ERC-3009: The Protocol Powering x402 Payments
Source: Dev.to
Introduction
At the heart of x402’s payment mechanism lies ERC‑3009, a standard that enables gasless token transfers through cryptographic signatures. Understanding this protocol is key to grasping how x402 achieves frictionless payments without requiring users to hold native tokens for gas.
UX Problems with the ERC‑20 Approve/TransferFrom Pattern
- Two transactions required: first
approve, thentransferFrom. - Two gas fees: users pay twice.
- Native token dependency: must hold ETH just to move USDC.
- Sequential nonces: transactions must be ordered, creating bottlenecks.
How ERC‑3009 Solves These Issues
Instead of on‑chain approvals, the payer signs an off‑chain authorization message that can be submitted by anyone.
function transferWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;
function receiveWithAuthorization(
address from,
address to,
uint256 value,
uint256 validAfter,
uint256 validBefore,
bytes32 nonce,
uint8 v,
bytes32 r,
bytes32 s
) external;Workflow
- Payer signs a message conforming to EIP‑712 typed data.
- Message is sent to a relayer or facilitator (off‑chain).
- Relayer submits the signature on‑chain.
- Contract verifies the signature and executes the transfer.
- Relayer pays gas, not the payer.
Random Nonces vs. Sequential Nonces
| Aspect | ERC‑2612 (Sequential) | ERC‑3009 (Random) |
|---|---|---|
| Nonce format | 0, 1, 2, 3… | Random bytes32 |
| Parallel ops | ❌ Must be ordered | ✅ Fully independent |
| High‑frequency use | ❌ Bottleneck | ✅ Scales infinitely |
For x402 and AI agents, this is transformative: an agent can generate thousands of concurrent payment authorizations without conflicts.
x402 Protocol Flow Using ERC‑3009
- Client requests a protected resource.
- Server returns a
402response with payment requirements. - Client constructs an ERC‑3009 authorization message and signs it with their wallet.
- Client retries the request with an
X-PAYMENTheader containing the signed message. - Facilitator verifies the signature.
- Server responds with the requested content.
- Facilitator settles by calling
transferWithAuthorization.
Token Support
| Token | Issuer | ERC‑3009 Support |
|---|---|---|
| USDC | Circle | ✅ Yes (v2+) |
| EURC | Circle | ✅ Yes |
| USDT | Tether | ❌ No |
| DAI | MakerDAO | ❌ No |
This is precisely why x402 focuses on USDC rather than USDT.
Feature Comparison: ERC‑2612 vs. ERC‑3009
| Feature | ERC‑2612 | ERC‑3009 |
|---|---|---|
| Purpose | Approve allowance | Direct transfer |
| Steps | Sign → Approve → Transfer | Sign → Transfer |
| Nonce type | Sequential | Random |
| Use case | DeFi protocols | Payments, x402 |
Further Reading
- x402 Developer’s Guide – Build your first paid API
- x402 Facilitators – Understanding the settlement infrastructure
- Why x402 Doesn’t Support USDT – Token compatibility explained
- Solana’s Authorization Mechanism – The non‑EVM equivalent
- EIP‑3009 Specification
- EIP‑712: Typed Data Signing
- Circle’s USDC Implementation
ERC‑3009 transforms how we think about token transfers. By moving authorization off‑chain, it enables the frictionless, gasless payments that make x402 possible.