You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when offline signing EIP712 messages, the domain hash only includes the chain ID and verifyContract. If users are unsure whether they have previously signed potentially dangerous messages and wish to invalidate all historical signed messages at once, there is no quick method to achieve this. The only solutions are to either replace the Safe contract address or change the signer, both of which are highly inefficient.
Proposed solution
The solution can be resolved by introducing a user-customizable version string into the EIP712 domain hash. Once the Safe contract allows users to configure this value, it can be recommended that users periodically update this version identifier in the future. By doing so, all previously signed messages tied to older versions would be invalidated in one go, achieving risk isolation and future-proofing their security posture.
The text was updated successfully, but these errors were encountered:
Context / issue
Currently, when offline signing EIP712 messages, the domain hash only includes the
chain IDandverifyContract. If users are unsure whether they have previously signed potentially dangerous messages and wish to invalidate all historical signed messages at once, there is no quick method to achieve this. The only solutions are to either replace the Safe contract address or change the signer, both of which are highly inefficient.Proposed solution
The solution can be resolved by introducing a user-customizable
versionstring into theEIP712 domain hash. Once the Safe contract allows users to configure this value, it can be recommended that users periodically update this version identifier in the future. By doing so, all previously signed messages tied to older versions would be invalidated in one go, achieving risk isolation and future-proofing their security posture.The text was updated successfully, but these errors were encountered: