(bytes32 => bool) private spendingFulfilled; // Store the fulfilled spending hash
     mapping(address => bool) private tokenBlacklist;
 
     /************************************************************
@@ -190,6 +195,27 @@ contract Spender is ISpender, Ownable {
         _transferTokenFromUserTo(_user, _tokenAddr, _recipient, _amount);
     }
 
+    /// @dev Spend tokens on user's behalf with user's permit signature. Only an authority can call this.
+    /// @param _params The params of the SpendWithPermit.
+    /// @param _spendWithPermitSig Spend with permit signature.
+    function spendFromUserToWithPermit(SpenderLibEIP712.SpendWithPermit calldata _params, bytes calldata _spendWithPermitSig) external override onlyAuthorized {
+        // Check expiry timestamp
+        require(_params.expiry >= block.timestamp, "Spender: Permit is expired");
+        // Check requester validity
+        require(_params.requester == msg.sender, "Spender: invalid requester address");
+
+        // Validate spend with permit signature
+        bytes32 spendWithPermitHash = getEIP712Hash(SpenderLibEIP712._getSpendWithPermitHash(_params));
+
+        // Validate spending is not replayed
+        require(!spendingFulfilled[spendWithPermitHash], "Spender: Permit is already fulfilled");
+        spendingFulfilled[spendWithPermitHash] = true;
+
+        require(isValidSignature(_params.user, spendWithPermitHash, bytes(""), _spendWithPermitSig), "Spender: Invalid permit signature");
+
+        _transferTokenFromUserTo(_params.user, _params.tokenAddr, _params.recipient, _params.amount);
+    }
+
     function _transferTokenFromUserTo(
         address _user,
         address _tokenAddr,

contracts/SpenderSimulation.sol

@@ -1,8 +1,10 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.7.6;
+pragma abicoder v2;
 
 import "./interfaces/IHasBlackListERC20Token.sol";
 import "./interfaces/ISpender.sol";
+import "./utils/SpenderLibEIP712.sol";
 
 contract SpenderSimulation {
     ISpender public immutable spender;
@@ -33,15 +35,13 @@ contract SpenderSimulation {
      *************************************************************/
     /// @dev Spend tokens on user's behalf but reverts if succeed.
     /// This is only intended to be run off-chain to check if the transfer will succeed.
-    /// @param _user The user to spend token from.
-    /// @param _tokenAddr The address of the token.
-    /// @param _amount Amount to spend.
-    function simulate(
-        address _user,
-        address _tokenAddr,
-        uint256 _amount
-    ) external checkBlackList(_tokenAddr, _user) {
-        spender.spendFromUser(_user, _tokenAddr, _amount);
+    /// @param _params The params of the SpendWithPermit.
+    /// @param _spendWithPermitSig Spend with permit signature.
+    function simulate(SpenderLibEIP712.SpendWithPermit calldata _params, bytes calldata _spendWithPermitSig)
+        external
+        checkBlackList(_params.tokenAddr, _params.user)
+    {
+        spender.spendFromUserToWithPermit(_params, _spendWithPermitSig);
 
         // All checks passed: revert with success reason string
         revert("SpenderSimulation: transfer simulation success");

contracts/interfaces/IRFQ.sol

@@ -4,6 +4,7 @@ pragma abicoder v2;
 
 import "./IStrategyBase.sol";
 import "../utils/RFQLibEIP712.sol";
+import "../utils/SpenderLibEIP712.sol";
 
 /// @title IRFQ Interface
 /// @author imToken Labs
@@ -15,8 +16,10 @@ interface IRFQ is IStrategyBase {
     /// @param _userSignature The signature of the order from taker
     /// @return The settled amount of the order
     function fill(
-        RFQLibEIP712.Order memory _order,
-        bytes memory _mmSignature,
-        bytes memory _userSignature
+        RFQLibEIP712.Order calldata _order,
+        bytes calldata _mmSignature,
+        bytes calldata _userSignature,
+        bytes calldata _makerAssetPermitSig,
+        bytes calldata _takerAssetPermitSig
     ) external payable returns (uint256);
 }

contracts/interfaces/ISpender.sol

@@ -1,5 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity >=0.7.0;
+pragma abicoder v2;
+
+import "../utils/SpenderLibEIP712.sol";
 
 interface ISpender {
     // System events
@@ -24,4 +27,6 @@ interface ISpender {
         address _receiverAddr,
         uint256 _amount
     ) external;
+
+    function spendFromUserToWithPermit(SpenderLibEIP712.SpendWithPermit calldata _params, bytes calldata _spendWithPermitSig) external;
 }