Skip to content

feat: transaction batch security validation #5526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 25, 2025
Merged

feat: transaction batch security validation #5526

merged 2 commits into from
Mar 25, 2025

Conversation

@matthewwalsh0
Copy link
Member

@matthewwalsh0 matthewwalsh0 commented Mar 23, 2025
edited
Loading

Explanation

Support triggering security validation in the client while processing transaction batches.

Specifically:

  • Add ValidateSecurityRequest type.
  • Add optional validateSecurity callback to TransactionBatchRequest type.
  • Add optional securityAlertId to AddTransactionBatchRequest type.
  • Add optional securityAlertId to SecurityAlertResponse type.
  • Call validateSecurity callback after generating EIP-7702 transaction.
  • Include delegationMock if an EIP-7702 type 4 transaction.

References

Relates to #31263

Changelog

See CHANGELOG.md.

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've highlighted breaking changes using the "BREAKING" category above as appropriate
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

@matthewwalsh0 matthewwalsh0 marked this pull request as ready for review March 23, 2025 20:03
@matthewwalsh0 matthewwalsh0 requested review from a team as code owners March 23, 2025 20:03
@matthewwalsh0
Copy link
Member Author

matthewwalsh0 commented Mar 23, 2025

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Mar 23, 2025

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/accounts-controller": "27.0.0-preview-c3c4c63",
  "@metamask-previews/address-book-controller": "6.0.3-preview-c3c4c63",
  "@metamask-previews/announcement-controller": "7.0.3-preview-c3c4c63",
  "@metamask-previews/approval-controller": "7.1.3-preview-c3c4c63",
  "@metamask-previews/assets-controllers": "55.0.1-preview-c3c4c63",
  "@metamask-previews/base-controller": "8.0.0-preview-c3c4c63",
  "@metamask-previews/bridge-controller": "11.0.0-preview-c3c4c63",
  "@metamask-previews/bridge-status-controller": "10.0.0-preview-c3c4c63",
  "@metamask-previews/build-utils": "3.0.3-preview-c3c4c63",
  "@metamask-previews/chain-agnostic-permission": "0.2.0-preview-c3c4c63",
  "@metamask-previews/composable-controller": "11.0.0-preview-c3c4c63",
  "@metamask-previews/controller-utils": "11.6.0-preview-c3c4c63",
  "@metamask-previews/earn-controller": "0.9.0-preview-c3c4c63",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-c3c4c63",
  "@metamask-previews/ens-controller": "16.0.0-preview-c3c4c63",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-c3c4c63",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-c3c4c63",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-c3c4c63",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-c3c4c63",
  "@metamask-previews/keyring-controller": "21.0.0-preview-c3c4c63",
  "@metamask-previews/logging-controller": "6.0.4-preview-c3c4c63",
  "@metamask-previews/message-manager": "12.0.1-preview-c3c4c63",
  "@metamask-previews/multichain": "4.0.0-preview-c3c4c63",
  "@metamask-previews/multichain-api-middleware": "0.1.1-preview-c3c4c63",
  "@metamask-previews/multichain-network-controller": "0.3.0-preview-c3c4c63",
  "@metamask-previews/multichain-transactions-controller": "0.8.0-preview-c3c4c63",
  "@metamask-previews/name-controller": "8.0.3-preview-c3c4c63",
  "@metamask-previews/network-controller": "23.1.0-preview-c3c4c63",
  "@metamask-previews/notification-services-controller": "5.0.0-preview-c3c4c63",
  "@metamask-previews/permission-controller": "11.0.6-preview-c3c4c63",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-c3c4c63",
  "@metamask-previews/phishing-controller": "12.4.1-preview-c3c4c63",
  "@metamask-previews/polling-controller": "13.0.0-preview-c3c4c63",
  "@metamask-previews/preferences-controller": "17.0.0-preview-c3c4c63",
  "@metamask-previews/profile-sync-controller": "11.0.0-preview-c3c4c63",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-c3c4c63",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-c3c4c63",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-c3c4c63",
  "@metamask-previews/sample-controllers": "0.0.0-preview-c3c4c63",
  "@metamask-previews/selected-network-controller": "22.0.0-preview-c3c4c63",
  "@metamask-previews/signature-controller": "27.0.0-preview-c3c4c63",
  "@metamask-previews/token-search-discovery-controller": "2.1.0-preview-c3c4c63",
  "@metamask-previews/transaction-controller": "52.0.0-preview-c3c4c63",
  "@metamask-previews/user-operation-controller": "31.0.0-preview-c3c4c63"
}

@matthewwalsh0 matthewwalsh0 force-pushed the feat/batch-validate-security branch from c3c4c63 to 7ecf950 Compare March 25, 2025 08:48
@matthewwalsh0
Copy link
Member Author

matthewwalsh0 commented Mar 25, 2025

@metamaskbot publish-preview

@github-actions
Copy link
Contributor

github-actions bot commented Mar 25, 2025

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions. 
{
  "@metamask-previews/accounts-controller": "27.0.0-preview-7ecf950",
  "@metamask-previews/address-book-controller": "6.0.3-preview-7ecf950",
  "@metamask-previews/announcement-controller": "7.0.3-preview-7ecf950",
  "@metamask-previews/approval-controller": "7.1.3-preview-7ecf950",
  "@metamask-previews/assets-controllers": "55.0.1-preview-7ecf950",
  "@metamask-previews/base-controller": "8.0.0-preview-7ecf950",
  "@metamask-previews/bridge-controller": "11.0.0-preview-7ecf950",
  "@metamask-previews/bridge-status-controller": "10.0.0-preview-7ecf950",
  "@metamask-previews/build-utils": "3.0.3-preview-7ecf950",
  "@metamask-previews/chain-agnostic-permission": "0.2.0-preview-7ecf950",
  "@metamask-previews/composable-controller": "11.0.0-preview-7ecf950",
  "@metamask-previews/controller-utils": "11.6.0-preview-7ecf950",
  "@metamask-previews/earn-controller": "0.10.0-preview-7ecf950",
  "@metamask-previews/eip1193-permission-middleware": "0.1.0-preview-7ecf950",
  "@metamask-previews/ens-controller": "16.0.0-preview-7ecf950",
  "@metamask-previews/eth-json-rpc-provider": "4.1.8-preview-7ecf950",
  "@metamask-previews/gas-fee-controller": "23.0.0-preview-7ecf950",
  "@metamask-previews/json-rpc-engine": "10.0.3-preview-7ecf950",
  "@metamask-previews/json-rpc-middleware-stream": "8.0.7-preview-7ecf950",
  "@metamask-previews/keyring-controller": "21.0.0-preview-7ecf950",
  "@metamask-previews/logging-controller": "6.0.4-preview-7ecf950",
  "@metamask-previews/message-manager": "12.0.1-preview-7ecf950",
  "@metamask-previews/multichain": "4.0.0-preview-7ecf950",
  "@metamask-previews/multichain-api-middleware": "0.1.1-preview-7ecf950",
  "@metamask-previews/multichain-network-controller": "0.3.0-preview-7ecf950",
  "@metamask-previews/multichain-transactions-controller": "0.8.0-preview-7ecf950",
  "@metamask-previews/name-controller": "8.0.3-preview-7ecf950",
  "@metamask-previews/network-controller": "23.1.0-preview-7ecf950",
  "@metamask-previews/notification-services-controller": "5.0.1-preview-7ecf950",
  "@metamask-previews/permission-controller": "11.0.6-preview-7ecf950",
  "@metamask-previews/permission-log-controller": "3.0.3-preview-7ecf950",
  "@metamask-previews/phishing-controller": "12.4.1-preview-7ecf950",
  "@metamask-previews/polling-controller": "13.0.0-preview-7ecf950",
  "@metamask-previews/preferences-controller": "17.0.0-preview-7ecf950",
  "@metamask-previews/profile-sync-controller": "11.0.0-preview-7ecf950",
  "@metamask-previews/queued-request-controller": "10.0.0-preview-7ecf950",
  "@metamask-previews/rate-limit-controller": "6.0.3-preview-7ecf950",
  "@metamask-previews/remote-feature-flag-controller": "1.6.0-preview-7ecf950",
  "@metamask-previews/sample-controllers": "0.0.0-preview-7ecf950",
  "@metamask-previews/selected-network-controller": "22.0.0-preview-7ecf950",
  "@metamask-previews/signature-controller": "27.0.0-preview-7ecf950",
  "@metamask-previews/token-search-discovery-controller": "2.1.0-preview-7ecf950",
  "@metamask-previews/transaction-controller": "52.1.0-preview-7ecf950",
  "@metamask-previews/user-operation-controller": "31.0.0-preview-7ecf950"
}

OGPoyraz
OGPoyraz previously approved these changes Mar 25, 2025
View reviewed changes
vinistevam
vinistevam previously approved these changes Mar 25, 2025
View reviewed changes
@matthewwalsh0 matthewwalsh0 force-pushed the feat/batch-validate-security branch from 7ecf950 to 785aec4 Compare March 25, 2025 11:26
@matthewwalsh0 matthewwalsh0 enabled auto-merge (squash) March 25, 2025 11:30
@matthewwalsh0 matthewwalsh0 merged commit 8d842b5 into main Mar 25, 2025
194 checks passed
@matthewwalsh0 matthewwalsh0 deleted the feat/batch-validate-security branch March 25, 2025 11:31
matthewwalsh0 added a commit that referenced this pull request Mar 25, 2025
@matthewwalsh0
feat: transaction batch security validation (#5526)
edcf5ae 
Support triggering security validation in the client while processing
transaction batches.

Specifically:

- Add `ValidateSecurityRequest` type.
- Add optional `validateSecurity` callback to `TransactionBatchRequest`
type.
- Add optional `securityAlertId` to `AddTransactionBatchRequest` type.
- Add optional `securityAlertId` to `SecurityAlertResponse` type.
- Call `validateSecurity` callback after generating EIP-7702
transaction.
- Include `delegationMock` if an EIP-7702 type 4 transaction.

Relates to [

See `CHANGELOG.md`.

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've highlighted breaking changes using the "BREAKING" category
above as appropriate
- [x] I've prepared draft pull requests for clients and consumer
packages to resolve any breaking changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vinistevam vinistevam vinistevam approved these changes

@OGPoyraz OGPoyraz Awaiting requested review from OGPoyraz

@pedronfigueiredo pedronfigueiredo Awaiting requested review from pedronfigueiredo

Assignees

No one assigned

Labels

team-confirmations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@matthewwalsh0 @OGPoyraz @pedronfigueiredo @vinistevam