Blockchain isn't just about transferring value—it's also a public, immutable ledger capable of storing messages. A notable example occurred during the Poly Network hack, when a security team sent a message to the attacker through transaction input data, warning them that certain funds were frozen. The hacker responded by returning 13.37 ETH—a silent, on-chain conversation that captured global attention.
This article dives deep into how input data in Ethereum transactions enables such interactions, how it works under the hood, and how anyone can use it to send permanent messages on the blockchain.
Understanding Input Data in Ethereum Transactions
In Ethereum, every transaction includes a field called input data (also known as calldata). This field plays a critical role in smart contract interactions and can also be leveraged to embed custom messages.
There are two main types of transactions:
- Contract creation: The input data contains the initialization code (EVM bytecode) for deploying a new smart contract.
- Message call: The input data carries function calls and parameters sent to an existing contract.
For standard ETH transfers between external accounts (EOAs), the input data is typically empty because no smart contract logic is involved. However, when interacting with contracts—like transferring ERC-20 tokens—the input data becomes essential.
👉 Learn how blockchain transactions work behind the scenes
Structure of Input Data
When calling a smart contract function, input data follows a standardized format defined by the Application Binary Interface (ABI). It consists of two parts:
- Function Selector (4 bytes)
- Encoded Parameters
Function Selector
The first 4 bytes of input data represent the function selector, derived from the Keccak-256 hash of the function signature. For example:
keccak256("transfer(address,uint256)") → a9059cbb...Only the first 4 bytes (a9059cbb) are used. This truncation significantly reduces gas costs—sending 32 bytes would cost ~2176 gas, while 4 bytes cost only ~272 gas—saving over 85% in fees.
This design balances efficiency and uniqueness: the probability of two different functions having the same 4-byte selector is extremely low.
Parameter Encoding
Parameters are encoded according to ABI rules:
- Static types (e.g.,
address,uint256,bool): Left-padded with zeros to fill 32 bytes. - Dynamic types (e.g.,
string,bytes, arrays): Use offset pointers followed by actual data.
Example: ERC-20 Transfer
A typical token transfer encodes like this:
a9059cbb // Function: transfer(address,uint256)
000000000000000000000000345d8e3a1f62ee6b1d483890976fd66168e390f2 // _to address
0000000000000000000000000000000000000000000054b7d8ed70650b290000 // _amount (in wei)Each parameter is padded to exactly 32 bytes, ensuring predictable parsing by the EVM.
Short Address Attack: A Historical Vulnerability
One infamous exploit related to input data is the short address attack, which targeted improper input validation in early token contracts.
How It Worked
If a user intentionally removed trailing zeros from an address (e.g., ending in ...fc00 → ...fc), the EVM would still pad it back to 32 bytes—but misinterpret subsequent data.
For instance:
Original:
a9059cbb [address] [amount]
Malformed:
a9059cbb [short address missing two zeros] [amount with two leading zeros]After padding, the missing zeros were taken from the amount field, effectively shifting its value left by one byte—multiplying it by 256.
Attackers exploited this to drain contracts before proper input length checks became standard.
Sending Messages via Input Data
While input data is primarily functional, it can also carry arbitrary information—effectively enabling on-chain messaging.
Since blockchain data is public and permanent, messages embedded here are visible forever through explorers like Etherscan.
Step-by-Step: Embedding a Message in a Transaction
You can send a message using any wallet that allows custom data input. Here's how with MetaMask:
- Enable Advanced Settings
Go to Settings → Advanced → Show Hex Data (enable). - Start a Transfer
Initiate a standard ETH transaction to any address. - Enter Hex-Encoded Message
Convert your text to hexadecimal (e.g., "Hello" →48656c6c6f) and prepend0xin the "Hex Data" field. - Send Transaction
Confirm and broadcast. Once mined, view the input data on Etherscan.
💡 Tip: You don’t need to interact with a contract—this works even for simple ETH transfers.
The recipient can decode the hex string back into readable text using online tools or programming libraries.
👉 Discover how to securely interact with blockchain data
Real-World Use Cases of On-Chain Messaging
Beyond novelty or curiosity, embedding data in transactions has practical applications:
- Proof of Existence: Timestamp and verify document existence without revealing content.
- Supply Chain Tracking: Store batch IDs or certifications immutably.
- Academic Credentialing: Permanently record degrees or achievements.
- Anti-Fraud Systems: Government agencies can use it for invoice verification or anti-counterfeiting tags.
These use cases leverage blockchain’s core strengths: transparency, immutability, and decentralization.
Frequently Asked Questions (FAQ)
Can I send private messages using input data?
No. All input data is public and permanently stored on the blockchain. Never include sensitive or personal information unless it's encrypted.
Does sending data cost more gas?
Yes. Each non-zero byte in input data costs 68 gas, compared to 4 gas for zero bytes. Sending large messages increases transaction fees significantly.
Is there a size limit for input data?
While there’s no strict limit per transaction, practical constraints exist due to block gas limits. Most transactions should keep input data under 32 KB to avoid issues.
Can smart contracts read my message?
Only if the receiving contract is designed to parse arbitrary data. In most cases, messages sent via simple transfers are ignored by contracts unless explicitly programmed to handle them.
Are these messages searchable?
Yes. Blockchain explorers index input data, allowing users to search for specific hex patterns or decoded strings. Some tools even allow filtering by encoded text.
Can I delete or edit a message after sending?
No. Once confirmed, blockchain data is immutable. Always double-check your message before broadcasting.
Final Thoughts
Input data is far more than technical overhead—it’s a powerful tool for communication and verification on the Ethereum network. From securing digital assets to enabling trustless coordination, understanding how to use it opens new possibilities in Web3 development and personal blockchain interaction.
Whether you're a developer building secure contracts or an enthusiast exploring decentralized messaging, mastering input data gives you deeper insight into how Ethereum truly works.
👉 Explore blockchain tools that help you analyze transaction data