chore: Fully remove eth_sign

[adonesky1]

Explanation

Months ago, because of phishing risk, we disabled the eth_sign API method by default (users could manually enable it with a preference toggle). Now because of additional risk associated with potentially malicious EIP-3074 invokers we are fully removing support for this method.

This PR introduces the changes to @metamask/signature-controller and @metamask/preferences-controller from MetaMask/core#4319 which remove eth_sign related infrastructure.

Additionally it removes all instances of eth_sign components and references from the extension codebase.

References

• Fixes https://github.com/MetaMask/MetaMask-planning/issues/2371

Manual testing steps

1. Go to the e2e test dapp
2. Connect the wallet
3. Scroll down to the Eth Sign card (https://metamask.github.io/test-dapp/#ethSign)
4. Click Sign
5. You should see Error: The method "eth_sign" does not exist / is not available.

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@metamask/logging-controller@5.0.0	None	0	84.6 kB	metamaskbot
npm/@metamask/signature-controller@17.0.0	None	0	221 kB	metamaskbot

🚮 Removed packages: npm/@metamask/logging-controller@3.0.1, npm/@metamask/signature-controller@16.0.0

View full report↗︎

[adonesky1]

@metamaskbot update-policies

[metamaskbot]

Policies updated

[FrederikBolding]

Can we remove this now?

[adonesky1]

Yes. Not sure why but I thought I'd forgotten to remove it as an option so was going to loop back to it but it can be remove removed now.

[adonesky1]

343ee96

[FrederikBolding]

Why the change in test data here? IIRC the data is stringified like MOCK_SIGN_DATA

[adonesky1]

So I didn't change the way the data was formatted in the actual component for eth_signTypedData see here... I agree this doesn't seem right. But as you can see here, this data is expected to be mappable. So what I've done here is preserve the existing behavior but make the test pass because of expectations embedded in the component that I didn't necessarily want to dig further into because of 👇

A few things. This component is technically deprecated and slated for removal shortly. I'm not clear on the original API method signature for eth_signTypedData (v1) since EIP-712 doesn't have a changelog...

[FrederikBolding]

Can't we delete the state and component for showSignatureRequestWarning too?

[adonesky1]

343ee96

[FrederikBolding]

Nit: Perhaps just throwing here is simpler?

[adonesky1]

343ee96

[gantunesr]

Approved for team-accounts.

Just reviewed the file snap-keyring/metrics.test.ts

[sonarcloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[metamaskbot]

Builds ready [7c1a3b8]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (207 ± 218 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	57	310	102	57	27
		domContentLoaded	9	60	21	15	7
		load	37	1600	207	454	218
		domInteractive	9	60	21	15	7

Bundle size diffs [🚀 Bundle size reduced!]

• background: -8.63 KiB (-0.25%)
• ui: -12.09 KiB (-0.17%)
• common: -2.47 KiB (-0.04%)

[gantunesr]

Approved for team-accounts.

Just reviewed the file snap-keyring/metrics.test.ts

[albertolive]

@adonesky1, the only thing I'm afraid of in this PR is the removal of this newUnsignedMessage for the custodian accounts. Let me talk with the team first. cc @zone-live @shane-t

[shane-t]

I'm not concerned about it, because it willy only be true if the method is eth_sign based on the other conditions in the block.