EIP-3009: Transfer With Authorization
EIP-3009 is the gasless transfer primitive USDC uses on Ethereum and Base. It's the on-chain mechanism behind the x402 "exact" scheme: the buyer signs an authorization, the seller (or facilitator) submits it on-chain to settle. If you're building anything that spends USDC on behalf of a user without them paying gas, this is the spec.
What It Defines
Adds transferWithAuthorization() and receiveWithAuthorization() to ERC-20 tokens, allowing a holder to sign an EIP-712 message authorizing a specific (from, to, value, validAfter, validBefore, nonce) transfer that any third party can submit. Unlike EIP-2612 nonces (sequential, per-owner), EIP-3009 uses random 32-byte nonces tracked in a bitmap, so authorizations can be issued and submitted out of order — making it well-suited for parallel payment flows.
Canonical (Normative)
Convenient (Practical)
The Ethereum community's open process for proposing changes to the protocol. EIPs cover core protocol changes; ERCs (Ethereum Request for Comments) cover application-layer standards like token interfaces.
Related Specs
ERC-20 is the most widely deployed standard in the Ethereum ecosystem. Every DeFi integration, exchange, and wallet interacts with ERC-20 tokens constantly.
EIP-712 is the standard for secure off-chain message signing used in permit() flows, meta-transactions, and Sign-In with Ethereum. Prevents blind signing attacks.
EIP-2612 is how DEXes, lending protocols, and meta-tx relayers achieve gasless approvals. If you're integrating ERC-20s into any UX where the user shouldn't need ETH first, permit() is the canonical solution. DAI, USDC, and most modern stablecoins implement it.
x402 is the leading candidate for the agent-economy payment rail: it lets an AI agent (or any HTTP client) pay for an API call inline, with no API key, no signup, and no human-in-the-loop. If you're building agentic apps, paid MCP servers, per-request data products, or anything where "charge for this request without a session" matters, x402 is the standard to know — supported by Coinbase, Cloudflare, Vercel AI Gateway, and a growing facilitator ecosystem.