[Bug]: Blockaid warning only appears when signing a malicious transaction, but not when signing a malicious signature/permit on a chain that is not on the supported list

[Nick-Son]

Describe the bug

https://github.com/MetaMask/MetaMask-planning/issues/3940

For networks that are not on the supported network list, the Blockaid warning only appears for malicious transfers, but not malicious signature requests.

Expected behavior

When presented with a malicious signature request on a network that is not on the supported network list, that I will see a warning from Blockaid, warning that it is a deceptive request.

Screenshots/Recordings

Screen.Recording.2025-03-07.at.2.01.26.pm.mov

Steps to reproduce

1. Connect to test dapp (https://metamask.github.io/test-dapp/)
2. Select a network that is not included in the supported network list (tested with Sonic network and Blast)

// previous supported chains
ARBITRUM = '0xa4b1'
AVALANCHE = '0xa86a'
BASE = '0x2105'
BERACHAIN = '0x138d4'
BSC = '0x38'
LINEA_MAINNET = '0xe708'
MAINNET = '0x1'
METACHAIN_ONE = '0x1b6e6'
OPBNB = '0xcc'
OPTIMISM = '0xa'
POLYGON = '0x89'
SCROLL = '0x82750'
SEPOLIA = '0xaa36a7'
ZKSYNC_ERA = '0x144'

3. Perform a transaction under PPOM - Malicious Transactions and Signatures, observe that the Blockaid warning does appear
4. Sign a signature under PPOM - Malicious Transactions and Signatures, observe that the Blockaid warning does not appear

Error messages or log output

Detection stage

During release testing

Version

12.14.0

Build type

None

Browser

Chrome

Operating system

MacOS

Hardware wallet

No response

Additional context

No response

Severity

No response

[cryptotavares]

Removing the release blocker and downgrading it to a sev2 as this is not a regression. Before we were only running validations on a list of supported networks. For 12.14 we have enabled static validations (which are less accurate at detecting scams) for all networks that are not part of the previous supported list.
For networks not part of the previous supported list, the ability to flag the transactions is already an improvement over 12.13. Failing to detect a malicious signature is exactly the same behaviour as we had in previous versions. So I would not classify this as a regression.

Finally, when looking through the issue, we saw that it was the ppom itself that was returning benign. This can be due to the signature that we have configured in the test dapp (the malicious permit might not be valid for every network... for example the spender contract can be flagged as malicious in mainnet or other networks but not on Sonic or Mantle). We will look into this and determined if we just need to create a different test case and add it to the test dapp or if this is an actual issue with ppom.