Advanced Security with Permit2
Security in decentralized finance is non-negotiable. Cryios deeply integrates with the highly-audited Uniswap Permit2 protocol to provide a modern, airtight, and gas-efficient checkout experience. This architecture represents the absolute gold standard for safely authorizing ERC20 token interactions.
The Critical Flaw of Traditional Approvals
Historically, standard ERC20 token payments required a cumbersome two-step on-chain process:
1. The Approval Transaction: The user submits a transaction giving a smart contract permission to pull their tokens.
2. The Transfer Transaction: The user submits a second transaction to actually execute the payment.
Because paying gas twice is a terrible user experience, developers began encouraging "Infinite Approvals" (approving the maximum integer value). This created a catastrophic security flaw: if the DApp's smart contract was ever compromised, hackers could drain the entirety of the user's approved token balance without needing any further signatures.
The Permit2 Paradigm Shift
Permit2 (EIP-2612 and broader extensions) fundamentally solves this issue. Instead of submitting a vulnerable on-chain transaction, Permit2 allows users to sign a cryptographically secure message off-chain. This signature explicitly grants the Cryios checkout contract permission to transfer an exact amount of tokens, for a specific transaction, within a strictly enforced expiration window.
Ironclad Security
Permit2 signatures contain cryptographic nonces, precise monetary limits, and immutable deadlines. Because approvals are scoped to the exact penny of the checkout price, there is absolutely zero "infinite approval" risk to your customers' wallets.
Gas Efficiency & UX
By bundling the approval logic into an off-chain signature (which costs $0 to generate) and submitting it concurrently with the payment transfer, we effectively cut the number of on-chain interactions in half. Your customers pay less gas and experience a much faster checkout.
The Cryios Implementation Flow
When a customer lands on your generated Cryios checkout link and initiates a payment, the following sequence occurs under the hood:
The Cryios frontend queries the blockchain to check if the user has already granted Permit2 master access to our settlement contract.
If they haven't, their wallet prompts them to sign a one-time approval targeting the secure Uniswap Permit2 singleton.
To authorize the specific payment, the user is prompted to sign an EIP-712 PermitTransferFrom message containing the exact cart total.
Cryios submits this off-chain signature along with the transaction data to our payment splitter contract, which cryptographically validates the signature via Permit2 and distributes the funds to the merchant.
A Trustless Infrastructure
Because the Permit2 architecture was developed, aggressively audited, and deployed by the Uniswap team, customers can rest assured that their signatures are only valid for the exact payment they intend to make, and absolutely nothing more. Cryios acts purely as the decentralized routing layer; we never have access to private keys or unauthorized spending power.
For Security Researchers & Developers
Our settlement contracts are deployed identically across Base, BSC, Optimism, and Polygon. For interaction purposes, they point to the canonical, immutable Permit2 singleton deployed by Uniswap at: