EIP-712 (Ethereum Improvement Proposal 712) is a standard for typed structured data signing. Unlike signing raw, opaque hexadecimal hashes, EIP-712 allows users to sign a human-readable representation of complex data structures, such as orders, permissions, or votes, before the data is hashed and verified on-chain. This provides cryptographic guarantees that the signer explicitly approved the exact, readable content, significantly improving security and user experience for decentralized applications (dApps) by preventing signature misuse.
LABS
Glossary
EIP-712
EIP-712 is an Ethereum Improvement Proposal that defines a standard for hashing and signing typed, structured data, making off-chain message signatures more secure and human-readable.
Chainscore © 2026
definition
ETHEREUM STANDARD
What is EIP-712?
EIP-712 is a standard for typed, structured data hashing and signing in Ethereum, enabling secure and human-readable signatures for complex data.
The core innovation is the EIP-712 domain separator and type hashing. A signature is created by constructing a hash from: the domain separator (which includes the dApp's name, version, chain ID, and contract address), the specific data structure's type definition, and the data values themselves. This creates a unique, context-bound signature that cannot be replayed on other chains or contracts. Wallets like MetaMask can display this structured data in a readable format, allowing users to verify exactly what they are signing.
Common use cases for EIP-712 include gasless transactions (via meta-transactions or permit patterns), decentralized exchange order signing, and DAO governance votes. For example, the permit function for ERC-20 tokens uses EIP-712 to allow a token holder to sign an approval for a spender, which can then be submitted by a third party, saving the holder gas. This standard is foundational for secure off-chain agreement systems, moving complex logic off-chain while maintaining strong on-chain verification.
how-it-works
ETHEREUM STANDARD
How EIP-712 Works
EIP-712 is an Ethereum Improvement Proposal that defines a standard for typed structured data signing, enabling secure and human-readable signatures for off-chain messages.
EIP-712 is a standard for typed structured data signing that allows users to sign a human-readable representation of complex data, rather than an opaque hexadecimal hash. It works by defining a type structure—including the domain separator (EIP712Domain) and the specific message types—that is hashed together with the data to create a deterministic signature payload. This process ensures the signer can clearly verify the exact content they are approving, which is a significant security and usability improvement over signing raw, unreadable hashes. The resulting signature is a standard secp256k1 signature, identical in format to a transaction signature, but generated for off-chain data.
The technical mechanism hinges on the EIP-712 Domain Separator, a unique hash that includes the contract's verifying address, name, version, chain ID, and salt. This separator cryptographically ties the signature to a specific context, preventing signatures from being replayed on different contracts or networks. The message data itself is encoded according to its predefined type hash, which is derived from the structure's field names and types. The final digest to be signed is keccak256(\"\\x19\\x01\" || domainSeparator || messageHash). This structured approach allows wallets like MetaMask to display a clear, formatted preview of the data, making signature phishing far more difficult.
A primary use case for EIP-712 is enabling gasless transactions via meta-transactions or systems like OpenZeppelin's ERC20Permit. Instead of paying gas to approve a token transfer, a user can sign an EIP-712 structured message off-chain, which a relayer can then submit to the blockchain, executing the approved action on the user's behalf. This standard is also fundamental for decentralized exchanges (DEXs) implementing limit orders, decentralized identity attestations, and any application requiring verifiable user consent for complex off-chain agreements. Its adoption represents a shift towards more secure and user-friendly blockchain interactions beyond simple value transfers.
key-features
ETHEREUM IMPROVEMENT PROPOSAL
Key Features of EIP-712
EIP-712 is a standard for typed structured data hashing and signing, enabling secure, human-readable signatures for off-chain messages that can be verified on-chain.
01
Structured Data Signing
EIP-712 defines a type-safe schema for signing messages, moving beyond raw hexadecimal strings. Signers approve a structured object with defined fields and types (e.g., address from, uint256 amount), which is then deterministically hashed. This prevents ambiguity and ensures the signed data is exactly what the user sees.
02
Human-Readable Verification
The standard introduces a verification UI that wallets can display to users. Before signing, users see a clear, formatted representation of the data, including the domain separator (like the dApp name and version). This drastically improves security by preventing signature phishing, where users might unknowingly sign malicious transactions.
03
Domain Separator
A critical security component that cryptographically ties a signature to a specific context, preventing replay attacks. It includes:
- name: The user-facing name of the dApp.
- version: The version of the signing schema.
- chainId: The EIP-155 chain ID.
- verifyingContract: The contract address that will verify the signature.
- salt: An optional disambiguating salt.
04
TypeHash & Encoded Data
The signature process relies on two core hashes:
- typeHash: A
keccak256hash of the type definition string (e.g.,"Mail(address from,address to,string contents)"). This is constant for a given schema. - encodeData: The ABI-encoded packed values of the instance data, hashed together with the
typeHash. The final EIP-712 digest to sign iskeccak256(\"\\x19\\x01" + domainSeparator + hashStruct(message)).
05
On-Chain Verification
Smart contracts verify EIP-712 signatures using the ecrecover function. The contract must reconstruct the EIP-712 digest identically by hashing the provided message data with the pre-defined domain separator and type hash. A successful ecrecover call returns the signer's address, which the contract can then authorize for an action.
06
Use Cases & Adoption
EIP-712 is foundational for secure off-chain interactions. Common applications include:
- Gasless Transactions (MetaTransactions): Users sign orders that a relayer submits and pays for.
- Decentralized Exchange Orders: Signing limit orders for later on-chain settlement.
- DAO Governance: Voting on proposals off-chain with on-chain execution.
- Access Delegation: Granting permissions to smart contracts or other users.
code-example
IMPLEMENTATION GUIDE
Code Example: EIP-712 Domain & Struct
A practical walkthrough of the core components required to implement EIP-712 typed structured data signing in a smart contract and frontend application.
The EIP-712 Domain Separator is a unique identifier that cryptographically binds a signature to a specific contract and blockchain, preventing signature reuse across different applications. It is defined as a struct containing fields like name, version, chainId, verifyingContract, and salt. Hashing this struct creates the DOMAIN_SEPARATOR, a critical component that ensures a signature for "Contract A" on Ethereum Mainnet is invalid for "Contract B" on Polygon. Developers must compute this separator off-chain and pass it as part of the signature verification data to the smart contract.
The EIP-712 Struct defines the schema of the data being signed, moving beyond raw hashes to human-readable type information. For a permit function, this would be a Permit struct with fields for owner, spender, value, nonce, and deadline. Each field has a name and an explicit type (e.g., address, uint256). This struct, along with the domain separator, is used to generate the type hash (TYPE_HASH). Both the DOMAIN_SEPARATOR and TYPE_HASH are typically stored as immutable constants within the smart contract for efficient on-chain verification using ecrecover.
A complete implementation involves coordinating off-chain signing and on-chain verification. Off-chain, a library like ethers.js constructs the domain and message objects, then calls signer._signTypedData(domain, types, message) to produce the user's signature. On-chain, the verify function reconstructs the signed digest by hashing the domain separator, type hash, and the hashed struct data (structHash). It then recovers the signer's address from the signature and compares it to the expected owner. This process enables secure, gas-efficient meta-transactions for functions like token permit or DAO votes.
ecosystem-usage
EIP-712
Ecosystem Usage & Applications
EIP-712 defines a standard for structured data hashing and signing, enabling secure, human-readable signatures for complex data beyond simple transactions. Its primary application is in off-chain message signing for authentication and authorization.
02
Typed Structured Data
The core innovation is defining a type structure for the message being signed, which is hashed according to the standard. This includes:
- A
domain separatorunique to the verifying contract (chain ID, contract address) - The
message schemadefining fields and types (e.g.,address owner,uint256 amount) - The
message valuesthemselves This structure creates a cryptographic fingerprint that is unique to the specific context, preventing replay attacks across different contracts or chains.
03
User Experience (UX) & Wallet Integration
Wallets like MetaMask display EIP-712 signatures in a human-readable format, showing users exactly what data they are signing. This improves security and trust compared to signing raw, opaque hex data.
Key UX components:
- Clear display of the domain (verifying contract)
- Formatted presentation of all message fields and their values
- Visual separation from standard transaction requests
04
Primary Use Case: ERC-20 Permits
The most widespread adoption is via ERC-2612 permit, which extends ERC-20 tokens. It allows a token holder to sign an approval off-chain, which a relayer can submit on-chain. This pattern is critical for:
- Gasless token swaps in DEX aggregators
- Single-transaction deposits into lending protocols (e.g., supply USDC to Aave in one tx)
- Improving batch transaction flows by removing intermediate
approvetransactions
05
Technical Implementation Flow
The signing and verification process follows a specific sequence:
- Contract defines the
EIP712Domainandmessage typestructs. - Frontend constructs the signature request using helper libraries (
ethers.js,web3.js). - User signs the structured data in their wallet.
- Relayer or dApp submits the raw signature + message data to the contract.
- Contract verifies using
ecrecoveron the EIP-712 hash, ensuring the signer matches the expected address and the data hasn't been altered.
06
Beyond Ethereum: Multi-Chain Standard
While an Ethereum Improvement Proposal, EIP-712 has been adopted as a critical signing standard across the EVM ecosystem and beyond.
Adoption includes:
- All major EVM-compatible L2s and sidechains (Arbitrum, Optimism, Polygon)
- Non-EVM chains like StarkNet (through similar typed data standards)
- Wallets and signing services (MetaMask, WalletConnect, Safe{Wallet}) This cross-chain consistency is vital for developer tooling and user experience.
security-considerations
EIP-712
Security Considerations
EIP-712 defines a standard for structured, human-readable data signing in Ethereum. While it significantly improves user experience and security over raw signature schemes, its implementation requires careful attention to detail to prevent vulnerabilities.
01
Domain Separator & Replay Protection
The domain separator is a critical security component that cryptographically binds a signature to a specific smart contract and network, preventing replay attacks where a signature valid on one chain or contract is maliciously reused on another. It includes fields like name, version, chainId, verifyingContract, and salt. Developers must ensure the chainId is correctly set, especially during network forks, and that the verifyingContract address is immutable after deployment.
02
Strict Type Encoding & Hashing
EIP-712 signatures are only valid if the signer and verifier use identical type definitions and encoding. A mismatch in field order, type names, or extra spaces will produce a different type hash, causing signature verification to fail or, worse, be misinterpreted. Key practices include:
- Using canonical JSON for the
typesobject. - Ensuring the
primaryTypeand referenced types are correctly nested. - Validating that the hashed
messagestructure matches the signer's expectation exactly.
03
Frontrunning & Signature Malleability
Signatures for transactions with mutable parameters (like deadlines or nonces) can be vulnerable to frontrunning. A malicious actor can intercept a signed pending transaction, modify the parameters within the allowed bounds, and resubmit it with a higher gas price. Mitigations include:
- Using short, strict deadlines.
- Incorporating user-specific nonces into the signed data.
- Designing signed messages to be single-use or state-specific. Standard ECDSA signatures are not malleable, but the signed data can be.
04
User Interface & Phishing Risks
The human-readable display of structured data is a core feature but introduces UI/UX security challenges. A malicious dApp could present a misleading domain separator or alter the visual representation of the message fields to trick users. Wallets must:
- Clearly display the verifying contract's address and network.
- Render the message data in an unambiguous format.
- Implement domain binding to detect when a website is requesting a signature for a different contract than the one the user is interacting with.
05
Library & Implementation Audits
Flaws in EIP-712 helper libraries or custom implementation code are a high-risk vector. Common issues include incorrect padding of integer values, wrong hashing order for arrays, or improper handling of the \x19\x01 preamble. It is strongly recommended to use well-audited, community-standard libraries like those in OpenZeppelin for verification logic. Any custom signing or verification code must undergo rigorous testing and security review.
06
Upgradability and Storage Considerations
For upgradable contracts, changes to the signed data structure will invalidate all existing off-chain approvals. If a contract's domain separator changes (e.g., after a proxy upgrade), previously signed messages will fail verification. Strategies include:
- Making the
versionfield in the domain part of the upgrade logic. - Storing used signature hashes on-chain to prevent reuse after an upgrade.
- Designing immutable core data structures or including a migration mechanism for signed permissions.
SIGNATURE SCHEMES
Comparison: EIP-712 vs. Other Signing Methods
A technical comparison of structured data signing (EIP-712) against common alternatives for on-chain and off-chain message verification.
| Feature / Metric | EIP-712 (Structured Data) | Raw eth_sign | Personal Sign (EIP-191) |
|---|---|---|---|
Signature Type | Structured Data Hash | Keccak-256 Hash | Prefixed Message Hash |
Human-Readable Display | |||
Off-Chain Domain Separation | |||
Prevents Transaction Replay | |||
Typed Data Structure | |||
Primary Use Case | Complex DApp Agreements | Legacy/Internal | Simple Text Messages |
Security Against Phishing | High | Very Low | Medium |
Gas Cost for On-Chain Verification | ~42k gas | ~3k gas | ~3k gas |
visual-explainer
SIGNATURE STANDARD
Visual Explainer: The EIP-712 Signing Flow
A step-by-step breakdown of the structured data signing process defined by Ethereum Improvement Proposal 712, which enables secure and human-readable signatures for off-chain messages.
EIP-712 is a standard for typed structured data signing that allows users to sign a human-readable representation of complex data, rather than an opaque hexadecimal hash. This process begins when an application, such as a decentralized exchange or a governance dApp, prepares a structured message containing specific domain separators and typed data like an order, vote, or permit. The signer's wallet presents this structured data in a clear, formatted manner, vastly improving security and user experience compared to signing raw, unreadable hashes.
The core of the flow involves constructing a unique EIP-712 domain separator, which includes critical chain-specific parameters like the name of the dApp, the version, the chainId, the verifyingContract address, and a salt. This domain is cryptographically hashed together with the type-encoded message data. The resulting hash is what the user's private key actually signs, creating a signature that is cryptographically bound to both the specific message content and the dApp's domain, preventing replay attacks across different contracts or networks.
For developers, implementing the flow requires defining a EIP712Domain struct and the specific message structs for their application using Solidity's abi.encode and keccak256. Off-chain, libraries like ethers.js or web3.js provide utilities such as signTypedData to handle the hashing and signing presentation. The final signature, along with the recovered signer address from ecrecover, is then submitted on-chain, where a smart contract verifies it against the stored domain separator and message hash to authorize the transaction.
FAQ
Common Misconceptions About EIP-712
EIP-712 is a standard for typed structured data signing, yet it is often misunderstood. This section clarifies frequent points of confusion regarding its purpose, security, and implementation.
EIP-712 is not merely a better way to sign messages; it is a standard for signing typed structured data with human-readable meaning. Unlike a simple personal_sign of a hexadecimal string, EIP-712 defines a schema (the EIP712Domain and the data types) that is signed alongside the message data itself. This creates a cryptographically verifiable signature that binds the signer's intent to a specific, unambiguous structure, enabling secure off-chain agreements like limit orders, token permits, and complex DAO votes that can be reliably executed on-chain. It transforms opaque signatures into verifiable, domain-bound commitments.
EIP-712
Frequently Asked Questions (FAQ)
Common questions about EIP-712, the Ethereum standard for structured, human-readable message signing.
EIP-712 is an Ethereum Improvement Proposal that defines a standard for structured data hashing and signing, allowing users to sign human-readable messages instead of opaque hexadecimal strings. It works by creating a type hash from a predefined schema and a struct hash from the actual data, which are then combined with the domain separator and signed using a user's private key. This process generates a verifiable signature that proves the signer's intent for the specific, structured data. The domain separator includes critical context like the contract's name, version, chain ID, and address, preventing signature reuse across different applications.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall