Disable eth_sign by default, allow users to toggle it back on

[409H]

Explanation

After looking at various phishing kits (and de-obfuscating), there are enormous trends between different kits that they all abuse eth_sign to ask users to inadvertently sign a transaction (as MetaMask UI is opaque to an on-chain transaction being signed). You can read more about the attack here.

I'd estimate that the abuse of eth_sign is near equal to the abuse of Wyvern and Seaport contracts in a manner to steal NFTs through creating orders for 0 eth to a specific beneficiary.

In short: eth_sign has been consistently abused by phishers/scammers to steal funds and the case may be that only power-users who use very legacy dapps may need to still use eth_sign.

• Disable eth_sign by default - throw an ethErrors.rpc.methodNotFound exception
• Allow the user to enable eth_sign through "Advanced Settings"

RPC Method preferences are stored within rpcMethodPreferences in the store state, allow for us to develop this further if someone wants to lock down rpc calls into MetaMask

Screenshots/Screencaps

Manual Testing Steps

1. Go to https://metamask.github.io/test-dapp/
2. Open Developer Tools
3. Click "Sign" button under the heading "Eth Sign"
4. See the exception thrown and no prompt to sign within MetaMask
5. Go into MetaMask > Settings > Advanced Settings
6. Toggle eth_sign to be enabled
7. goto: 1

Pre-merge author checklist

• I've clearly explained:
  • What problem this PR is solving
  • How this problem was solved
  • How reviewers can test my changes
• Sufficient automated test coverage has been added

Pre-merge reviewer checklist

• Manual testing (e.g. pull and build branch, run in browser, test code being changed)
• PR is linked to the appropriate GitHub issue
• IF this PR fixes a bug in the release milestone, add this PR to the release milestone

If further QA is required (e.g. new feature, complex testing steps, large refactor), add the Extension QA Board label.

In this case, a QA Engineer approval will be be required.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[holantonela]

The content of the toggle should be:

Title: Allow eth_sign requests
Description: Turn this on to enable dapps to request you eth_sign requests. eth_sign is an open-ended signing method that allows signing an arbitrary hash, which means it can be used to sign transactions, or any other data, making it a dangerous phishing risk. Only sign eth_sign requests if you are able to read what you are signing and you trust the origin.
Default: OFF

@coreyjanssen could we have your review here?

[coreyjanssen]

revised content here (made it a bit more user-friendly):

Title: Allow eth_sign requests

Description: Turn this on to let dapps request your signature using eth_sign requests. eth_sign is an open-ended signing method that lets you sign an arbitrary hash, making it a dangerous phishing risk. Only sign eth_sign requests if you can read what you are signing and trust the origin of the request.

Default: OFF

@holantonela

[409H]

@holantonela @coreyjanssen thank you, i have pushed the copy change in 37d0ba3

[jpuri]

I think if an eth_sign request comes to extension we should show message to user to enable it in settings, else it may be broken experience for those we are using it currently.

[holantonela]

I think if an eth_sign request comes to extension we should show message to user to enable it in settings, else it may be broken experience for those we are using it currently.

Good point. But, if we ask users to enable it the right away, we are missing the point of making it optional. After we release, we can learn more things about how users use or not eth_sign.

In the case we want to prompt users to change defaults, we can offer users the option to save the origin domain in a safe list so if they trust the origin, they allow them to trigger eth_sign requests even when it is disabled (and other perks too). This should be a local list managed in Settings > General by all the accounts.

[holantonela]

This PR closes #17491

[jpuri]

Looks good 👍

[seaona]

Instead of enabling eth_sign with Settings, we could skip all the steps below by enabling it from the state. This will make the test faster and complies with the standards followed on e2e.

Detailed explanation: on fixture-builder file, we could add the state for eth_sign and set it to true on a function below, in the same way it's done with other preferences.

Then on this test, we can just enable that fixture like this example:

.withPreferencesController({
            preferences: {
              showFiatInTestnets: true,
            },

[409H]

Thanks @seaona - changed in c51da5e