EIP-712 Signing
¿Qué es EIP-712 Signing?
EIP-712 SigningAn Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
● Ejemplos
- 01
A user signs an EIP-712 'Permit' message that their wallet displays as 'Approve unlimited USDC to 0x… on Ethereum Mainnet'; with a clear display, they can refuse.
- 02
A phishing dApp asks for an EIP-712 signature labeled 'Login to MyDAO'; a security extension warns the user the underlying type is actually `setApprovalForAll`.
● Preguntas frecuentes
¿Qué es EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract. Pertenece a la categoría de Web3 y blockchain en ciberseguridad.
¿Qué significa EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
¿Cómo funciona EIP-712 Signing?
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
¿Cómo defenderse de EIP-712 Signing?
Las defensas contra EIP-712 Signing combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para EIP-712 Signing?
Nombres alternativos comunes: EIP-712, Typed structured data signing.
● Términos relacionados
- web3№ 1155
Signature Phishing (Web3)
A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
- web3№ 912
Phishing de Permit2
El phishing de Permit2 engaña a un usuario de Ethereum para que firme un mensaje off-chain de Uniswap Permit2 que otorga al atacante permiso para transferir sus tokens ERC-20.
- web3№ 1348
Drainer de Carteras
Software malicioso o kit de phishing que enganan a los usuarios de wallets cripto para que firmen transacciones o aprobaciones que entregan todos sus tokens y NFTs valiosos.
- web3№ 1171
Seguridad de Contratos Inteligentes
Practica de disenar, revisar y operar programas en cadena de modo que no puedan ser explotados para robar fondos, congelar la logica o violar las reglas de negocio.
- web3№ 590
Inferno Drainer
A 2022–2023 crypto-wallet-drainer-as-a-service that emptied tens of thousands of victims' wallets by phishing them into signing token-approval transactions on fake mint and airdrop sites, before shutting down in November 2023.
- web3№ 008
Account Abstraction (ERC-4337)
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
● Véase también
- № 1349WalletConnect Security