From raw calldata to readable intent.

ERC-7730 defines how protocols describe transaction intent so wallets can show users what they're actually signing.

Clear Signing does not alter transaction semantics. It adds a verifiable display layer for the moment a wallet asks for approval, with attestations and wallet-local trust.

See how it works

The problem: blind signing

Most signing screens show raw bytes or generic labels. Users approve transactions they don't understand, and attackers exploit the gap.

Blind signing

0x414bf389000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc200000000000000000000000000000000000000000000000000000000000001f4000000000000000000000000d8da6bf26964af9d7eed9e03e53415d37aa960450000000000000000000000000000000000000000000000000000000069cbb740000000000000000000000000000000000000000000000000000000003b9aca0000000000000000000000000000000000000000000000000005d423c655aa00000000000000000000000000000000000000000000000000000000000000000000

Signing a transaction you can’t read is like signing a blank check.

When wallets show raw calldata instead of intent, users cannot tell what they are approving.

Simulation is not enough

Simulation shows expected outcomes but not context. A bridge call looks like a total loss because simulation has no knowledge of the cross-chain transfer that follows.

ABI is not enough

An ABI can decode a call, but it cannot establish user intent or trust. A malicious contract can publish its own ABI and still deceive the wallet.

How ERC-7730 solves it

ERC-7730 metadata maps raw transaction data to human-readable descriptions.

Blind signing

0x414bf389000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc200000000...

Clear signing

Action
Swap
Send
1,000 USDC
Protocol
Uniswap V3
Receive min.
0.42 WETH

  1. 01

    Author metadata

    Protocol teams, security researchers, or anyone who wants to contribute can write a JSON descriptor that maps raw contract calls and EIP-712 messages to human-readable fields: action names, token amounts with proper decimals, recipient addresses with labels, protocol context.

  2. 02

    Publish to the registry

    Descriptors are published to an open, permissionless registry. Review or attestation signals can be layered on top later, but publication itself stays open.

  3. 03

    Wallets render clear intent

    At signing time, wallets fetch the relevant descriptor and transform the raw transaction into a comprehensible confirmation screen. Users see "Swap 1,000 USDC for 0.42 ETH on Uniswap" instead of 0x414bf389...

Architecture guarantees

The registry stays open because attestations are verifiable, trust stays local to the wallet, and the publication path can be replicated.

Open publication

Published metadata is submitted to a neutrally stewarded registry. Anyone can contribute to the registry, so clear-signing coverage does not depend on one reviewer or operator. Learn more about governance.

Verifiable attestations

Registry entries carry attestation UIDs so wallets can resolve external review signals and decide which attestations they accept as inputs to local trust policy.

Wallet-local trust

Wallets decide which attestations and additive review signals they accept at render time. Open publication does not imply automatic display.

Walkaway test

Anyone can replicate the entire pipeline with their own keys. If the current operators disappear, the registry can still be independently rebuilt and operated.

See roles, review, and governance