MetaMask · legobeat · Sep 12, 2023 · Sep 1, 2023
@@ -192,7 +192,7 @@ describe('simple-keyring', function () {
     it('throw error for invalid message', async function () {
       await keyring.deserialize([privateKey]);
       await expect(keyring.signMessage(address, '')).rejects.toThrow(
-        'Cannot convert 0x to a BigInt',
+        'Cannot sign invalid message',
       );
     });
 

@@ -94,9 +94,15 @@ export default class SimpleKeyring implements Keyring<string[]> {
   async signMessage(
     address: Hex,
     data: string,
-    opts = { withAppKeyOrigin: '' },
+    opts = { withAppKeyOrigin: '', validateMessage: true },
   ) {
     const message = stripHexPrefix(data);
+    if (
+      opts.validateMessage &&
+      (message.length === 0 || !message.match(/^[a-fA-F0-9]*$/u))
+    ) {
+      throw new Error('Cannot sign invalid message');
+    }
     const privKey = this.#getPrivateKeyFor(address, opts);
     const msgSig = ecsign(Buffer.from(message, 'hex'), privKey);
     const rawMsgSig = concatSig(toBuffer(msgSig.v), msgSig.r, msgSig.s);