Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing

Summary:

The Starknet Snap by Consensys contains a critical security vulnerability that allows malicious websites to bypass user authorization when signing messages or transactions. The vulnerability exists in the enableAuthorize parameter which can be controlled by any website. When set to false, the confirmation dialog is not shown to the user, allowing a malicious website to sign arbitrary messages or transactions without user approval, potentially leading to asset theft.

Steps To Reproduce:

1. Make sure MetaMask is installed
2. Visit https://snaps.consensys.io/starknet
3. Click "Connect with MetaMask" button to install the StarkNet Snap
4. Download the html file: "exp-starknet.html" and host it on local port 5555
5. Visit http://localhost:5555/exp-starknet.html
6. Click "start PoC" button