eth_sign is not adding the expected prefix

[rmeissner]

Describe the bug
Currently calling eth_sign will sign the raw message hash provided in this call (which seems to be expected when looking at comments and #1930). According to https://eth.wiki/json-rpc/API#eth_sign this method should return a signature based on the prefixed message hash.

This also leads to inconsistencies when a hardware wallet is connected (e.g. Trezor see Legacy and Model T) as they add the prefix.

Steps to reproduce (REQUIRED)

• call eth_sign with a message hash
• The returned signature is the raw hash signed.
• TODO: add simple example app

Expected behavior

• According to https://eth.wiki/json-rpc/API#eth_sign it should add the prefix, hash it and then sign it and return the signature

Edit:
The method with the expected behaviour is personal_sign ... I just find it very confusing that MetaMask is not following the common behaviour here to use this for eth_sign

[danfinlay]

MetaMask implemented eth_sign back before it had a prefix, when this behavior was the most widely used behavior. Geth then decided to add the prefix out of security concerns, but we already had applications relying on our behavior, so we did not have the luxury of changing the behavior of our existing methods.

You can read more about this history here

Rather than remove the method for security concerns, we added a strong warning for usage, and this has seemed to mitigate dangers to users, as it makes users appropriately skeptical of any such signature they approve.