Skip to main content
This is the on-chain Solidity struct. The JSON payload omits the payer field; the facilitator recovers it from the signature at settlement time. Wire-format extra uses spec-level field names; the on-chain struct keeps canonical names so the EIP-712 typehash matches the AuthCaptureEscrow contract byte-for-byte.

Expiry Ordering

The contract enforces: preApprovalExpiry <= authorizationExpiry <= refundExpiry

Safety Guarantees

The escrow contract enforces invariants on-chain:

No Overcharging

The client-signed maxAmount caps the settlement amount. Attempts to exceed the limit revert.

Replay Prevention

Each payment has a unique nonce derived from (chainId, escrowAddress, paymentInfoHash). The nonce is consumed on-chain at settlement.

Payer Reclaim

After captureDeadline, the payer can reclaim escrowed funds directly without captureAuthorizer approval.

Fee Bounds

Min/max fee bounds in PaymentInfo are client-signed and enforced on-chain. The captureAuthorizer must respect these limits.
CaptureAuthorizer Trust Required: The captureAuthorizer controls when and how much to capture. Choose with intent and understand the capture policy. See PaymentOperator for examples.

Next Steps

Wire Format

Where each PaymentInfo field comes from on the wire.

Verification and Settlement

The 13-step verification flow that enforces these invariants.