Skip to main content

Background

In the x402 payment protocol, we aim for:
  1. Gasless users: the Facilitator pays all on-chain transaction fees
  2. Minimal trust: the user only needs to trust the seller, not the Facilitator
  3. Simplicity: the seller does not need to deploy complex smart contracts

Trust issues with traditional Permit approaches

Approach A: authorize the Facilitator

If the user authorizes the Facilitator (spender = facilitator), there are trust risks: 
// ❌ Risky approach
const permit = {
  owner: buyerAddress,
  spender: facilitatorAddress, // authorize the intermediary
  value: amount,
};
Issues:
  • The user must trust the Facilitator not to act maliciously
  • The Facilitator can theoretically move funds to any address
  • Violates x402’s “minimal trust” principle

Approach B: authorize the seller — who pays gas?

If the user authorizes the seller directly (spender = seller): 
// ✅ Correct trust model
const permit = {
  owner: buyerAddress,
  spender: sellerAddress, // authorize the seller
  value: amount,
};
Issues:
  • The seller must submit the transaction and pay gas
  • Or the seller must deploy a smart contract to handle the payment
  • Raises the seller’s technical barrier and cost

EIP-7702 to the rescue

What is EIP-7702?

EIP-7702 allows EOA (regular wallet addresses) to temporarily gain smart contract capabilities:
  • Via an off-chain signature, an EOA can “delegate” smart contract code
  • During the delegation, the EOA behaves like a smart contract
  • The delegation can be revoked anytime to restore a normal EOA
// Seller signs a one-time authorization (off-chain, free)
const authorization = {
  chainId: 84532, // Base Sepolia
  codeAddress: "0xSellerWalletContract", // seller wallet contract
  nonce: 0,
};

const signature = await sellerWallet.signTypedData(
  domain,
  types,
  authorization
);
Effects after authorization: 
Seller’s EOA (0xSeller123):
  ├─ External: still a normal EOA address
  ├─ Internal: executes smart contract code
  ├─ Capabilities: auto split, access control, etc.
  └─ Revocable: can revert to a normal EOA at any time

How the seller wallet contract works

After the seller upgrades their EOA into a “seller wallet” via EIP-7702, it can implement:
  1. Receive the user’s Permit authorization (authorized to the seller EOA)
  2. Automatically execute transfers (from the user wallet to the seller EOA)
  3. Automatically split:
    • 99% to the seller’s beneficiary address
    • 1% as the Facilitator fee

Full payment flow

Step 1: Seller enables EIP-7702 (one-time)
  Seller → signs delegation → EOA gains seller wallet capabilities

Step 2: User initiates payment (every time)
  1. User requests resource → server returns 402
  2. User generates Permit signature (spender = seller EOA)
  3. User sends signature in the X-PAYMENT header

Step 3: Verification and settlement (every time)
  1. Facilitator receives the payment request
  2. Verifies Permit signature
  3. Submits on-chain tx (Facilitator pays gas)
  4. Seller wallet contract performs auto split

Step 4: Funds arrive (immediate)
  User wallet → Seller EOA → Auto split
     ├─→ 99% → seller beneficiary account
     └─→ 1%  → Facilitator fee

Key benefits

1. Zero-custody risk

Funds path: user → seller EOA → auto split

         └─ Facilitator never touches funds!
  • Facilitator only: submits tx + pays gas
  • Funds go directly from user to seller-designated address
  • No third-party custody involved

2. Minimal-trust model

// What the user sees during authorization
permit.spender = "0xSeller123"; // seller address

// Instead of
permit.spender = "0xFacilitator456"; // intermediary address
  • The user only needs to trust the seller (natural buyer-seller trust)
  • No need to trust the Facilitator or any third party
  • Matches user expectations

3. Fully gasless for users

  • All on-chain fees are paid by the Facilitator
  • The user only signs (off-chain, free)
  • Facilitator is incentivized via fee share (e.g., 1%)

4. Zero barrier for sellers

No contract deployment: just sign an EIP-7702 authorization
No gas needed: Facilitator sponsors the gas
No technical background needed: as easy as using MetaMask
  • One-time setup cost: ~$1–3 (EIP-7702 authorization gas)
  • All subsequent payments: zero cost
  • Much lower than deploying a contract (~$50–200)

5. Flexible configuration

Each seller can configure:
  • Beneficiary address: where funds finally arrive
  • Fee rate: the Facilitator’s share (e.g., 0–5%)
  • Trusted Facilitators: whitelist mechanism

6. Keep EOA identity

The seller remains a normal EOA:
  ✅ Manageable directly via MetaMask
  ✅ Revocable at any time
  ✅ Upgradable to a new wallet contract
  ✅ No need to learn smart contract dev

Comparison to other approaches

ApproachGasless userMinimal-trustSeller barrierCost
Authorize FacilitatorLowNone
Seller submits txMediumNone
Seller deploys contractHighMedium
EIP-7702 seller walletLowLow (~$0.05)

Suitable scenarios

  • Support for more tokens/chains/use cases
  • Minimal-trust principle (buyer only trusts the seller)
  • Desire to incentivize Facilitators (fee sharing)

Get started

Want to use the EIP-7702 seller wallet? See:

Quick Start

Deploy an EIP-7702 seller wallet in 5 minutes

Seller Guide

Detailed server integration steps

What is x402x

Learn x402x’s extension capabilities

Code Snippets

See full code examples