Skip to main content

ERC-2612 Permit vs Permit2 Compared

ERC-2612 native permit and Uniswap Permit2 compared: how each works, gas tradeoffs, security model, and when integrators should choose one over the other.

Written by Eco
Updated today


Token approvals on ERC-20 contracts traditionally require two transactions: approve first, then transferFrom by the spender. ERC-2612 and Permit2 both compress this into one transaction by accepting a signed off-chain message, but they take different paths. ERC-2612 modifies the token contract itself; Permit2 is a separate Uniswap-deployed contract that wraps any ERC-20 with permit-like behavior.

This article compares the two mechanisms across signature format, security model, gas cost, and integration patterns. It covers when DAI's native ERC-2612 permit is the right choice, when Permit2's universal wrapper wins, and how production protocols like Uniswap, 1inch, CoW Swap, and Aave route approvals.

What Is ERC-2612?

ERC-2612 adds a permit function to ERC-20 tokens. The function accepts an EIP-712 signed message containing owner, spender, value, deadline, and a nonce, then sets the allowance and emits an Approval event. The result: a user signs once off-chain, a third party submits the permit and the subsequent transfer in a single transaction, and the user pays no gas for the approval step (the spender contract pays).

ERC-2612 was finalized in April 2020. DAI shipped native permit support before the EIP existed, and the standard formalized DAI's pattern. As of April 2026, USDC supports ERC-2612 permit on most chains, alongside DAI, USDS, FDUSD, and many DeFi tokens. The full Permit1 mechanics (EIP-712 domain separator, nonces, deadline checks) are covered in the Permit1 deep dive.

What Is Permit2?

Permit2 is a Uniswap-deployed contract — not an EIP — that lives at 0x000000000022D473030F116dDEE9F6B43aC78BA3 on Ethereum, Arbitrum, Optimism, Polygon, Base, and most major EVM chains. Uniswap published the contract in November 2022 alongside the Universal Router. Permit2 documentation details the architecture.

Permit2 wraps ERC-20 tokens with two layers. First, a user grants Permit2 a one-time, unlimited approval on the token (the standard approve path). After that, every spend through Permit2 uses a signed message specifying the actual spender, amount, deadline, and nonce. The wrapper re-creates ERC-2612-like UX for any ERC-20, including tokens that don't natively implement permit.

Uniswap Universal Router, 1inch Fusion, CoW Protocol, and Aave's Wallet Connect router all use it.

Side-by-Side Comparison

The two standards solve the same problem with different tradeoffs.

  • Where the logic lives: ERC-2612 lives inside the token contract. Permit2 is a separate contract that proxies token approvals.

  • Coverage: ERC-2612 only works for tokens that explicitly implement it. Permit2 works for any ERC-20 — including tokens deployed before 2020 that have no permit support.

  • Signature format: Both use EIP-712 typed data signatures. ERC-2612's domain separator is the token contract; Permit2's domain separator is the Permit2 contract.

  • Approval count: ERC-2612 needs no prior approval (each permit signature both approves and transfers). Permit2 needs a one-time max approval to the Permit2 contract per token, then uses signatures for each spend.

  • Allowance model: ERC-2612 sets an allowance on the token contract that persists until consumed or overwritten. Permit2 supports both single-use signatures (SignatureTransfer) and time-bounded allowances (AllowanceTransfer).

  • Replay protection: ERC-2612 uses a per-token, per-owner nonce. Permit2 uses a 256-bit nonce space per owner with bitmap accounting, allowing parallel pending signatures.

  • Gas cost (typical swap): ERC-2612 saves one transaction outright (~21,000 gas + storage). Permit2 saves the approval transaction on every subsequent spend after the initial setup; first-time use costs more than ERC-2612 because of the extra contract hop.

Security Model Differences

The two standards expose different risk surfaces. Builders choosing between them should understand each.

ERC-2612 Risk

The classic ERC-2612 phishing pattern: a malicious dApp tricks a user into signing a permit with the attacker as spender and a deadline far in the future. The attacker submits the permit, sets max allowance, and drains the token. Because the signature is off-chain, wallets historically displayed it as a benign "signature request" rather than a transaction. MetaMask's security blog documented several variants in 2023–2024.

Mitigations: modern wallets (MetaMask, Rabby, Phantom) parse permit signatures and warn users about spender, amount, and deadline. Some chains and tokens added "permit allowlist" mechanisms. The fundamental risk — a signed permit is functionally a signed transfer — remains.

Permit2 Risk

Permit2 inherits the ERC-2612 phishing pattern and adds a second risk surface: once a user grants Permit2 max allowance on a token, every signature against the Permit2 domain can move that token. A user with 50 tokens approved to Permit2 has 50 tokens at risk from any phished signature.

Mitigations: Permit2 supports time-bounded allowances and signature deadlines. Wallets parse Permit2 signatures and surface the spender. Some users prefer ERC-2612 specifically because the per-token approval boundary is cleaner — phishing one signature leaks one token, not the wallet.

Integration Patterns

Production protocols choose based on which tokens they expect to handle.

Uniswap Universal Router

Universal Router routes through Permit2 by default. A swap from USDC to WETH on Uniswap v3 via Universal Router consumes a Permit2 signature, executes the swap, and refunds gas in one transaction. Uniswap chose Permit2 because the router needs to handle every ERC-20, not just permit-enabled ones.

CoW Swap and 1inch Fusion

Both intent-based aggregators use Permit2 for the same reason as Uniswap: solver routing across arbitrary tokens needs a universal approval layer. CoW Protocol's Permit2 docs explain the integration.

Aave Wallet Balance and Migrator Helpers

Aave's helper contracts use ERC-2612 permits when interacting with permit-enabled tokens (USDC, DAI) and fall back to standard approve for tokens that don't support permit. The choice is per-token rather than universal.

Direct ERC-2612 Use

Standalone DEX integrations, stablecoin payment apps, and treasury tools commonly use ERC-2612 directly when they only deal with one or two known tokens (USDC, DAI). The simpler integration footprint — one contract, one signature type — is worth the limited token coverage.

Choosing Between Them

The decision rules:

  • Pick ERC-2612 when you only handle a small set of permit-enabled tokens, want the simplest possible integration, and prefer per-token approval boundaries for security UX.

  • Pick Permit2 when you need to handle arbitrary ERC-20s, batch multiple token movements, or want to deduplicate the per-token approval state across many spenders.

  • Use both when you build a router or aggregator: prefer ERC-2612 for tokens that natively support it, fall back to Permit2 for the rest.

Why Permits Matter for Stablecoin Routing

Stablecoin orchestration platforms read both signature formats as canonical input. Eco's stablecoin orchestration network accepts ERC-2612 permits for the major stablecoins that ship native support (DAI, USDC, USDS, PYUSD) and Permit2 signatures for tokens that don't. The orchestrator deserializes the signature, executes the source-chain transfer, then routes through CCTP, Hyperlane, or LayerZero based on cost and finality. The user signs once; the platform handles approval, routing, and settlement. Read the stablecoin automation platforms overview and the essential ERC standards reference.

FAQ

Is Permit2 an EIP?

No. Permit2 is a contract Uniswap deployed at a deterministic address across chains. It is not part of the Ethereum standards process. ERC-2612 is the EIP; Permit2 is a Uniswap-published wrapper that gives ERC-2612-like behavior to any ERC-20.

Does USDC use ERC-2612 or Permit2?

USDC supports ERC-2612 natively on most chains. USDC also flows through Permit2 because users may already have a Permit2 approval set, and Universal Router and Permit2-based aggregators consume USDC through it. Both work; the choice is up to the spender contract.

Can a phished ERC-2612 permit drain my whole wallet?

No. An ERC-2612 permit applies to one specific token contract. A phished permit on USDC drains USDC, not other tokens. A phished Permit2 signature can drain any token the user previously approved to the Permit2 contract.

What is the difference between Permit2 SignatureTransfer and AllowanceTransfer?

SignatureTransfer is single-use: each signed message authorizes one transfer and cannot be replayed. AllowanceTransfer creates a time-bounded allowance the spender can draw from multiple times. Aggregators use SignatureTransfer for individual swaps; protocols expecting recurring spends use AllowanceTransfer.

Which is more gas-efficient?

For a single transfer on a permit-enabled token with no prior Permit2 setup, ERC-2612 wins by ~30,000 gas (one fewer contract hop). For repeated transfers after Permit2 is set up, Permit2 is roughly comparable per spend, with the benefit that one approval covers all future spenders.

Related Articles
What is Permit1? A Complete Guide to ERC-2612 Gasless Token Approvals
What Is Permit2? A 2026 Guide to Token Approvals
Evolution of Token Approvals: ERC-20 to Permit3
Essential ERC Standards Every Builder Should Know
EIP-3009 Authorization Transfer for Stablecoins
Did this answer your question?