Skip to main content

Use the function call scope

The function call scope defines the specific methods, contract addresses, and calldata that are allowed for the delegation. For example, Alice delegates to Bob the ability to call the approve function on the USDC contract, with the approval amount set to 0.

Prerequisites

Function call scope

This scope requires targets, which specifies the permitted contract addresses, and selectors, which specifies the allowed methods. You can optionally specify exactCalldata to restrict transactions to a specific operation, or specify allowedCalldata to allow transactions that match certain patterns or ranges.

Internally, this scope uses the allowedTargets and allowedMethods caveat enforcers, and optionally uses the allowedCalldata or exactCalldata caveat enforcers when those parameters are specified. See the function call scope reference for more details.

The following example sets the delegation scope to allow the delegate to call the approve function on the USDC token contract:

import { createDelegation } from "@metamask/delegation-toolkit";

// USDC address on Sepolia.
const USDC_ADDRESS = "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238"

const delegation = createDelegation({
  scope: {
    type: "functionCall",
    targets: [USDC_ADDRESS],
    selectors: ["approve(address, uint256)"],
    // allowedCalldata is optional and can only be used WITHOUT exactCalldata.
    allowedCalldata: [
      {
        startIndex: 4, // The index in the calldata byte array (including the 4-byte method selector) where the expected calldata starts.
        value: "0x1234567890abcdef", // The expected calldata.
      }
    ],
  },
  to: delegateAccount,
  from: delegatorAccount,
  environment: delegatorAccount.environment,
});

Next steps

See how to further constrain the authority of a delegation using caveat enforcers.

On this page