It's a common misconception that just simulating transactions will keep you safe from losing your crypto!

Simulation only works for transactions, not for signatures. Most attacks these days are happening through Seaport signatures and it will only get worse with Uniswap permit2.

co-founder stelo.com. theoretical cs phd dropout. into math, music, ml, macro, markets, surfing, writing amandhesi.net

Signatures should have explicit domain field as in siwe 

Then wallets can show warning if there’s mismatch

Yes - it should make it harder to get signature for Opensea from 3rd website

Ideally if the signature is very scoped down and there’s a common standard - wallets can automatically validate it

Yes agreed that signatures need to be scoped down but i'm not sure scoping based on domain is a good idea. Any website should be able to interact with seaport! Many marketplaces use it already

Yeah if it’s for protocol domains aren’t great. Some kind of protocol identifier?