It's a common misconception that just simulating transactions will keep you safe from losing your crypto!

Simulation only works for transactions, not for signatures. Most attacks these days are happening through Seaport signatures and it will only get worse with Uniswap permit2.

co-founder stelo.com. theoretical cs phd dropout. into math, music, ml, macro, markets, surfing, writing amandhesi.net

Signatures should have explicit domain field as in siwe 

Then wallets can show warning if there’s mismatch

Yes - it should make it harder to get signature for Opensea from 3rd website

Ideally if the signature is very scoped down and there’s a common standard - wallets can automatically validate it

Yes agreed that signatures need to be scoped down but i'm not sure scoping based on domain is a good idea. Any website should be able to interact with seaport! Many marketplaces use it already

EIP-712, which is what seaport signatures use, has domains but not in the browser URL sense, it identifies the smart contract the signature is valid for. This would help with simulators, since the sim knows where the sig is going.