Delegation

Delegation is the ability for an account owner (the delegator) to grant permission to another smart contract account (SCA) or externally owned account (EOA) to perform specific actions on the delegator's behalf.

Caveats can be used to apply rules and restrictions to delegations. For example: Alice delegates the ability to spend her USDC to Bob, limiting the amount to 100 USDC.

Users can also redelegate permissions that have been delegated to them, creating a chain of delegations across trusted parties.

A delegation conforms to the following structure:

export type DelegationStruct = {
  delegate: Hex; // The account that receives permissions to perform actions on behalf of another account.
  delegator: Hex; // The account that assigns the permission to another account.
  authority: Hex; // The authority under which the delegation is made. The default is ROOT_AUTHORITY.
  caveats: CaveatStruct[]; // An array of caveat enforcers.
  salt: bigint; // A unique value to ensure the uniqueness of the delegation.
  signature: Hex; // The cryptographic signature that verifies the delegation.
};

Delegation lifecycle

The delegation lifecycle is as follows:

1. Delegation creation - An account owner initializes a delegation with caveats, and signs it.

2. Caveat enforcement - Caveats are applied to the delegation to specify conditions under which the delegation can be redeemed.

3. Delegation storage - The delegation must be stored in order to be available for redemption in the future.

4. Delegation redemption - The delegation is redeemed through an ERC-4337 user operation or an EOA, verifying that the delegator's authority is valid for the action to be executed.

See how to manage delegations for instructions on completing specific tasks within the delegation lifecycle.

Delegation Framework

The MetaMask Delegation Toolkit includes the Delegation Framework, which is a set of comprehensively audited smart contracts that collectively handle delegator account creation, the delegation lifecycle, and caveat enforcement. It consists of the following components:

• Delegator Core - Delegator Core contains the logic for the ERC-4337 compliant delegator accounts. It defines the interface needed for the Delegation Manager to invoke actions on behalf of the accounts.

• Delegator account implementations - There are multiple delegator account implementations, with the main difference being the signature scheme used to manage the underlying account:

  • Multi-signature delegator - This enables multi-signature (multisig) authentication with a specified threshold or minimum number of EOA signatures required. This threshold can be updated by the account owner. Signers can be added, removed, and replaced.

  • Hybrid delegator - This supports both EOA and passkey (NIST P-256) signatures for authentication. Multiple signers can be added, but only one is needed for a valid signature. Hybrid delegator inherits from ERC-173, enabling transfer of ownership. Both EOA and passkey signers can be added or deleted.

• Delegation Manager - The Delegation Manager validates delegations and triggers actions on behalf of the delegator, ensuring tasks are executed accurately and securely.

  When a delegation is redeemed, the Delegation Manager:

  1. Validates that the delegation exists, or throws the error NoDelegationsProvided.
  2. Validates that the redeemer is the same as the delegate, or throws the error InvalidDelegate.
  3. Checks for on-chain validation of any empty signatures.
  4. Ensures signature validity by calling isValidSignature on the delegator, and passing it the EIP-712 typed data hash and the delegation signature.
  5. Validates the delegate's authority.
  6. For each of the delegation's caveats, sends the terms, arguments, action, delegation hash, delegator address, and redeemer address to the caveat enforcer.
  7. Calls executeDelegatedAction on the delegator account.

• Caveat enforcers - Caveat enforcers manage rules and restrictions for delegations, providing fine-tuned control over delegated actions. Learn more about caveat enforcers.