ERC-8176: Integrity Verification for ERC-7730

Hey everyone, I’d love feedback on a new draft ERC-8176.

Summary

ERC-8176 defines an optional `integrity` field for ERC-7730 clear signing descriptor files. It allows trusted parties — wallet vendors, auditors, registry operators — to independently attest to a descriptor’s correctness using EIP-191 (EOA) or ERC-1271 (contract) signatures, keyed by CAIP-10 account identifiers.

Problem

ERC-7730 descriptors tell wallets how to display human-readable transaction details. These files may be sourced from registries, bundled by wallet vendors, or fetched from third-party APIs. Regardless of distribution method, there is currently no mechanism to verify **who reviewed and approved** a given descriptor. A wallet receiving a descriptor has no way to distinguish a carefully audited file from one that was tampered with or never properly reviewed. A subtly misleading descriptor — e.g., one that hides a token approval amount — could trick end users while appearing technically valid.

Existing protections fall short:

- ERC-7730 context binding validates contract targeting but not display correctness

- HTTPS protects transport, not content authenticity

- Git signatures don’t survive once files are served via API or downloaded standalone

Approach

The `integrity` field is a JSON map where each key is a CAIP-10 account ID and each value contains a `signerType` (`“EOA”` or `“contract”`) and a `signature`. The signed message covers a Keccak-256 hash of the RFC 8785 (JCS) canonicalized descriptor content, excluding the `integrity` field itself.

Multi-Signer Model

Multiple parties can sign the same descriptor independently without affecting each other’s signatures. Adding a new signer doesn’t invalidate existing ones since the `integrity` field is excluded from hash computation. Each signature is verified independently — one failure doesn’t affect others.

Trust policy (which signers to accept, how many to require) is deliberately left to individual wallets.

Looking forward to your thoughts and feedback.

I like the intent, but what if we just had the EIP-7730 file on chain? I guess they might be too big…

Ok, I’ve decided I don’t like 8176 unless this lands:

The rationale:
As it currently stands, when an auditor/wallet vendor/etc publishes an attestation of a JSON spec, the attestation is point-in-time. However, contracts can change/upgrade and the intent of a function can change. An auditor who wants to make sure their attestations are good would have to set up a monitoring infrastructure to revoke attestations in the case of an intent change, which I don’t think is fair.

If we include the intent mutability in the 7730 spec, we are able to then publish an attestation as described in 8176, knowing that if the intent changes, our attestation covers that case.

What do you think?

Otherwise, if my PR does not land, we should update this ERC to include a way for someone to revoke an attestation, or they can additionally hash some intentMutability data as part of this ERC. What do you think ?

Agreed. But I think it’s already easy to revoke attestations in EAS

An auditor who wants to make sure their attestations are good would have to set up a monitoring infrastructure to revoke attestations in the case of an intent change,

Ok, so with intentMutability, it’s not auditor’s responsibility but wallet needs to set up it’s infractructure to check the mutable slot instead, correct?

1 Like

The “descriptor auditor” should check the intentMutability of the spec is correct. Then, it’s the wallet’s job to check the slot. I think for airgapped wallets, this is where the wire protocol becomes more important. It should be easy enough for a wallet to get verified data that a slot is changed from like a light client or something? I’m a little hazy on the wire protocol stuff. But for non-airgapped wallets this should be pretty easy to implement.