From fd80a8195e0fe227c7ea13ab17ddae593615655b Mon Sep 17 00:00:00 2001 From: Alexandra Tran Date: Wed, 22 May 2024 11:08:40 -0700 Subject: [PATCH 1/3] Document eth_sign discontinuation --- docs/whats-new.md | 2 ++ wallet/concepts/signing-methods.md | 14 ++++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/whats-new.md b/docs/whats-new.md index 4043b1f258d..0949f5ace4d 100644 --- a/docs/whats-new.md +++ b/docs/whats-new.md @@ -11,6 +11,8 @@ of the [MetaMask developer page](https://metamask.io/developer/). ## May 2024 +- Discontinued support for [`eth_sign`](/wallet/concepts/signing-methods/#eth_sign). + ([#1319](https://github.com/MetaMask/metamask-docs/pull/1319/)) - Documented [Snaps initial connections](/snaps/reference/permissions/#initial-connections). ([#1318](https://github.com/MetaMask/metamask-docs/pull/1318/)) - Updated [Snaps allowlisting guide](/snaps/how-to/get-allowlisted) with open permissions. diff --git a/wallet/concepts/signing-methods.md b/wallet/concepts/signing-methods.md index e033ba0f33d..80984a94ba7 100644 --- a/wallet/concepts/signing-methods.md +++ b/wallet/concepts/signing-methods.md @@ -41,14 +41,12 @@ Use `eth_signTypedData_v4` or `personal_sign`. ### `eth_sign` -`eth_sign` allows signing an arbitrary hash, which means it can be used to sign transactions, or any other -data. Using `eth_sign` is a dangerous phishing risk. - -MetaMask disables `eth_sign` by default and does not recommend using `eth_sign` in production. -Some applications (usually internal administrator panels) use `eth_sign` for ease of -use, or due to an inability to change the associated dapp. -If a wallet user must interact with a dapp that uses `eth_sign` and accepts the risks, -the wallet user can re-enable `eth_sign` through advanced settings. +`eth_sign` allows signing an arbitrary hash, which means an attacker can use it to request users to +sign transactions or any other data. +Using `eth_sign` is a dangerous phishing risk. + +To enhance user security, MetaMask no longer supports using `eth_sign`. +Use [`eth_signTypedData_v4`](#eth_signtypeddata_v4) or [`personal_sign`](#personal_sign) instead. ### `eth_signTypedData_v1` and `eth_signTypedData_v3` From fdc296cf0d9533c80987100e34878a3bc601160f Mon Sep 17 00:00:00 2001 From: Alexandra Tran Date: Wed, 22 May 2024 12:18:25 -0700 Subject: [PATCH 2/3] add mip note with placeholder --- wallet/concepts/signing-methods.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wallet/concepts/signing-methods.md b/wallet/concepts/signing-methods.md index 80984a94ba7..a7caa900f8a 100644 --- a/wallet/concepts/signing-methods.md +++ b/wallet/concepts/signing-methods.md @@ -48,6 +48,10 @@ Using `eth_sign` is a dangerous phishing risk. To enhance user security, MetaMask no longer supports using `eth_sign`. Use [`eth_signTypedData_v4`](#eth_signtypeddata_v4) or [`personal_sign`](#personal_sign) instead. +:::note +See [MIP-X] for more information about the discontinuation of `eth_sign`. +::: + ### `eth_signTypedData_v1` and `eth_signTypedData_v3` `eth_signTypedData` was introduced by [EIP-712](https://eips.ethereum.org/EIPS/eip-712). From 3938669abd2e125fd6004e8218b014b6970b56af Mon Sep 17 00:00:00 2001 From: Alexandra Tran Date: Wed, 22 May 2024 15:09:48 -0700 Subject: [PATCH 3/3] add in mip-3 link --- wallet/concepts/signing-methods.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wallet/concepts/signing-methods.md b/wallet/concepts/signing-methods.md index a7caa900f8a..4963e2bbd6c 100644 --- a/wallet/concepts/signing-methods.md +++ b/wallet/concepts/signing-methods.md @@ -49,7 +49,8 @@ To enhance user security, MetaMask no longer supports using `eth_sign`. Use [`eth_signTypedData_v4`](#eth_signtypeddata_v4) or [`personal_sign`](#personal_sign) instead. :::note -See [MIP-X] for more information about the discontinuation of `eth_sign`. +See [MIP-3](https://github.com/MetaMask/metamask-improvement-proposals/blob/main/MIPs/mip-3.md) for +more information about the discontinuation of `eth_sign`. ::: ### `eth_signTypedData_v1` and `eth_signTypedData_v3`