EIP-712 Signing
O que é EIP-712 Signing?
EIP-712 SigningAn Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
● Exemplos
- 01
A user signs an EIP-712 'Permit' message that their wallet displays as 'Approve unlimited USDC to 0x… on Ethereum Mainnet'; with a clear display, they can refuse.
- 02
A phishing dApp asks for an EIP-712 signature labeled 'Login to MyDAO'; a security extension warns the user the underlying type is actually `setApprovalForAll`.
● Perguntas frequentes
O que é EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract. Pertence à categoria Web3 e blockchain da cibersegurança.
O que significa EIP-712 Signing?
An Ethereum standard for typed, structured off-chain message signing that lets wallets display human-readable intent (e.g. 'sell 1 ETH to user X by Friday') and bind the signature to a domain, chain, and contract.
Como funciona EIP-712 Signing?
EIP-712 (Ethereum typed structured data hashing and signing), authored by Remco Bloemen, Leonid Logvinov, and Jacob Evans in 2018, is the standard underlying virtually all modern off-chain signing flows on Ethereum and EVM L2s. Before EIP-712, signing a message meant calling `eth_sign` on a 32-byte opaque hash that a wallet had no way to render — a UX and security disaster. EIP-712 introduces structured types (`bytes32 typeHash`), domain separators that bind the signature to a chain ID, verifying contract, and version, and a JSON-RPC method (`eth_signTypedData_v4`) that lets wallets display field-by-field what is being signed. Use cases include Permit and Permit2 ERC-20 approvals (no on-chain transaction needed), OpenSea / Blur listings, gasless meta-transactions, ERC-4337 UserOperations, off-chain governance votes (Snapshot), and most Web3 game-economy signatures. From a security perspective EIP-712 enables but does not guarantee user comprehension: phishing kits routinely craft EIP-712 payloads that look like a benign 'login' but actually authorize unlimited token spend — the same pattern Inferno Drainer and successors abuse. Wallets that warn on known-dangerous EIP-712 patterns (Wallet Guard, ScamSniffer, Rabby) are the practical defense.
Como se defender contra EIP-712 Signing?
As defesas contra EIP-712 Signing costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.
Quais são outros nomes para EIP-712 Signing?
Nomes alternativos comuns: EIP-712, Typed structured data signing.
● Termos relacionados
- web3№ 1155
Signature Phishing (Web3)
A Web3 phishing pattern that tricks a user into signing an EIP-712 or `personal_sign` message that authorizes the attacker to move tokens, transfer NFTs, or take wallet actions — without ever asking for a seed phrase.
- web3№ 912
Phishing de Permit2
O phishing de Permit2 induz um usuario Ethereum a assinar uma mensagem off-chain do Uniswap Permit2 que concede a um atacante o direito de transferir seus tokens ERC-20.
- web3№ 1348
Drainer de Carteira
Software malicioso ou kit de phishing que engana utilizadores de carteiras cripto para assinarem transacoes ou aprovacoes que entregam todos os tokens e NFTs valiosos.
- web3№ 1171
Seguranca de Contratos Inteligentes
Pratica de projetar, revisar e operar programas on-chain para que nao possam ser explorados para roubar fundos, congelar a logica ou violar regras de negocio.
- web3№ 590
Inferno Drainer
A 2022–2023 crypto-wallet-drainer-as-a-service that emptied tens of thousands of victims' wallets by phishing them into signing token-approval transactions on fake mint and airdrop sites, before shutting down in November 2023.
- web3№ 008
Account Abstraction (ERC-4337)
An Ethereum standard that replaces externally-owned accounts with smart-contract wallets able to express arbitrary signing logic — social recovery, session keys, sponsored gas, multi-factor approval — without Layer 1 protocol changes.
● Veja também
- № 1349WalletConnect Security