ethereum · SamWilsn · May 27, 2025 · Apr 28, 2025 · May 27, 2025
@@ -15,13 +15,13 @@

 This is a standard for hashing and signing of typed structured data as opposed to just bytestrings. It includes a

 *   theoretical framework for correctness of encoding functions,
 *   specification of structured data similar to and compatible with Solidity structs,
 *   safe hashing algorithm for instances of those structures,
 *   safe inclusion of those instances in the set of signable messages,
 *   an extensible mechanism for domain separation,
 *   new RPC call `eth_signTypedData`, and
 *   an optimized implementation of the hashing algorithm in EVM.

 It does not include replay protection.

@@ -42,13 +42,13 @@
 ## Specification

 The set of signable messages is extended from transactions and bytestrings `𝕋 ∪ 𝔹⁸ⁿ` to also include structured data `𝕊`. The new set of signable messages is thus `𝕋 ∪ 𝔹⁸ⁿ ∪ 𝕊`. They are encoded to bytestrings suitable for hashing and signing as follows:
 *   `encode(transaction : 𝕋) = RLP_encode(transaction)`
 *   `encode(message : 𝔹⁸ⁿ) = "\x19Ethereum Signed Message:\n" ‖ len(message) ‖ message` where `len(message)` is the _non-zero-padded_ ascii-decimal encoding of the number of bytes in `message`.
 *   `encode(domainSeparator : 𝔹²⁵⁶, message : 𝕊) = "\x19\x01" ‖ domainSeparator ‖ hashStruct(message)` where `domainSeparator` and `hashStruct(message)` are defined below.

 This encoding is deterministic because the individual components are. The encoding is injective because the three cases always differ in first byte. (`RLP_encode(transaction)` does not start with `\x19`.)

 The encoding is compliant with [EIP-191][EIP-191]. The 'version byte' is fixed to `0x01`, the 'version specific data' is the 32-byte domain separator `domainSeparator` and the 'data to sign' is the 32-byte `hashStruct(message)`.

 [EIP-191]: ./eip-191.md

@@ -115,7 +115,7 @@
 *   `string version` the current major version of the signing domain. Signatures from different versions are not compatible.
 *   `uint256 chainId` the [EIP-155][EIP-155] chain id. The user-agent *should* refuse signing if it does not match the currently active chain.
 *   `address verifyingContract` the address of the contract that will verify the signature. The user-agent *may* do contract specific phishing prevention.
-*   `bytes32 salt` an disambiguating salt for the protocol. This can be used as a domain separator of last resort.
+*   `bytes32 salt` a disambiguating salt for the protocol. This can be used as a domain separator of last resort.
 
 [EIP-155]: ./eip-155.md
 
@@ -267,7 +267,7 @@

 **Alternative 2**: Use ABIv2 function signatures. `bytes4` is not enough to be collision resistant. Unlike function signatures, there is negligible runtime cost incurred by using longer hashes.

 **Alternative 3**: ABIv2 function signatures modified to be 256-bit. While this captures type info, it does not capture any of the semantics other than the function. This is already causing a practical collision between [EIP-20]'s and [EIP-721]'s `transfer(address,uint256)`, where in the former the `uint256` refers to an amount and the latter to a unique id. In general ABIv2 favors compatibility where a hashing standard should prefer incompatibility.

 [EIP-20]: ./eip-20.md
 [EIP-721]: ./eip-721.md
@@ -321,7 +321,7 @@
 
 The in-place implementation makes strong but reasonable assumptions on the memory layout of structs in memory. Specifically it assumes structs are not allocated below address 32, that members are stored in order, that all values are padded to 32-byte boundaries, and that dynamic and reference types are stored as a 32-byte pointers.
 
-**Alternative 6**: Tight packing. This is the default behaviour in Soldity when calling `keccak256` with multiple arguments. It minimizes the number of bytes to be hashed but requires complicated packing instructions in EVM to do so. It does not allow in-place computation.
+**Alternative 6**: Tight packing. This is the default behaviour in Solidity when calling `keccak256` with multiple arguments. It minimizes the number of bytes to be hashed but requires complicated packing instructions in EVM to do so. It does not allow in-place computation.
 
 **Alternative 7**: ABIv2 encoding. Especially with the upcoming `abi.encode` it should be easy to use `abi.encode` as the `encodeData` function. The ABIv2 standard by itself fails the determinism security criteria. There are several valid ABIv2 encodings of the same data. ABIv2 does not allow in-place computation.