## Streamlining Safe Wallet Security: Verifying Transactions with Domain and Message Hashes Managing and securing cryptocurrency transactions, especially through multi-signature solutions like Safe (formerly Gnosis Safe), demands rigorous verification. However, when using hardware wallets, the traditional method of scrutinizing entire raw JSON payloads on small screens presents significant challenges. This lesson introduces a more secure, manageable, and user-friendly approach: verifying Safe wallet transactions using Domain and Message Hashes. **The Challenge: Overcoming "Security Fatigue" with Complex JSON** Hardware wallets provide a crucial layer of security by keeping private keys offline. Yet, when asked to sign a complex transaction, such as an EIP-712 typed data message for a Safe transaction, users are often confronted with a large, intricate JSON structure. Attempting to verify every field and value on a limited hardware wallet display is not only cumbersome but also error-prone. This can lead to "security fatigue," where users may inadvertently approve malicious transactions due to the difficulty of thorough verification. Ensuring the integrity of every parameter becomes a daunting task, undermining the very security the hardware wallet aims to provide. **The Solution: Focused Verification with Domain and Message Hashes** Instead of attempting to digest the entire JSON payload on your hardware wallet, a more effective method focuses on two key cryptographic hashes derived from the EIP-712 structure: the **Domain Hash** and the **Message Hash**. The process is as follows: 1. **Hardware Wallet Configuration:** Ensure your hardware wallet is configured to display only the Domain Hash and the Message Hash when an EIP-712 signature is requested. This simplifies the on-device verification step. 2. **Independent Calculation:** Using trusted off-chain tools, independently calculate the Domain Hash and Message Hash based on the transaction details you *expect* to sign. This means you should have a clear understanding of the transaction's intent and its parameters *before* initiating the signing process. 3. **Comparison and Confirmation:** Compare the Domain Hash and Message Hash displayed on your hardware wallet with the hashes you calculated independently. If these two sets of hashes match, you can have a high degree of confidence that you are signing the intended transaction, without needing to parse every single field of the raw JSON on the small screen. **Walkthrough: Verifying a Safe Transaction with Wise Signer** Let's illustrate this with an example, similar to Question 13 on the `wise-signer.cyfrin.io` platform, a valuable resource for practicing transaction signing. * **Scenario:** You intend to deposit 0.1 ETH to the ZkSync Aave token pool using a Safe version 1.4.1 multisig wallet. * **Hardware Wallet Simulation:** Upon initiating the signing process (e.g., clicking "Sign" in a dApp integrated with your Safe), a simulated hardware wallet prompt (like a Trezor) appears. Crucially, this prompt is configured to display *only*: * **Domain Hash:** `0xe0392d263ff13e09757bfce9b182ead8cebd9d1b404aa7df77e65b304969130` * **Message Hash:** `0xb2498e7f8d82ce5d628accdc7d7bb245557a93f420c3b8baeab1df0c11d0886` * **Your Verification Task:** Your responsibility is to take the raw JSON data corresponding to this transaction (often provided by the dApp or a platform like Wise Signer), use a reliable EIP-712 hashing tool (discussed later) to compute the Domain Hash and Message Hash, and then verify that your calculated hashes precisely match those displayed by the simulated hardware wallet. **Understanding the EIP-712 Structure for SafeTX** Safe transactions utilize the EIP-712 standard for typed structured data hashing and signing. This standard makes signing data more human-readable and less prone to phishing by defining a clear structure for the data being signed. Here's a simplified example of the JSON structure for a `SafeTX`: ```json { "types": { "SafeTX": [ { "name": "to", "type": "address" }, { "name": "value", "type": "uint256" }, { "name": "data", "type": "bytes" }, { "name": "operation", "type": "uint8" }, { "name": "safeTxGas", "type": "uint256" }, { "name": "baseGas", "type": "uint256" }, { "name": "gasPrice", "type": "uint256" }, { "name": "gasToken", "type": "address" }, { "name": "refundReceiver", "type": "address" }, { "name": "nonce", "type": "uint256" } ], "EIP712Domain": [ { "name": "chainId", "type": "uint256" }, { "name": "verifyingContract", "type": "address" } ] }, "domain": { "chainId": "42161", // Example: Arbitrum "verifyingContract": "0x4087d2046A7435911FC26DCFac1c2Db26957Ab72" // Your Safe wallet address }, "primaryType": "SafeTx", "message": { // Example values for the transaction: // "to": "0xRecipientAddress...", // "value": "0", // For a token interaction, ETH value might be 0 // "data": "0xFunctionSelectorAndParameters...", // The call data for the transaction // "nonce": "29" // The Safe's current nonce // ... other SafeTX fields } } ``` * The **Domain Hash** is a cryptographic hash derived from the `domain` object (containing `chainId` and `verifyingContract` – your Safe's address) and its corresponding type definition in `types` (`EIP712Domain`). This hash scopes the signature to a specific domain, preventing replay attacks across different contracts or chains. * The **Message Hash** is a cryptographic hash derived from the `message` object (containing the actual transaction details like `to`, `value`, `data`, `nonce`, etc.) and its type definition (`SafeTX`). This hash represents the unique content of your transaction. The final `safeTxHash` (often displayed in interfaces like Wise Signer's "Transaction Hashes" section) is the EIP-712 hash produced by combining these two hashes according to the standard. By verifying the Domain Hash and Message Hash separately, you are implicitly verifying the integrity of this `safeTxHash`. **Essential Tools and Resources for Verification** Several tools can assist you in independently calculating these hashes: * **`wise-signer.cyfrin.io`**: An interactive platform designed for practicing transaction signing and verification. It features simulated hardware wallet interactions and covers various scenarios. Keep an eye out for its "Tenderly edition," which is expected to offer even more complex examples. * **`wise-signer.cyfrin.io/tools/`**: This page on the Wise Signer site lists a collection of helpful utilities for Web3 security and transaction analysis. * **`github.com/cyfrin/safe-hash-rs` (Cyfrin Safe Hash)**: A robust Rust-based command-line tool specifically designed for verifying Safe wallet transaction data and EIP-712 messages. It efficiently calculates the Domain Hash and Message Hash from your transaction's JSON data, enabling the verification method described here. This tool is an improved iteration for reliable hash calculation. **The Importance of the "Qualified Signer" Curriculum** This lesson on Domain and Message Hash verification forms a crucial part of the broader "Qualified Signer" curriculum. Becoming a Qualified Signer means mastering: 1. **Call Data Verification:** Understanding how to dissect and confirm the `data` field of a transaction, ensuring the correct function is being called with the correct parameters. 2. **Signature and Message Type Verification:** Recognizing and verifying different types of signatures and messages, including EIP-712, personal_sign, and others. 3. **Tool Proficiency:** Knowing which tools to use for each verification task and how to use them effectively. The paramount principle is this: **The signer bears ultimate responsibility for every transaction they approve. Never sign anything you do not fully understand and cannot independently verify.** **Why "Qualified Signer" Certification Matters** This specialized knowledge is rapidly becoming indispensable for individuals in roles that involve managing or authorizing cryptocurrency transactions, such as: * Finance department personnel in Web3 companies. * Members of security councils overseeing protocol treasuries or critical functions. * Multisig wallet signers for DAOs, projects, or personal funds. * DAO members participating in governance that involves treasury movements. * Anyone responsible for safeguarding significant crypto assets. Possessing a "Qualified Signer" certification (obtainable through platforms like `cyfrin.updraft.com` after completing the curriculum) demonstrates a high level of diligence and competence in secure transaction handling. It is anticipated that such certification will become an increasingly common requirement for these critical roles. **Final Advice: Practice and Diligence** To truly internalize these concepts: * Engage actively with resources like the Wise Signer quiz. Aim for a comprehensive understanding by attempting all questions. * Thoroughly analyze any mistakes made during practice to solidify your learning. * Consider pursuing the official "Qualified Signer" certification to validate your skills. * Practice diligently and consistently. The security of your assets, or the assets you help manage, depends on it. By adopting the Domain and Message Hash verification method for Safe wallet transactions, you significantly enhance your security posture, reduce the risk of error, and gain greater confidence when approving transactions in the complex Web3 ecosystem.