MetaMask · shanejonas · Feb 22, 2023 · Feb 23, 2023 · Feb 23, 2023 · Feb 23, 2023
@@ -3,6 +3,7 @@
 exports[`AdvancedSettings should render correctly 1`] = `
 <AdvancedSettings
   chainId="1"
+  enableEthSign={false}
   fullState={
     Object {
       "engine": Object {
@@ -13,6 +14,9 @@ exports[`AdvancedSettings should render correctly 1`] = `
             },
           },
           "PreferencesController": Object {
+            "disabledRpcMethodPreferences": Object {
+              "eth_sign": false,
+            },
             "ipfsGateway": "https://ipfs.io/ipfs/",
           },
         },

@@ -133,6 +133,10 @@ class AdvancedSettings extends PureComponent {
      * Indicates whether hex data should be shown in transaction editor
      */
     showHexData: PropTypes.bool,
+    /**
+     * Allow dapp api requests to eth_sign
+     */
+    enableEthSign: PropTypes.bool,
     /**
      * Called to toggle show hex data
      */
@@ -292,6 +296,11 @@ class AdvancedSettings extends PureComponent {
     PreferencesController.setIpfsGateway(ipfsGateway);
   };
 
+  setEnableEthSign = (enabled) => {
+    const { PreferencesController } = Engine.context;
+    PreferencesController.setDisabledRpcMethodPreference('eth_sign', enabled);
+  };
+
   toggleTokenDetection = (detectionStatus) => {
     const { PreferencesController } = Engine.context;
     PreferencesController.setUseTokenDetection(detectionStatus);
@@ -336,6 +345,7 @@ class AdvancedSettings extends PureComponent {
       setShowHexData,
       setShowCustomNonce,
       ipfsGateway,
+      enableEthSign,
     } = this.props;
     const { resetModalVisible, onlineIpfsGateways } = this.state;
     const { styles, colors } = this.getStyles();
@@ -424,6 +434,27 @@ class AdvancedSettings extends PureComponent {
                 />
               </View>
             </View>
+            <View style={styles.setting}>
+              <Text style={styles.title}>
+                {strings('app_settings.enable_eth_sign')}
+              </Text>
+              <Text style={styles.desc}>
+                {strings('app_settings.enable_eth_sign_desc')}
+              </Text>
+              <View style={styles.marginTop}>
+                <Switch
+                  value={enableEthSign}
+                  onValueChange={this.setEnableEthSign}
+                  trackColor={{
+                    true: colors.primary.default,
+                    false: colors.border.muted,
+                  }}
+                  thumbColor={importedColors.white}
+                  style={styles.switch}
+                  ios_backgroundColor={colors.border.muted}
+                />
+              </View>
+            </View>
             <View style={styles.setting}>
               <Text style={styles.title}>
                 {strings('app_settings.show_custom_nonce')}
@@ -474,6 +505,9 @@ const mapStateToProps = (state) => ({
   ipfsGateway: state.engine.backgroundState.PreferencesController.ipfsGateway,
   showHexData: state.settings.showHexData,
   showCustomNonce: state.settings.showCustomNonce,
+  enableEthSign:
+    state.engine.backgroundState.PreferencesController
+      .disabledRpcMethodPreferences.eth_sign,
   fullState: state,
   isTokenDetectionEnabled:
     state.engine.backgroundState.PreferencesController.useTokenDetection,

@@ -11,6 +11,9 @@ const initialState = {
     backgroundState: {
       PreferencesController: {
         ipfsGateway: 'https://ipfs.io/ipfs/',
+        disabledRpcMethodPreferences: {
+          eth_sign: false,
+        },
       },
       NetworkController: {
         provider: { chainId: '1' },

@@ -340,7 +340,15 @@ export const getRpcMethodMiddleware = ({
         throw ethErrors.rpc.methodNotSupported();
       },
       eth_sign: async () => {
-        const { MessageManager } = Engine.context;
+        const { MessageManager, PreferencesController } = Engine.context;
+        const { disabledRpcMethodPreferences } = PreferencesController.state;
+        const { eth_sign } = disabledRpcMethodPreferences;
+
+        if (!eth_sign) {
+          throw ethErrors.rpc.methodNotFound(
+            'eth_sign has been disabled. You must enable it in the advanced settings',
+          );
+        }
         const pageMeta = {
           meta: {
             url: url.current,

@@ -555,6 +555,8 @@
     "nft_autodetect_desc": "Displaying NFT media & data may expose your IP address to centralized servers. Third-party APIs (like OpenSea) are used to detect NFTs in your wallet. This exposes your account address with those services. Leave this disabled if you don't want the app to pull data from those services.",
     "show_hex_data": "Show Hex Data",
     "show_hex_data_desc": "Select this to show the hex data field on the send screen.",
+    "enable_eth_sign": "Toggle eth_sign requests",
+    "enable_eth_sign_desc": "Turn this on to let dapps request your signature using eth_sign requests. eth_sign is an open-ended signing method that lets you sign an arbitrary hash, making it a dangerous phishing risk. Only sign eth_sign requests if you can read what you are signing and trust the origin of the request.",
     "show_custom_nonce": "Customize transaction nonce",
     "custom_nonce_desc": "Turn this on to change the nonce (transaction number) on confirmation screens. This is an advanced feature, use cautiously.",
     "accounts_identicon_title": "Account Identicon",

@@ -153,7 +153,7 @@
     "@metamask/network-controller": "^1.0.0",
     "@metamask/permission-controller": "^1.0.2",
     "@metamask/phishing-controller": "^2.0.0",
-    "@metamask/preferences-controller": "^1.0.1",
+    "@metamask/preferences-controller": "^2.1.0",
     "@metamask/sdk-communication-layer": "^0.1.0",
     "@metamask/swaps-controller": "^6.8.0",
     "@metamask/transaction-controller": "^1.0.0",

@@ -3980,6 +3980,14 @@
     "@metamask/controller-utils" "^2.0.0"
     immer "^9.0.6"
 
+"@metamask/base-controller@^2.0.0":
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/@metamask/base-controller/-/base-controller-2.0.0.tgz#8f9130df3edaa270ade00378cf57917545d44617"
+  integrity sha512-DppA4/HCabsphVucNRpWA3/mp6m2KhZr/8gidSlpUNLMFqljOKA81GW9nemN3HDqH1RoZdXusI82/4SPEbdbaA==
+  dependencies:
+    "@metamask/controller-utils" "^3.0.0"
+    immer "^9.0.6"
+
 "@metamask/base-controller@~1.0.0":
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/@metamask/base-controller/-/base-controller-1.0.0.tgz#9de86efafdf88b46f6d3710f8708a9515fd8ecf6"
@@ -4034,6 +4042,17 @@
     fast-deep-equal "^3.1.3"
     isomorphic-fetch "^3.0.0"
 
+"@metamask/controller-utils@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@metamask/controller-utils/-/controller-utils-3.0.0.tgz#e0984cdab14280409297671b5858891527c5e4ee"
+  integrity sha512-JjFWBZnnh5DSX2tRsw5xtXxaqVkTzaW7mkSZ+lL3LoCAw47Cf8zGP1kGR6VKxcceKi+MpEFvZr7gf1OFnOoEjw==
+  dependencies:
+    eth-ens-namehash "^2.0.8"
+    eth-rpc-errors "^4.0.0"
+    ethereumjs-util "^7.0.10"
+    ethjs-unit "^0.1.6"
+    fast-deep-equal "^3.1.3"
+
 "@metamask/controllers@^26.0.0":
   version "26.0.0"
   resolved "git+https://github.com/MetaMask/controllers.git#d4e9507d9612f2d36c3f848333b33330a19b811b"
@@ -4229,6 +4248,14 @@
     "@metamask/base-controller" "^1.1.1"
     "@metamask/controller-utils" "^1.0.0"
 
+"@metamask/preferences-controller@^2.1.0":
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/@metamask/preferences-controller/-/preferences-controller-2.1.0.tgz#c3ed464259f3f969ff492167c368752d23db3924"
+  integrity sha512-/GvYSaCCT0DVDZLlt8eiJDcw7WNFeIMpssP0X0+MK+Ye5eGEMp0Wo0n5uoMOKDR+x3HnWo5YuVGHBlSCnusEeg==
+  dependencies:
+    "@metamask/base-controller" "^2.0.0"
+    "@metamask/controller-utils" "^3.0.0"
+
 "@metamask/safe-event-emitter@^2.0.0":
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/@metamask/safe-event-emitter/-/safe-event-emitter-2.0.0.tgz#af577b477c683fad17c619a78208cede06f9605c"