What is a signature permit?#
A signature permit is a permission that an app or website can request from your crypto wallet. The signature uses the private key of your wallet address to sign the data presented.
Signatures can be used for many things — proving wallet ownership, transferring tokens, authorizing a swap without a network cost, and other actions a wallet can take.
Take special care with any signature request you see. A single signature can trigger many actions, and it is easy to sign malicious data without realizing it. Before signing, confirm you are on a trusted site and that it is the product or service you intended to use.
When an app requests a signature, your wallet may or may not be able to decode the request and show what permissions it grants. Even when it can be decoded, confirm it performs the actions you expect.
When signature data is not decoded, this is called blind-signing. Blind-signing can lead to loss or expose your wallet to risk, because you cannot verify what the signature will do.
In short: a signature request can authorize almost anything, so verify everything you can. If the data is not decoded, make sure the website is trusted before signing.