Okay when you say user monitor device are compromised increasing the risk of blind signing, do you mean the ledger hardware wallet device?
No, I mean the user PC/Mobile display screen, as in the article.
since your display screen (the computer or mobile) is connected to the internet, it is vulnerable to hacking.
Ledger claims their hardware wallet stops blind signing so what do you mean when you mentioned HW does not eliminate blind signing?
Ledger claimed hardware wallet(HW) does eliminate blind signing in the context of "Trusted display". It means, in any way the information showed within the HW is as intended and verifiable. It makes sure the true contract or transaction message/execution is not compromised so the user will be able to verify it.
Taking the whole context, it is only viable if the dApps are supported by Ledger, and assuming the user is indeed comprehending and verifying what the information shows. If the user does not verify it by themselves, they are technically still blind signing it, even if they use HW. So that is why I said HW does not eliminate blind signing risk, taking the broad context.
See the examples below, it shows users who are
blind signing when they use HW:
Blind Signing — A Security Black Hole for the Ethereum Communityblind-signing-the-crypto-attack-vector-you-must-be-aware-of #See the SCAMS section.
How do investors that do not know coding or programming able to verify a smart contract to see if there is any dodgy codes written?
Your concern is on point and unfortunately, there is no easy way or at least a simple way for regular users. I once saw a site that is able to verify a smart contract, to see what functions the contract contained, and how it affects the users. But sadly, I didn't bookmark it nor able to confirm the validity of the site.
How do you verify contract execution by ourselves and making sure we are interacting with the right contracts?
In an effort to minimize blind signing verifying anything not trusting is the essence. But the point I try to make is by simply staying away from any shady tokens or illegitimate sites would minimize any scams risks.
