Make it an option to make personalsign payloads flow to the rpc endpoint and back using jsonrpc endpoints
A massive number of hacks have happened recently related to malicious personal sign payloads. Like kevin rose and many others.
Im building an rpc based service that analyzes tx in between MetaMask and the mainnet network. This way the services helps people understand the tx they are signing. However i cannot help the user analyze personalsign payloads as an rpc endpoint unless this feature exists.
Hey ethereumdegen, thanks for wanting to make Ethereum safer!
You’re in luck: We’ve been working on a couple different approaches to let developers hook into the tx lifecycle to help warn users and keep them safer (I don’t think we can get enough help until there is zero theft).
One approach is via a snap, which is a script that runs locally on the user’s machine. You can try that api out today using MetaMask Flask. We’re also working on a no-plugin approach that should get to production sooner, and will have a similar interface but for providing the interface via a remote API like you’re suggesting. If you make a snap that makes a network request, you’ll be able to validate your UX right away, focus on making your server to keep txs safer, and will be positioned nicely to be ready for as soon as we allow extra security providers to be subscribed to.
That is great news. I did a little research and also asked in the discord to see if it is possible to intercept signTypedData using a snap and so far it seems like there is no hook available for that at this time. I only see a hook for intercepting a full blown transaction (gas-based, not gasless).
Therefore my new proposal is as follows: to add a hook for snaps that would let them intercept the signTypedData popup and render better contextual images and text instead of the default printout of the raw typed data. If you look at JoinFire wallet, that is what they are doing and my vision is that MetaMask would be able to accomplish this in snaps.
I added a discussion for this on the MetaMask snaps-monorepo, discussion number 1165. I cant add links here.