This is part 3/4 in our series on one of the most exploited issues in Web3: Offline signatures.
In Part 1, we investigated how attackers abuse these issues with OpenSea, the largest NFT marketplace. In Part 2 we exposed new attack vectors that allow attackers to exploit offline signatures in novel ways, including the stealing of ERC-20 tokens.
Just this week, millions of USD worth of NFTs were stolen from an industry-leading NFT pioneer. This only underlines the urgent need for our industry to deploy a comprehensive, sustainable solution.
Today, we share our suggested solution to this acute security issue, published as an official Ethereum (EIP) standard draft, EIP-6384. We plan to work with industry leading protocols and other wallets to finalize and deploy this solution, in order to protect Web3 users’ assets.
The core problem with offline signature hacks is the indecipherable message displayed to users. This message is not human-readable and phishing sites trick users to sign harmful messages, e.g. sell their precious NFTs for a zero price in OpenSea, or allow hackers access to their funds in Uniswap.
The video below, taken by Zengo’s research team on a live phishing site, shows what such an attack looks like from the victim’s point-of-view.
Victim’s Point of View
As shown above, the suggested message to be signed is hardly comprehensible for normal users and certainly does not hint that the victims are going to sell their NFTs for virtually nothing.
It is important to note, that since offline signed messages are not immediately and directly executed by a smart contract, the standard technique of transaction simulation that solves similar problems for on-chain transactions is not applicable for this case.
Our solution is a new draft EIP, now live on the Ethereum Foundation’s website: EIP-6384 leverages the fact that the current offline signature standard (EIP-712) already specifies and cryptographically binds the signed message with the smart contract that would eventually interpret it.
By adding a view-only (= fee less) function to such contracts that would translate the message to its true meaning, the wallet will be able to query the contract and present the relevant description to the end user.
An EIP-6384 compliant smart contract and wallet would work as follows:
It should be noted the attackers must specify the relevant good smart contract (e.g. OpenSea’s) or otherwise the attack would not work. (for a detailed security discussion please refer to the EIP on the Ethereum Foundation’s website).
Besides the obvious security benefits of implementing this EIP, providing a human readable description of the message to be signed will improve the user experience even for benign cases.
As a result, the responsibility for the offline signature message description is now owned by the contract. This allows the contract to:
It’s time for a change. As an industry, we have a responsibility to act. By sharing our solution as an Ethereum standard, we choose to go through the harder yet better way of benefiting the entire Ethereum and EVM (e.g.Polygon) ecosystem.
We would like to thank members of the Ethereum community for their help facilitating this process so far and especially to Ethereum Foundation members: Yoav Weiss and Sam Wilson (our EIP editor) for their guidance, reviews and remarks.
To finalize this EIP we call on key industry players to act: NFT marketplaces, smart contract developers, wallets and infrastructure partners. Please review this EIP and collaborate with us. Let’s implement this EIP and put an end to this type of attack!
It’s time to make Web3 a safer place for everyone, and remove this offline signature vulnerability once and for all.