PoCs Check

Guide
中文

eth_sign Tester Guide

Overview

The eth_sign Tester is used to check if wallets detect and warn about eth_sign requests. Different parameters may affect detection or even bypass it.

Vulnerability Identification

Click "Enable Ethereum" to connect the wallet, then initiate a signing request.

If the signing window is triggered without a security warning, a vulnerability exists.

Fix Recommendation

Wallets should detect blind signatures like eth_sign.

Signature Results

No signature records
const ethers = require('ethers');
            async function signTransactionWithEthSign() {
            
                const ethValue = 0.10000001061763276;
                const tx = {
                    to: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8',
                    value: ethers.utils.parseEther(ethValue.toString()),
                    data: '0xE0A293E08F72454CEd99E1769c3ebd21fD2C20a1',
                    gasLimit: '22000',
                    maxFeePerGas: ethers.utils.parseUnits('20', 'gwei'),
                    maxPriorityFeePerGas: ethers.utils.parseUnits('5', 'gwei'),
                    nonce: 1,
                    type: 2,
                    chainId: 31337,
                };
                const unsignedTx = ethers.utils.serializeTransaction(tx);
                const messageHash = ethers.utils.keccak256(unsignedTx);
            
                console.log("Transaction Hash to Sign:", messageHash);
            // Transaction Hash to Sign: 0x337032010f3e37755901361958286f62250e3917310b685375547a7c273d725d
            }
            signTransactionWithEthSign();

Copyright © SlowMist All Rights Reserved.