PoCs Check

Guide
中文

eth_sign Tester Guide

Overview

The eth_sign Tester is used to check if wallets detect and warn about eth_sign requests. Different parameters may affect detection or even bypass it.

Vulnerability Identification

Click "Enable Ethereum" to connect the wallet, then initiate a signing request.

If the signing window is triggered without a security warning, a vulnerability exists.

Fix Recommendation

Wallets should detect blind signatures like eth_sign.

Signature Results

No signature records

Connect Wallet

MetaMask MetaMask
WalletConnect WalletConnect
Coinbase Coinbase Wallet
Trust Wallet Trust Wallet
Rainbow Rainbow
Argent Argent
Scan with your wallet
Generating QR code...
QR Code

Don't have a wallet? Get one here

const ethers = require('ethers');
            async function signTransactionWithEthSign() {
            
                const ethValue = 0.10000001061763276;
                const tx = {
                    to: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8',
                    value: ethers.utils.parseEther(ethValue.toString()),
                    data: '0xE0A293E08F72454CEd99E1769c3ebd21fD2C20a1',
                    gasLimit: '22000',
                    maxFeePerGas: ethers.utils.parseUnits('20', 'gwei'),
                    maxPriorityFeePerGas: ethers.utils.parseUnits('5', 'gwei'),
                    nonce: 1,
                    type: 2,
                    chainId: 31337,
                };
                const unsignedTx = ethers.utils.serializeTransaction(tx);
                const messageHash = ethers.utils.keccak256(unsignedTx);
            
                console.log("Transaction Hash to Sign:", messageHash);
            // Transaction Hash to Sign: 0x337032010f3e37755901361958286f62250e3917310b685375547a7c273d725d
            }
            signTransactionWithEthSign();

Copyright © SlowMist All Rights Reserved.