EIP-712 Signing
Was ist EIP-712 Signing?
EIP-712 SigningAn Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
● Beispiele
- 01
A user signs an EIP-712 'Permit' message that their wallet displays as 'Approve unlimited USDC to 0x… on Ethereum Mainnet'; with a clear display, they can refuse.
- 02
A phishing dApp asks for an EIP-712 signature labeled 'Login to MyDAO'; a security extension warns the user the underlying type is actually `setApprovalForAll`.
● Häufige Fragen
Was ist EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract. Es gehört zur Kategorie Web3 und Blockchain der Cybersicherheit.
Was bedeutet EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
Wie funktioniert EIP-712 Signing?
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
Wie schützt man sich gegen EIP-712 Signing?
Schutzmaßnahmen gegen EIP-712 Signing kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für EIP-712 Signing?
Übliche alternative Bezeichnungen: EIP-712, Typed structured data signing.
● Verwandte Begriffe
- web3№ 1155
Signature Phishing (Web3)
A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
- web3№ 912
Permit2-Phishing
Permit2-Phishing verleitet einen Ethereum-Nutzer dazu, eine Uniswap-Permit2-Off-Chain-Nachricht zu signieren, die einem Angreifer das Recht gibt, dessen ERC-20-Token zu transferieren.
- web3№ 1348
Wallet-Drainer
Schadhafte Software oder Phishing-Kit, das Krypto-Wallet-Nutzer dazu bringt, Transaktionen oder Approvals zu signieren, die alle wertvollen Tokens und NFTs abfliessen lassen.
- web3№ 1171
Smart-Contract-Sicherheit
Praxis, On-Chain-Programme so zu entwerfen, zu prufen und zu betreiben, dass sie nicht ausgenutzt werden konnen, um Mittel zu stehlen oder Geschaftsregeln zu verletzen.
- web3№ 590
Inferno Drainer
A 2022–2023 crypto-wallet-drainer-as-a-service that emptied tens of thousands of victims' wallets by phishing them into signing token-approval transactions on fake mint and airdrop sites, before shutting down in November 2023.
- web3№ 008
Account Abstraction (ERC-4337)
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
● Siehe auch
- № 1349WalletConnect Security