On-chain governance systems require a secure and flexible mechanism for participants to express their preferences. While direct transaction-based voting is common, it introduces friction through gas costs and wallet interaction requirements. Signature-based governance offers a powerful alternative, allowing users to sign off-chain messages that represent their votes or delegations. These signatures can then be submitted by anyone, enabling gasless voting for end-users and more complex voting logic like vote aggregation and scheduling. This approach is foundational to systems like Snapshot for off-chain signaling and is increasingly used in gas-optimized on-chain voting implementations.
LABS
Guides
How to Integrate Signatures Into Governance Systems
A technical guide for developers on implementing cryptographic signature schemes for voting, proposal submission, and delegation in DAOs and on-chain governance protocols.
Chainscore © 2026
introduction
INTRODUCTION
How to Integrate Signatures Into Governance Systems
A technical guide to implementing signature-based voting and delegation in on-chain governance, covering EIP-712, gasless voting, and security considerations.
The technical standard for structured off-chain signing is EIP-712: Typed Structured Data Hashing and Signing. Unlike a simple hash, EIP-712 allows users to sign human-readable, typed data structures. For governance, this means a voter can sign a message containing the proposal ID, their chosen vote (e.g., FOR, AGAINST, ABSTAIN), and a nonce to prevent replay attacks. The signed v, r, s values are then submitted to a smart contract function like castVoteBySig. The contract recovers the signer's address using ecrecover, validates the signature against the hashed typed data, and records the vote. This decouples the act of deciding from the act of paying gas.
Implementing signature-based delegation follows a similar pattern but manages ongoing authority. A user (the delegator) signs a message granting voting power to another address (the delegatee) for a specified duration or until revoked. The core contract must store this delegation and check it during vote casting. A critical security consideration is replay protection. Signatures must be tied to a specific domain (chain ID, verifying contract address) and include a nonce that increments with each use. Without this, a signature submitted on a testnet could be replayed on mainnet, or a signature for one proposal could be reused for another.
For developers, integrating signatures involves designing the data structure, implementing the signature verification in Solidity, and creating a frontend that generates EIP-712 compliant signatures. Libraries like ethers.js and viem provide utilities for this. The contract must carefully define and hash the EIP712Domain and the Vote or Delegation struct consistently. A common pitfall is mismatched hashing between the frontend and contract, leading to invalid signature errors. Thorough testing with tools like Hardhat or Foundry is essential to ensure the ecrecover logic correctly validates the signer's intent and prevents replay attacks across chains and contracts.
Beyond basic voting, signatures enable advanced governance patterns. Vote aggregation allows a relayer to collect many signatures off-chain and submit them in a single batch transaction, drastically reducing total gas costs. Vote scheduling lets a user sign a future-dated vote, which can be executed automatically when a proposal goes live. Furthermore, multisig or DAO treasury voting can be facilitated by having each member of a multisig wallet sign the governance action, with the execution submitted once a threshold of signatures is collected. These patterns move complex logic and cost away from the individual voter, making participation more accessible.
When designing a system, key trade-offs must be evaluated. Off-chain signature schemes increase reliance on relayers and introduce liveness assumptions—someone must pay to submit the signed data. The contract logic also becomes more complex, increasing audit surface area. It's crucial to use audited, standard patterns from established protocols like OpenZeppelin's Governor contract, which includes built-in support for castVoteBySig. Ultimately, integrating signatures transforms governance from a simple transaction into a flexible primitive, enabling more participatory, efficient, and sophisticated decentralized decision-making.
prerequisites
PREREQUISITES
How to Integrate Signatures Into Governance Systems
Before implementing signature-based governance, you need a foundational understanding of cryptographic signatures, smart contract security, and the governance lifecycle.
Integrating digital signatures into a governance system requires a solid grasp of public-key cryptography. You should understand how a user's private key generates a unique signature for a message, which can be publicly verified against their address. In blockchain contexts, the Ethereum Signed Message standard (eth_sign) and the more secure EIP-712 standard for typed structured data are fundamental. Familiarity with libraries like ethers.js, web3.js, or viem for signing and verification in a frontend or backend is essential.
On the smart contract side, you must be comfortable writing secure Solidity or Vyper code. Key concepts include understanding how the ecrecover function works to verify an ECDSA signature on-chain, and the critical importance of preventing signature replay attacks. This is typically done by including a nonce or a specific domain separator (as defined in EIP-712) within the signed message. You'll also need to design access control mechanisms, often using OpenZeppelin's Ownable or access control libraries, to gate functions behind signature checks.
A clear model of your governance process is necessary. Define what actions require a signature: is it for proposal submission, delegating votes, executing a passed proposal, or managing treasury funds? Each action will have a different message structure. For example, a proposal submission signature might include the proposal ID, description hash, and a timestamp. You must also decide on signer eligibility—will any token holder's signature be valid, or only those from a designated multi-signature wallet or council?
Finally, consider the user experience and infrastructure. Will users sign messages directly in their wallet (like MetaMask) when interacting with a dApp, or will you operate an off-chain signing service for automated processes? You need to plan for gasless transactions by using a relayer or a meta-transaction system like OpenGSN, where the signature is submitted by a third party who pays the gas fee. Testing is critical; use frameworks like Foundry or Hardhat to simulate signatures and verify contract logic under various scenarios.
key-concepts-text
IMPLEMENTATION GUIDE
How to Integrate Signatures Into Governance Systems
A technical guide on integrating cryptographic signatures for secure, flexible, and gas-efficient on-chain governance.
Cryptographic signatures are the foundation of secure on-chain governance, enabling permissionless proposal submission and off-chain voting. Unlike simple msg.sender checks, signatures allow any user to generate a valid vote or proposal payload off-chain, which can then be submitted by a relayer. This pattern, exemplified by standards like EIP-712 for typed structured data, reduces gas costs for users and enables complex delegation models. The core integration involves three components: a signer's private key, a structured message (the proposal ID, voter address, and choice), and a smart contract verify function that recovers the signer's address from the signature to authorize the action.
The first step is defining the structured data schema. Using EIP-712, you create a domain separator unique to your contract and a Vote type with fields like proposalId, voter, and support. This prevents signatures from one dApp from being replayed in another. In Solidity, hashing is done with keccak256 and encodePacked. Off-chain, libraries like ethers.js or viem provide utilities for signing the EIP-712 payload. The signature, typically a 65-byte bytes string (r, s, v), is then passed as a parameter to your governance contract's voting function.
In the smart contract, verification uses ecrecover. A typical function checks that the recovered address from the signature matches the voter address encoded in the signed message and that this voter has the right to vote (e.g., holds tokens). It must also check for replay attacks, often by marking the signature hash as used in a mapping. For gas efficiency, consider batching signature verification for multiple votes in a single transaction using a multicall pattern. Always ensure the signed message includes a nonce or deadline to invalidate old signatures.
Beyond basic voting, signature-based schemes enable advanced governance features. Signature delegation allows a token holder to sign a message delegating their voting power to another address without moving tokens, reducing gas costs. Snapshot-style off-chain voting relies entirely on signatures, where votes are collected off-chain and only the final merkle root of results is posted on-chain. For maximum security, especially in high-value governance, consider integrating with Safe multisigs or zk-SNARKs to enable private voting or signature aggregation, further reducing on-chain footprint.
use-cases
IMPLEMENTATION PATTERNS
Governance Use Cases for Signatures
Digital signatures enable secure, transparent, and efficient on-chain governance. This guide covers practical patterns for integrating signature-based voting, delegation, and proposal management.
SECURITY & PERFORMANCE
Signature Scheme Comparison
A comparison of cryptographic signature schemes for on-chain governance, evaluating security, cost, and usability trade-offs.
| Feature / Metric | ECDSA (secp256k1) | EdDSA (Ed25519) | BLS Signatures |
|---|---|---|---|
Signature Size | 65 bytes | 64 bytes | 96 bytes (G1) / 48 bytes (G2) |
Gas Cost (Verify) | ~3,000 gas | ~2,500 gas | ~35,000 gas (G1) / ~45,000 gas (G2) |
Aggregation Support | |||
Quantum Resistance | |||
Key Generation Time | < 1 sec | < 1 sec | 2-3 sec |
Standardized in Ethereum | |||
Library Maturity | Very High | High | Medium |
Use Case Example | EOA Wallets, Basic Votes | Solana Programs, High-TPS Votes | Committee Voting, zk-SNARKs |
implementation-ecdsa
TUTORIAL
Implementing ECDSA Signature Verification
A guide to integrating ECDSA signature verification into on-chain governance systems, enabling secure, gas-efficient voting and authorization.
Elliptic Curve Digital Signature Algorithm (ECDSA) is the cryptographic standard used by Ethereum and other EVM chains to prove ownership and authorize transactions. In governance systems, it enables off-chain signing of votes or proposals, which can be aggregated and verified on-chain in a single transaction. This pattern reduces gas costs, prevents front-running, and allows for more complex signature schemes like multi-sig or threshold approvals. The core components are a signer's private key, the message hash to be signed, and the resulting v, r, s signature components.
The first step is to structure the signable message. You must hash the governance data, such as a proposal ID and voter address, using keccak256. Crucially, to prevent replay attacks across different contracts, you should follow the EIP-712 standard for typed structured data. EIP-712 defines a human-readable schema and includes the chain ID and contract address in the hash, creating a unique domain separator. This ensures a signature for a vote on one DAO cannot be replayed on a fork or a different contract.
On-chain verification uses the ecrecover precompiled function. Given the original message hash and the signature (v, r, s), ecrecover returns the Ethereum address that signed the hash. Your smart contract must compare this recovered address against an authorized list of signers. Here is a basic Solidity example:
solidityfunction verifySignature(bytes32 messageHash, uint8 v, bytes32 r, bytes32 s, address expectedSigner) public pure returns (bool) { address recoveredSigner = ecrecover(messageHash, v, r, s); return recoveredSigner == expectedSigner; }
Always verify recoveredSigner != address(0), as a malformed signature returns zero.
For production governance systems, consider batch verification and nonce protection. Instead of calling ecrecover for each signature in a loop (expensive), you can use a library like OpenZeppelin's ECDSA, which includes safeguards against malleable signatures. Implement a nonce or incrementing voteIndex for each user to prevent signature replay within the same contract. Furthermore, store hashes of used signatures to invalidate them after execution, a critical step for one-time actions like executing a queued transaction.
Integrating this into a governor contract involves modifying the castVoteBySig function similar to OpenZeppelin Governor. The function accepts the voter's signature, recovers the address, and then applies that address's voting power to the proposal. This allows protocols like Uniswap and Compound to enable gas-less voting, where users sign messages in their wallet without submitting an on-chain transaction until votes are aggregated and finalized by a relayer.
implementation-multisig
TUTORIAL
How to Integrate Signatures Into Governance Systems
A technical guide to building a secure, on-chain multi-signature proposal queue for decentralized governance, covering smart contract design, signature verification, and execution flow.
A multi-signature proposal queue is a core primitive for secure, decentralized governance. It requires multiple authorized signers to approve a transaction before it can be executed on-chain, mitigating the risk of a single point of failure. This pattern is essential for managing treasury funds, upgrading protocol parameters, or executing any privileged operation in a trust-minimized way. Unlike a simple timelock, a multisig queue adds a layer of collective approval, ensuring no single entity can act unilaterally. Common implementations include Gnosis Safe and custom-built governance modules for DAOs.
The system architecture typically involves three key smart contracts: a Proposal Factory for creation, a Queue for storage and state management, and an Executor for final processing. When a proposal is submitted, it is stored in the queue with a status of PENDING. Authorized signers then submit their cryptographic signatures off-chain. The core innovation is using EIP-712 typed structured data hashing to create predictable, verifiable signature messages, preventing replay attacks across different chains and contracts. Each signature is a (v, r, s) tuple derived from signing the EIP-712 hash of the proposal details.
Signature verification occurs on-chain when a threshold of signatures is collected. The verifier contract uses ecrecover to derive the signer's address from each signature and the proposal hash. It checks that the signer is in the predefined set of owners and that they haven't already voted. A proposal moves to APPROVED state once it meets the signature threshold (e.g., 3 of 5 signers). It's critical to verify the signer addresses on-chain; a common vulnerability is failing to guard against signature malleability or replay attacks from identical proposal IDs on different networks.
Here is a simplified Solidity code snippet for the core verification logic using EIP-712:
solidityfunction verifySignatures( Proposal calldata proposal, Signature[] calldata sigs ) public view returns (bool) { bytes32 structHash = keccak256(abi.encode( PROPOSAL_TYPEHASH, proposal.id, proposal.target, proposal.value, proposal.data, proposal.deadline )); bytes32 digest = _hashTypedDataV4(structHash); uint256 validSigCount; for (uint i; i < sigs.length; ++i) { address signer = ECDSA.recover(digest, sigs[i].v, sigs[i].r, sigs[i].s); if (isOwner[signer] && !hasSigned[proposal.id][signer]) { validSigCount++; } } return validSigCount >= threshold; }
After verification, approved proposals are ready for execution. The executor contract performs the low-level call to the target address with the specified value and calldata. To prevent front-running and reentrancy attacks, the contract must update the proposal state to EXECUTED before making the external call, following the Checks-Effects-Interactions pattern. Failed executions should revert the entire transaction. For time-sensitive operations, you can integrate a timelock delay between approval and execution, giving token holders a final window to review critical actions.
Integrating this queue into a broader governance system involves connecting it to a governor contract like OpenZeppelin's Governor. The multisig queue can act as the TimelockController, where proposals that pass a token vote are forwarded to the queue for secure, multi-signature execution. Key considerations for production include setting appropriate gas limits for execution, implementing cancellation functions for stale proposals, and ensuring off-chain signature aggregation tools (like the Safe Snap module) are compatible. Always audit the signature verification and execution logic, as these are high-value attack surfaces.
implementation-signed-delegation
GOVERNANCE INTEGRATION
Gasless Delegation with Signed Messages
Enable users to delegate voting power without paying gas by integrating off-chain signed messages into your on-chain governance system.
Traditional on-chain delegation requires users to submit a transaction, paying gas fees to update their delegate. Gasless delegation eliminates this cost barrier by using EIP-712 typed structured data signatures. A user signs a message off-chain approving a delegate, and a relayer (or the delegate themselves) submits this signature to a smart contract to execute the delegation. This pattern is crucial for improving voter participation in DAOs by removing the financial friction from the initial delegation act.
The core technical component is the EIP-712 standard, which provides a secure way for users to sign human-readable, structured data. Instead of signing a raw hash, users sign a type that includes the contract's domain (name, version, chainId, verifyingContract) and the specific message structure (delegator, delegate, nonce, expiry). This creates a signature that is both verifiable on-chain and resistant to replay attacks across different chains and contracts. Libraries like ethers.js and web3.js have built-in support for signing and verifying EIP-712 messages.
A basic smart contract implementation requires a function like delegateBySig. This function accepts the delegate address, a nonce to prevent replay, an expiry timestamp, and the v, r, s signature components. The contract must:
- Recover the signer's address from the signature using
ecrecover. - Validate that the current nonce for that signer matches and increment it.
- Check that the signature has not expired.
- Finally, update the internal delegation mapping to set the delegate for the recovered signer address.
For the frontend, you need to generate the signature data. Using ethers v6, the code snippet is straightforward:
javascriptconst domain = { name: 'YourGovernanceToken', version: '1', chainId: 1, // Mainnet verifyingContract: tokenAddress }; const types = { Delegation: [ { name: 'delegator', type: 'address' }, { name: 'delegate', type: 'address' }, { name: 'nonce', type: 'uint256' }, { name: 'expiry', type: 'uint256' } ] }; const value = { delegator: userAddress, delegate: delegateAddress, nonce: currentNonce, expiry: Math.floor(Date.now() / 1000) + 3600 // 1 hour }; const signature = await signer.signTypedData(domain, types, value);
This signature can then be submitted via a relayer service or directly by the delegate.
Key security considerations are paramount. You must implement a robust nonce system—each signature must use a unique, incrementing nonce tracked on-chain. Enforce signature expiry (e.g., 24-48 hours) to invalidate stale requests. Clearly separate the signer (the delegator) from the msg.sender (the relayer paying gas) in your contract logic. Prominent projects like Uniswap and Compound use this pattern for their governance tokens, providing real-world, audited reference implementations to study.
Integrating gasless delegation significantly lowers the barrier to entry for governance participation. It allows users to delegate from a wallet with no ETH, only the gas token of the chain (like MATIC on Polygon). For a complete system, consider combining this with a meta-transaction relayer or a gas station network (GSN) to also cover the gas costs for the final submission, creating a truly seamless user experience where participation is cost-free.
resource-links
GOVERNANCE BUILDING BLOCKS
Tools and Resources
These tools and standards are commonly used to integrate cryptographic signatures into onchain and offchain governance systems. Each resource focuses on a specific layer, from vote signing standards to execution and contract-level validation.
GOVERNANCE INTEGRATION
Security Considerations and FAQ
Common technical questions and security best practices for integrating signature-based voting into on-chain governance systems.
A proposal hash is a unique identifier for the governance action itself, typically the keccak256 hash of the encoded function call data (target, value, calldata). A message hash is the hash of the structured data that a user signs, which includes the proposal hash and other context like a nonce or deadline, formatted according to EIP-712.
Key distinction:
- The proposal hash identifies what is being voted on.
- The message hash is what gets signed by the voter's private key.
- The smart contract must reconstruct the exact same message hash from the submitted data to verify the signature's validity. Mismatches are a common source of integration errors.
conclusion
IMPLEMENTATION GUIDE
Conclusion and Next Steps
This guide has covered the core concepts of integrating cryptographic signatures into on-chain governance, from EIP-712 typed data to contract verification. Here are the final takeaways and resources for building your system.
Integrating signatures into governance transforms user experience by enabling gasless voting and batch proposals. The key technical components are: using EIP-712 for structured, signable data; implementing a SignatureChecker library like OpenZeppelin's for secure verification; and designing your governance contract to accept and process these signed messages. Always verify the signer has appropriate voting power at the historical block when the signature was created, not the current block, to prevent replay attacks and power manipulation.
For production systems, consider these advanced patterns. Implement signature nonces or deadlines to invalidate old signatures and prevent replay. Use delegated signing where trusted relayers submit signed messages on behalf of users, abstracting away gas costs entirely. Explore signature aggregation with schemes like BLS to bundle multiple votes into a single on-chain transaction, drastically reducing gas overhead for large-scale governance events. The OpenZeppelin Governor framework with its GovernorCountingSimple module is a robust starting point that can be extended with signature support.
Your next steps should be practical and security-focused. First, audit your signature logic. Use tools like Slither or services from firms like Trail of Bits to check for common pitfalls in ecrecover usage. Second, build a robust off-chain signer. Develop a front-end using libraries like ethers.js (signer._signTypedData) or viem (signTypedData) and ensure your EIP-712 domain separator is correctly configured for your chain. Finally, test extensively on a testnet. Simulate governance attacks, expired signatures, and power changes to ensure your system behaves correctly under all conditions before mainnet deployment.