Documentation
Clear Signing

Enhancing Security through Clear Signing

Why does your dApp or Wallet need clear signing?

Blind signing is a significant vulnerability that scammers exploit to steal funds from unsuspecting users. If the only information given to the user is the transaction hash, it is challenging for users to verify the accuracy and authenticity of the transaction before signing, because it is unreadable.


Blind sign risk

At Ledger, we are committed to building a secure Web3 ecosystem. That is why we have introduced clear signing standards and tools to address this issue. These tools provide user-readable and understandable data, making it easier for users to identify potential risks and verify transactions accurately.

Prerequisite

This implementation is currently for EVM chains only. Stay tuned for other protocols.

How to implement clear signing?

dApps

The clear signing standard that we have developped relies on the whitelisting of smart contracts methods and can be done easily and quickly.

The whitelisting of a smart contract method has two steps:

  • A Json file to map your smart contract data into human-readable information to be displayed on Ledger devices. The specifications for this Json file are on the official GitHub repository (opens in a new tab),
  • A peer review of the files on the public Ledger repository.

Other items to take into account to ensure a full clear signing experience:

Wallets

Watch the "Request for Comment Session"

To get an insight about our process and plan for the future of clear signing, we recommend you watching the "Request for Comment Session". You can read the slides (opens in a new tab).


What's next?

  • Publication of an open source Json edition tool to write the json description and display the information that the user will see on their devices,
  • Decentralization of the peer review process,
  • Generalization of the Json standard to the Web3 ecosystem,
  • Extension of this process to other protocols.

Stay tuned for further updates and evolutions on this topic as we continue to improve and expand our security measures, ensuring the highest protection for our users.

Want to know more? Join the conversation on the Ethereum Magicians Forum (opens in a new tab) and join our Telegram group (opens in a new tab), dedicated to this subject.

Ledger
Copyright © Ledger SAS. All rights reserved. Ledger, Ledger Nano S, Ledger Vault, Bolos are registered trademarks of Ledger SAS