Knoqnoq Forum: Everything You Want to Discuss, Most Discussed in India
Search
Reply: 0

About eth_signTypedData

[Copy link]

31

Threads

21

Posts

231

Credits

Intermediate member

Rank: 3Rank: 3

Credits
231
Post time 7-9-2023 11:02:31 | Show all posts |Read mode
Following the EIP-712 standard, for hashing or signing structured data, offline signing is recommended. SlowMist has mentioned potential security issues even with signTypedData_v4. While the signature information may appear clear, it could be an identical signature request initiated by a phishing website, which could be exploited later.

Hence, for wallets, not only should they support parsing structured data of signTypedData but also display the application's name and URL as the signature source, along with interaction history. Even for non-standard EIP-712 wallets, intelligent risk prompts should be in place.

Scenario: Signature for Transactions

Transferring tokens is a major use case for wallets. It involves transferring Ethereum's native token ETH as well as tokens adhering to ERC-20 and ERC-721 standards. Security tools like MistTrack developed by SlowMist provide risk address labels. Wallets need to intelligently intercept or display risk alerts to help users avoid falling victim.

Apart from that, there are non-conventional transfer scenarios, such as transferring to contract addresses. Standard wallet transfers go to Externally Owned Accounts (EOA), but if the recipient address is a contract address, special attention is required as risks often exist, although it might also be a contract wallet address. For wallets, intelligently recognizing whether an address is a regular one or a contract address and adding specific label alerts for contract addresses can help enhance user security awareness.
Reply

Use magic Report

You have to log in before you can reply Login | Register

Points Rules

Quick Reply To Top Return to the list