Safe Signing

Threat Model

DeFi signing threat analysis: clipboard hijacking, blind signing, extension compromise, memory scraping, TX substitution, and approval farming. Why private keys must never exist on networked machines.

Hot machine threats What Safe Signing protects Limitations

Simulation proves a transaction is safe to execute. But safe calldata is worthless if the signing environment is compromised. This page covers the threats; the Signing Flow shows how x0x1 defends against each one.

Why signing on a hot machine is dangerous

A "hot machine" is any computer connected to the internet. This includes your desktop, your phone, and most laptops. The threat surface is enormous:

Clipboard hijacking
Malware replaces copied addresses. Funds sent to attacker.
Blind signing
Wallet shows hex blob, user clicks "confirm". Arbitrary contract calls executed.
Extension compromise
Malicious MetaMask update leads to key extraction or TX substitution.
Memory scraping
Malware reads decrypted keys from RAM. Full wallet compromise.
TX substitution
Man-in-the-middle between dApp and wallet. Different TX gets signed.
Approval farming
Infinite token approvals left active. Delayed drain at attacker's convenience.

What Safe Signing protects against

Keys and internet never coexist on the same device. Physical separation, not software isolation:

AGENT HOST Has internet NO KEYS AIR-GAP RELAY One-way relay TX bytes only SIGNING DEVICE NO INTERNET Has keys Keys and internet NEVER coexist on the same device — physical architecture constraint
No private key ever touches a networked machine. This is not a software guarantee — it's a physical architecture constraint. The signing device is air-gapped.

What Safe Signing does NOT protect against

Now that you know the threats, see exactly how the Signing Flow implements physical device separation with a three-device architecture.

← Previous
Safe Signing