If Plasma’s on-chain paymaster misprocesses an ERC-20 approval, what is the provable per-block maximum loss and automated on-chain recovery path?
I was standing at a bank counter last month, watching the clerk flip between two screens. One showed my balance.
The other showed a “pending authorization” from weeks ago. She tapped, frowned, and said, “It already went through, but it’s still allowed.”
That sentence stuck with me. Something had finished, yet it could still act.
What felt wrong wasn’t the delay. It was the asymmetry. A small permission, once granted, seemed to keep breathing on its own—quietly, indefinitely while responsibility stayed vague and nowhere in particular.
I started thinking of it like leaving a spare key under a mat in a public hallway. Most days, nothing happens. But the real question isn’t if someone uses it—it’s how much damage is possible before you even realize the door was opened.
That mental model is what made me look at Plasma’s paymaster logic around ERC-20 approvals and XPL. Not as “security,” but as damage geometry: per block, how wide can the door open, and what forces it shut without asking anyone?
I still can’t tell whether the key is truly limited—or just politely labeled that way.