What is a signature permit?
Last modified:
A signature permit is an off-chain signed message that grants a smart contract permission to spend a specific token from your wallet — achieving the same result as an approval transaction, but without a separate on-chain transaction and its associated network cost.
How it works
Tokens that implement the EIP-2612 standard (or similar permit extensions) allow users to sign a structured message containing the spender address, the amount, and a deadline. The smart contract then verifies this signature on-chain when the actual transaction — such as a swap — is executed, bundling the permission and the action into a single transaction.
Approval vs. permit
| Approval transaction | Signature permit | |
|---|---|---|
| Where it happens | On-chain (approve() call) | Off-chain (wallet signature) |
| Gas cost | Requires its own transaction fee | No separate fee — included in the main transaction |
| Token support | All ERC-20 tokens | Only tokens implementing EIP-2612 or similar |
| Revocation | On-chain revoke | Expires automatically via deadline parameter |
Security
A signature is a powerful authorization. When your wallet presents a signing request:
- Verify the site. Confirm you are on the legitimate domain of the application you intend to use. Phishing sites routinely request signatures that drain wallets.
- Read the decoded data. Modern wallets display the spender, amount, and deadline. Check that these match your intent.
- Beware of blind signing. If your wallet cannot decode the signature request and shows only raw hexadecimal data, you have no way to verify what you are authorizing. Proceed only if you fully trust the application.
A single malicious signature can authorize the transfer of all tokens covered by the permit. Treat every signing prompt with the same caution you would apply to sending funds.