When sending an extrinsic, whether it is to transfer funds or to take some other action, it is always good practice to verify the extrinsic's details before actually signing it. Once an extrinsic has been broadcasted and added to a block, then it's irreversible and too late to correct potential mistakes.



Verify an extrinsic in the Polkadot extension


The Polkadot extension is your gateway to the Web 3.0 Polkadot ecosystem as it can connect to any site build on it. Because of that, it's very important that you verify your extrinsics before signing them, especially when interacting with a third-party site.


When you are about to issue an extrinsic, a pop-up window will open asking you to sign using the selected account. In this window you can see what you're signing.



Verify an extrinsic in the Polkadot-JS UI


If you're using the Polkadot-JS UI you will see the confirmation window after you enter the extrinsic's details, where you confirm it's what you mean to sign.


Verify an extrinsic using Ledger


If you're using a Ledger account then you will see the same details as above depending on whether you've added your account in the Polkadot extension or on the Polkadot-JS UI directly. The difference is that the extrinsic is singed on the Ledger where you can verify (again) its details.


IMPORTANT: If you're visiting a phishing site that might show one extrinsic on the screen, but actually is sending a different one to the device, the true extrinsic details will be shown on the device. Always trust the Ledger device over what's shown on screen! That's what you're singing!


When you click to sign on the Ledger the extrinsic details will be shown on the device's screen. Click on the buttons on your device to scroll through the details


1. First the extrinsic to be singed is shown. On the top the pallet is shown (balances in this example) and on the bottom the specific extrinsic (Transfer keep alive in this example)


2. Then the extrinsic details (in this example the destination account)


3. Then the amount involved (in this example the amount to be transferred)


4. If the details are correct, then you get to Approve the extrinsic in the next screen. If the details are not what you expected or what was shown on your computer's screen, DO NOT approve the extrinsic but move to the next screen and Reject it!



Verify an extrinsic using Parity Signer


Unfortunately, at this time, Parity Singer doesn't support verifying the extrinsic details on the device before signing. That's because, in order to keep the app airtight, it doesn't have the chain metadata that is needed in order to decode the extrinsic to be signed. 


For this reason it is VERY IMPORTANT that you FULLY TRUST the site that shows you the extrinsic QR to be signed.