EIP712 confusion

[novaknole]

Hi Richard @ricmoo

This question is not about ethers, but I have asked this at many places and didn't get an answer at all and I am dying of curiosity. I'd appreciate so much if you have some opinion on this as I really love your explanations and your dedications. Thank you for that.

In EIP712, there's a TYPE_HASH that we sign including other data. For example:

contract Nice {
   bytes32 private constant BID_TYPE_HASH = keccak256("Bid(uint256 num1,uint256 num2)");

   struct Bid {
     uint256 num1;
     uint256 num2;
   }

   function verify(Bid memory bid) {
        bytes32 hashed = keccak256(abi.encodePacked(
           "\x19\x01",
            DOMAIN_SEPARATOR,
            keccak256(abi.encode(
               BID_TYPE_HASH,
               bid.num1,
               bid.num2
            ))
        ));
   }

} 

The above works great, but what's the rationale of even using BID_TYPE_HASH ? To ask it in better words, what if EIP suggested to do:

bytes32 hashed = keccak256(abi.encodePacked(
  "\x19\x01",
  DOMAIN_SEPARATOR,
  // note that I don't have BID_TYPE_HASH anymore in it
  keccak256(abi.encode(
     bid.num1,
     bid.num2
  ))
));

What could go wrong now ? Domain Separator already distinguishes dapps, so isn't that enough ? Can you provide an example where this suggested code breaks and defeats the use-case ? Note that I understand metamask's and ether's eth_signTypedData signs the message including typehash, but why ?

[ricmoo]

If I understand correctly, I think the issue being addressed by that is that there could be multiple “things” a single signer could want to sign, and the goal is to make sure you don’t sign a payload for one purpose that is then used for another.

Imagine if there were two methods, ApproveTransfer(address spender, address spendee) and AllowMint(address minter, address token).

I won’t want approving a transfer to bestow minting right, when submitted to a the contract via a “permit” style method.

If I understand correctly? Does that make sense?

[novaknole]

You're saying what if you need to sign the data that exactly matches the "permit" function's parameters of signature. Not only that, what you're saying is what if there're two methods that expect ApproveTransfer struct and AllowMint struct and they appear to be the same data-wise.

I had a reason to think this usecase would be the only reason why typehash is used.

Thank you so much. You rock !!!