security: add prominent danger warning for eth_sign requests

2026-02-27 11:35:21 -08:00
parent 95314ff229
commit 13e2bdb0b0
3 changed files with 25 additions and 0 deletions
--- a/src/background/index.js
+++ b/src/background/index.js
@@ -441,6 +441,13 @@ async function handleRpc(method, params, origin) {
                ? { method, message: params[0], from: params[1] }
                : { method, message: params[1], from: params[0] };

+        if (method === "eth_sign") {
+            signParams.dangerWarning =
+                "\u26a0\ufe0f DANGER: This site is requesting to sign a raw hash. " +
+                "This can be used to sign transactions that drain your funds. " +
+                "Only proceed if you fully understand what you are signing.";
+        }
+
        const decision = await requestSignApproval(
            origin,
            hostname,