What Advanced Permissions Changes

Every interaction with a Web3 application has historically required an explicit user signature. Each swap, each in-game transaction, each DeFi operation meant a separate approval pop-up. Over time, that led to approval fatigue, with users habitually confirming requests without reading them closely. There was also no standardized way for a dapp to request pre-scoped, limited access to a wallet, forcing developers to build workarounds or use embedded wallets that fragmented user funds across separate addresses.

Advanced Permissions solve both problems in one design. A user approves a single, clearly defined permission at the start of an interaction. After that, the dapp operates through a session account, a dedicated account that holds no user funds and can only act within the scope the user approved. The user's main wallet stays fully in their control at all times.

The approval screen that MetaMask shows is human-readable, laying out exactly what the permission covers: the asset, the amount, the time window, and any constraints. Users can modify permission parameters if the dapp allows it before granting access.

How It Works Under the Hood

Advanced Permissions are built on two interconnected standards. ERC-7715 defines how dapps request permissions from user wallets via the wallet_grantPermissions method. ERC-7710 defines how smart contracts delegate capabilities to other accounts, enabling the session account to execute transactions directly from the user's MetaMask account within the boundaries set at approval time.

Granting an Advanced Permission is an ERC-712 signature, not an onchain transaction. This means no gas costs are incurred by the user at the permission-granting stage, and dapps can abstract gas fees from users entirely. Any chain supporting EIP-7702 can use Advanced Permissions. The feature requires MetaMask Flask 13.5.0 or later.

Caveat enforcers within the Smart Accounts Kit validate every execution onchain. If the session account attempts any action outside the granted scope, the transaction is rejected automatically.

Use Cases for Onchain Gaming and DeFi

The practical applications for gaming and interactive dapps are direct. Time-bound access permissions accept startTime and expiry parameters, which maps cleanly onto in-session game actions, seasonal pass mechanics, and scheduled executions. A game can run a full play session against a user's wallet without triggering a new approval for every collectible pick-up, item purchase, or reward claim.

For DeFi, recurring flows that previously required manual re-authorization can now be set up once. A user can authorize a dollar-cost averaging strategy to spend, for example, 10 USDC per day to buy ETH over 30 days. The application executes each daily transaction within that approved scope without the user needing to sign again. The same structure supports auto-compounding, vesting schedules, streaming token releases, and subscription payment models.

AI agents represent another significant unlock. Agents can trade, rebalance portfolios, or take actions within boundaries the user defines at the point of permission. The agent controls the session account's key and works through the delegation framework. The user's main wallet is never exposed, and the agent has no access beyond the approved scope. No separate wallet funding is required for the agent to operate.

How It Differs From ERC-20 Approvals and Session Keys

Standard ERC-20 approvals grant unlimited or fixed-amount spending authority to a contract with no time bounds, no per-period limits, and no human-readable context at the point of approval. That design has historically been a source of smart contract exploits and approval hacks, since once a malicious contract is approved, it can act without further user input.

Advanced Permissions are scoped by asset, amount, time window, and transfer pattern, and they are shown to the user in plain language before any access is granted. If a dapp exceeds its permission scope, the attempt is rejected onchain.

Session Keys, a concept that predates Advanced Permissions, offer similar temporary scoped access but stop there. Advanced Permissions extend further, adding post-execution hooks, meaning conditions can be enforced after a transaction executes rather than only before. This enables intent-based permissions where a user expresses a desired outcome rather than pre-defining exact actions, and the hook validates whether the executed result matches. If it does not, the transaction reverts.

MetaMask and Optimism: First Live Chain

Optimism has confirmed that agents and dapps can now request execution permissions over wallets directly on OP Mainnet using the ERC-7715 standard through the MetaMask integration. This makes OP Mainnet the first live chain where Advanced Permissions can be used in production.

Expansion to additional chains that support EIP-7702 is expected. MetaMask has not confirmed a broader rollout timeline beyond Optimism.

MetaMask's Broader Smart Account Push

Advanced Permissions sit within MetaMask's larger account abstraction roadmap. MetaMask Smart Accounts, the broader framework the feature is part of, support programmable account behavior including delegated permissions, multi-signature approvals, and gas abstraction. The underlying EIP-7702 standard, which shipped with Ethereum's Pectra hard fork, allows externally owned accounts to behave like smart accounts, extending Advanced Permissions' reach to standard MetaMask users who have not set up a dedicated smart contract wallet.

MetaMask is the world's leading self-custodial crypto wallet, now supporting Ethereum, Arbitrum, Optimism, Polygon, Base, Avalanche, BNB Smart Chain, Solana, Bitcoin, and Tron. For game developers, DeFi builders, and teams shipping AI-agent products, Advanced Permissions provide a standardized path to building session-based, automated, and subscription-style interactions without custody tradeoffs or wallet fragmentation.