metamask-extension icon indicating copy to clipboard operation
metamask-extension copied to clipboard

Published 20 hours ago verified publisher icon MetaMask

Add a "Your funds may be at risk" friction modal to eth_sign signature's requests

Open bschorchit opened this issue 2 years ago • 1 comments

Resources

Figma Design file

Acceptance Criteria

  1. Clicking Sign on eth_sign request does NOT sign the message, instead it displays this new modal;
  2. Modal follows same design as https://github.com/MetaMask/metamask-extension/issues/15700;
  3. Title on top of modal is: Your funds may be at risk instead of Your NFTs may be at risk;
  4. Total: <number> part of the original modal is not displayed;
  5. The copy displayed is: Signing this message can be dangerous. This signature could potentially perform any operation on your account's behalf, including granting complete control of your account and all of its assets to the requesting party. Only sign this message if you know what you're doing and completely trust the requesting site. Learn more - this should be reviewed by Corey;
  6. Learn more link leads to https://consensys.net/blog/metamask/the-seal-of-approval-know-what-youre-consenting-to-with-permissions-and-approvals-in-metamask/ (we should consider a more specific article in the future);
  7. Clicking on Reject rejects the signature request (same behavior as clicking on "Reject/Cancel" on the previous screen or in the current existing screen) (Use 'Reject" instead of Cancel from design);
  8. Clicking on Sign signs and submits the message (same behavior as clicking on Sign in the current existing screen).

Steps to Reproduce

  1. Open the test dapp https://metamask.github.io/test-dapp/
  2. Under the Eth Sign section, click on "Sign"

bschorchit avatar Sep 21 '22 18:09 bschorchit

@coreyjanssen could you help us improve the copy in this modal? I've just copied and paste the same message we currently display as a warning in the signature request page. Some notes from Dan on this copy are here: https://github.com/MetaMask/metamask-extension/issues/11337

bschorchit avatar Sep 21 '22 18:09 bschorchit

@bschorchit thoughts on this as an option?

Signing this message could be dangerous. You may be giving total control of your account and assets to the party on the other end of this message. That means they can drain your account at any time. Proceed with caution. Learn more.

coreyjanssen avatar Sep 22 '22 23:09 coreyjanssen

Thank you, Corey ❤️ I would only change the can to could on That means they can drain your account at any time. as below:

Signing this message could be dangerous. You may be giving total control of your account and assets to the party on the other end of this message. That means they could drain your account at any time. Proceed with caution. Learn more.

bschorchit avatar Sep 23 '22 19:09 bschorchit

@bschorchit that works!!

coreyjanssen avatar Sep 23 '22 20:09 coreyjanssen

[Update: this is not relevant anymore] This should be released at least 1 release after https://github.com/MetaMask/metamask-extension/issues/15945.

bschorchit avatar Sep 23 '22 20:09 bschorchit

I've updated the above description to refer to this PR https://github.com/MetaMask/metamask-extension/pull/16195 as the design pattern to be used here. Saya has already reviewed the design in that PR and gave a ✅

bschorchit avatar Oct 13 '22 15:10 bschorchit

Hi @bschorchit @SayaGT, Can you confirm that the design is correct? image

amerkadicE avatar Oct 18 '22 07:10 amerkadicE

hello, it seems I'm late to the party here. I saw that there is no close button on the modal for the user to close and review the message before making their decision to sign or reject. Is this something we could consider adding in?

cc: @amerkadicE @bschorchit @coreyjanssen

digiwand avatar Dec 01 '22 17:12 digiwand