EIP-712 Signing
Qu'est-ce que EIP-712 Signing ?
EIP-712 SigningAn Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
● Exemples
- 01
A user signs an EIP-712 'Permit' message that their wallet displays as 'Approve unlimited USDC to 0x… on Ethereum Mainnet'; with a clear display, they can refuse.
- 02
A phishing dApp asks for an EIP-712 signature labeled 'Login to MyDAO'; a security extension warns the user the underlying type is actually `setApprovalForAll`.
● Questions fréquentes
Qu'est-ce que EIP-712 Signing ?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract. Cette notion relève de la catégorie Web3 et blockchain en cybersécurité.
Que signifie EIP-712 Signing ?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
Comment fonctionne EIP-712 Signing ?
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
Comment se défendre contre EIP-712 Signing ?
Les défenses contre EIP-712 Signing combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de EIP-712 Signing ?
Noms alternatifs courants : EIP-712, Typed structured data signing.
● Termes liés
- web3№ 1155
Signature Phishing (Web3)
A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
- web3№ 912
Phishing Permit2
Le phishing Permit2 amene un utilisateur Ethereum a signer un message off-chain Uniswap Permit2 qui accorde a l'attaquant le droit de transferer ses tokens ERC-20.
- web3№ 1348
Drainer de Wallet
Logiciel malveillant ou kit de phishing qui trompe les utilisateurs de portefeuilles crypto pour qu'ils signent des transactions ou approbations cedant tous leurs jetons et NFTs.
- web3№ 1171
Securite des Contrats Intelligents
Pratique consistant a concevoir, auditer et exploiter des programmes on-chain pour qu'ils ne puissent pas etre detournes afin de voler des fonds ou de violer les regles metier.
- web3№ 590
Inferno Drainer
A 2022–2023 crypto-wallet-drainer-as-a-service that emptied tens of thousands of victims' wallets by phishing them into signing token-approval transactions on fake mint and airdrop sites, before shutting down in November 2023.
- web3№ 008
Account Abstraction (ERC-4337)
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
● Voir aussi
- № 1349WalletConnect Security