- Consensys Diligence https://diligence.consensys.io/audits/private/chl9kaod7d8tlq
- KeySecurity - gkrastenov https://github.com/gkrastenov/audits/blob/9ec0d368833c67231b953ea9efc193a55de826b1/solo/P2PSwap-Security-Review.pdf
NB: The deploy at 0xb9ec645254457ad5a07a100ca150006aac97d24e has been replaced post the Diligence Audit for sending ETH in a push method vs. pull - technically it is still sound to use if preffered
NB: The deploy at 0x5343B7751483F60714Dc237d88f796b8023b529E has been replaced as it didn't support USDT, NFTs with id=0, and has a potential issue on open swaps where ETH was allocated incorrectly
If you wish to use the currently deployed app with the new features: p2pswap.app p2pswap.eth.limo
Verified contracts on Etherscan - Ethereum Sepolia:
Ethereum Mainnet:
- https://etherscan.io/address/0xF1c35b66F6B94Cb3f7a5004342300F6f7d4edbbd#code
- This is registered at:
p2pswap.eth,swapp2p.ethandp2pswop.eth
Verified contracts on LineaScan - Linea Sepolia:
Linea Mainnet:
In our examples we will use two people who want to swap or sell their Token(s) directly to someone with the security of a fee-less impartial escrow contract. For the explanation we will denote the two parties with the following:
pI(person I for initiator) - the party that initiates the swappA(person A for acceptor) - the party that completes the swap
These two parties find themselves chatting across various communities, Reddit, Discord, X (Twitter), Farcaster, Telegram, whatever, and decide they want to swap Token(s) at whatever details they agree on.
Note: Open Swaps are also available and are discussed further down.
The Token Swapper is a way for two parties to:
- Sell ERC20s (or their variants, 777, xERC20 etc - just set ERC20) for ETH.
- Swap ERC20s for other ERC20s, an ERC721, or a quantity of an ERC1155 tokens.
- Sell an ERC721 for ETH.
- Swap ERC721s for ERC20s, an ERC721, or a quantity of an ERC1155 tokens.
- Sell one or more ERC1155s for ETH.
- Swap a quantity of an ERC1155 token for ERC20s, an ERC721, or a quantity of an ERC1155 tokens.
Note: USDT is now supported due to the SafeERC20 library used from OpenZeppelin.
All token swaps can optionally include ETH on either the pI's or pA's side.
e.g. My Pudgy Penguin for 3000 DAI and 1 ETH, or 10 of my ERC1155s Id=1 and 0.5 ETH for your Lazy Lion.
Nope, nada, zilch, nothing, diddly squat - I get nothing out of this. So why did I set this up? This is because a) I can, b) I want people to have a way to swap more easily than paying crazy fees to swap, or having to go through tons of hoops to get it done without having to trust people will just send them the token(s) - no more trust me bro, I will send it to you after.
Nope, the contract is not upgradeable and has no owners, everything is based on swap configuration and whoever interacts with the contract. The only thing I can do is deploy new contracts (at my own expense) and change the UI to point to it. There is nothing stopping you using the older versions should you prefer to.
There are some L2 chains that currently don't have features such as transient storage (which is used to save gas and increase security) and support for them is included as the additional gas on an L2 costs fractionally less, so there is less concern there, and functional parity is paramount.
I have spent a lot of time and effort trying to tweak the gas to be as minimal as possible while optimising for functionality.
| Contract · Method · Min · Max · Avg · # calls · usd (avg) │
··························|·····················|·············|·············|·············|···············|··············
| NonCancunTokenSwapper · completeSwap · 76833 · 116828 · 99074 · 30 · - │
··························|·····················|·············|·············|·············|···············|··············
| NonCancunTokenSwapper · initiateSwap · 59358 · 60028 · 59677 · 104 · - │
··························|·····················|·············|·············|·············|···············|··············
| NonCancunTokenSwapper · removeSwap · 29124 · 37273 · 30762 · 15 · - │
··························|·····················|·············|·············|·············|···············|··············
| TokenSwapper · completeSwap · 69112 · 112673 · 93557 · 31 · - │
··························|·····················|·············|·············|·············|···············|··············
| TokenSwapper · initiateSwap · 59317 · 60007 · 59669 · 105 · - │
··························|·····················|·············|·············|·············|···············|··············
| TokenSwapper · removeSwap · 26751 · 35214 · 28447 · 15 · - │
··························|·····················|·············|·············|·············|···············|··············
- Assembly hashing
- Storing less on chain to reduce SLOAD and SSTORE costs
- L1 Transient Storage
- viaIR compilation
- deleting on swap completion (saves a little gas and increases security)
After discussing agreed terms, pI will set up the swap with those terms.
Super important note for pI: If pA doesn't accept the swap, pI can always retrieve their sent ETH if any and remove the swap. (removeSwap function)
pIinteracts with the swapper contract and gives the following information: (initiateSwapfunction)Swap expiryin the future to prevent later concerns- pI's Token Contract address (if not ETH only on pI's side, zero address otherwise)
- pI's Token Type (use
NONEfor ETH only on pI's side) - pI's Token Id (if not ETH only on pI's side, zero otherwise)
- pI's Token Quantity (if not ETH only on pI's side, zero otherwise)
- pI's address (this is automatic as
msg.sender, so you could do this with a contract/Safe supporting relevant NFT interfaces) - pA's Token Contract address (if not ETH only on pA's side, zero address otherwise)
- pI's Token Type (use
NONEfor ETH only on pA's side) - pA's Token Id (if not ETH only on pI's side, zero otherwise)
- pA's Token Quantity (if not ETH only on pI's side, zero otherwise)
- pA's address (Optional if not an NFT - allows anyone to accept the deal)
- Optional: ETH to sweeten the deal (Required if ETH only on pI's side)
- Optional: An ETH value that pA is expected to sweeten the deal with (Required if ETH only on pA's side)
Only one side can sweeten the deal as you might expect, it would be silly otherwise
Struct definitiona from ISwapTokens.sol
struct Swap {
uint256 expiryDate;
address initiatorERCContract;
address acceptorERCContract;
address initiator;
uint256 initiatorTokenId;
uint256 initiatorTokenQuantity;
address acceptor;
uint256 acceptorTokenId;
uint256 acceptorTokenQuantity;
uint256 initiatorETHPortion;
uint256 acceptorETHPortion;
TokenType initiatorTokenType;
TokenType acceptorTokenType;
}
-
pI and pA check the collection(s) and tokenIds are correct.
-
Both pI and pA
approvethe Token Swapper contract on their respective Token Contracts (so the contract can swap them at the same time of course). -
pA passes the
swapIdandswapdetails` into the contract to check if the following holds true (before spending and wasting gas accepting).a. pI still owns the Token(s) being swapped if any.
b. pA still owns the Token(s) being swapped if any.
c. The swapper contract has approval for pI's token.
d. The swapper contract has approval for pA's token.
e. The deal has not expired.
Note: The UI does this for you, but if you interact directly with the contract, you would do this.
-
pA accepts the swap (sending ETH if the swap is expecting pA to sweeten the deal) and boom, the Token(s) change owners. (
completeSwapfunction) -
If pI or pA sweetened the deal with ETH, pI or pA will automatically be sent their ETH portion.
At this point it is important to note that the Swapper contract immediately loses approval for the ERC721 Token(s) because they have changed ownership unless you manually did an approveForAll. The same goes for the ERC20 variants if you only set the allowance to the swap amounts.
- If the deal has expired and
pIput ETH in, they can retrieve their balance by removing the swap withdrawing their funds in the same transaction.
When pI wishes to make the swap open for anyone to accept, they are able to do so by specifying the acceptor as address zero. Importantly, this cannot apply to ERC721s on pA, so only the ERC20/1155/ETH variants are applicable.
What this all means is that anyone can accept the swap provided they fit the criteria specified by pI. e.g. First person to give me 1 ETH can have my SuperDuperABCNFT Id = 1
- Why do I have to pass the whole swap details back in to complete, remove or get the status?
- Because it is far cheaper gas wise and the intent is to save gas.. gas bad.
- Can I use this code/deploy it on other chains?
- Of course, by all means go for it. Please keep attribution and pay attention to note 1 below.
Foundry is required: Please install with https://getfoundry.sh/ - feel free to submit PRs for the Foundry tests.
-
A Cancun upgrade version is the default implementation and uses
transient storage. If deploying on another chain, see the NonCancunTokenSwapper file. -
The following tasks can be run:
npx hardhat test
npx hardhat coverage
npx hardhat test --parallel
npx hardhat run scripts/deploy.ts- To find swaps you have initiated filter the
SwapInitiatedevent with your address at topic 2. - To find swaps you have been added to accept filter the
SwapInitiatedevent with your address at topic 3. - To check if you have removed a swap as the initiator filter the
SwapRemovedevent with your address at topic 2 or the swapId at topic 1. - To check if the swap has been completed, filter the
SwapCompleteevent with either the swapId at topic 1, the initiator at 2 or acceptor at 3. The full swap details are in the data part of the event (Swap struct). - Use the event Swap Struct data for all the functions.