EIP55: Why It’s Important, What It Is, and Why We’re Talking About It Now
Hey, it’s Camille from Exodus support. Today we’re going to dive into some nerdy stuff! But I want to make the message clear right from the beginning:
Right now, you need to be careful with Ethereum addresses, especially if you’re using a QR code!
At the heart of this debacle is something you might be familiar with. It’s called case sensitivity, and in the world of cryptocurrency addresses, it could mean the difference between your funds reaching their destination successfully or being sent into an “Ethereum black hole.”
Why EIP55 is important?
When you’re looking at Ethereum addresses, sometimes you’ll notice that they have a mix of uppercase and lowercase letters, whereas other times you’ll see them with lowercase letters only. This may not seem like a big deal — and most of the time it’s not — until you send all your money to the wrong address and I have to tell you that it is lost forever!
Seems I have your attention now :)
In Exodus, when you’re scanning an address with a QR code, you may sometimes see this message:
This means that when reading the address, Exodus identifies that the address is all lowercase or that the QR code is of poor quality and cannot verify that this is an existing address or just a potentially valid one. Our Knowledge Base explains this in detail with an example.
This happens with QR codes because we must be wary about their quality. Lighting, angles, screen resolution, your webcam, low QR code quality, all these factors can affect slightly the reading of the QR code and end up producing a bad (yet valid) address. Look at these 2 addresses for example:
0xd40800cc8b4f853eaea90b2b14b1ddda5511755b
0xd40800cc8b4f853eaea90d2b14b1ddda5511755b
Yes, they’re different. And if you want to send to the first one and the bad QR code gives the second. It’s game over for your assets!
QR code scanning is an incredibly convenient way to communicate address information, especially when dealing with mobile devices, but one must be vigilant in triple-checking their output just to be safe.
What is EIP55?
So, what’s the deal here? When Ethereum launched, its addresses didn’t have a checksum. A checksum is a small error-detection function that you can add to anything to verify it was not tampered with. This problem was quickly raised and discussions over a solution took place. Moving to a different address format would have meant making all existing software using Ethereum obsolete (Exodus included). A middle-ground and backward-compatible solution was offered:
Adding and checking for uppercase letters in addresses.
You can read more about this compromise here (extra points for finding the comments left by an Exodus co-founder :D )
Because of the open-source nature of the cryptospace, when a change to a currency is suggested, it goes through an improvement protocol. Maybe some of you are familiar with BIPs, or Bitcoin Improvement Proposals, the process by which changes are introduced to Bitcoin. Ethereum has the same thing: EIPs. The suggested solution to the checksum problem was offered in EIP55. It is now up to industry players themselves to implement a checksum to ensure that their users are safe. Exodus did so in March 2016 (version 0.11.0 of the wallet — I’m telling you, we’ve been around for a while).
Why discussing of EIP55 now?
I don’t want to ever again have to tell anyone that they sent their ETH or ETH-based assets to the wrong address and that there is nothing else that can be done. So I am making this call to action.
First, I’m asking you all to be careful with ETH addresses, in particular when you see no uppercase letters. Please be aware of subtle changes and triple-check before sending.
Second, it would be awesome if you could share the knowledge with your friends and families in the cryptospace. Education is always a priority!
Finally, I would be grateful if you could help us make the cryptospace safer.
To that end, you can simply ask companies in the cryptospace to upgrade their addresses to match the EIP55 standard. It’s simple, just email your exchange or other wallet’s support teams and demand they include checksum in their ETH addresses! Ultimately, the everyday crypto user pays the cost of sending to a wrong address.
At Exodus, we have started a taskforce to do just that. So far, we’ve only received positive feedback for the initiative. But I want to shake things up and move faster! We care for everyone’s safety and we want the whole space to be more secure. But we cannot do that all alone.
Help us get there. Help us make Ethereum transactions safer. Stay safe, stay alert, and be part of the movement!
