Enhancing Security through Clear Signing
Why does your dApp or Wallet need clear signing?
Blind signing is a significant vulnerability that scammers exploit to steal funds from unsuspecting users. If the only information given to the user is the transaction hash, it is challenging for users to verify the accuracy and authenticity of the transaction before signing, because it is unreadable.
At Ledger, we are committed to building a secure Web3 ecosystem. That is why we have introduced clear signing standards and tools to address this issue. These tools provide user-readable and understandable data, making it easier for users to identify potential risks and verify transactions accurately.
Using the ABI of the contract and metadata around the different fields, we can format a transaction for human readability. This way, users can verify the transaction before signing it, massively reducing the risk of scams.
Where to go next?
- If you work on a dApp, checkout ERC-7730: How to implement clear signing
- If you want to allow clear signing of an EIP-712 message, read this documentation
- For ERC-721, ERC-1155 and ERC-20 NFTs, follow this documentation
- For device interaction, upgrade your integration with the Ledger Device Management Kit (LDMK)
- If you use the LedgerJS Ethereum transport library and are not ready for upgrading to the LDMK, make sure to use the latest version