Request validation should not throw if verifyingContract is not defined in typed signature #328
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ed in typed signature
matthewwalsh0
approved these changes
Sep 4, 2024
jiexi
reviewed
Sep 4, 2024
| } = parseTypedMessage(data); | ||
| if (!isValidHexAddress(verifyingContract)) { | ||
| const { domain: { verifyingContract } = {} } = parseTypedMessage(data); | ||
| if (verifyingContract && !isValidHexAddress(verifyingContract)) { |
There was a problem hiding this comment.
Does it matter if verifyingContract is an empty string?
There was a problem hiding this comment.
An empty value will not throw error.
There was a problem hiding this comment.
I think @jiexi meant to ask should it throw an error.
I've just tested with v12.0.6 and it looks like an empty verifyingContract was accepted though, so continuing to accept it sounds reasonable for now. It did trigger a blockaid warning on v12.0.6, but no crash, and I was able to sign it.
pedronfigueiredo
approved these changes
Sep 4, 2024
jiexi
approved these changes
Sep 4, 2024
Gudahtt
approved these changes
Sep 4, 2024
There was a problem hiding this comment.
Nit: It looks like we're testing the case where the domain is in the type definition given for the message, but missing from the message itself. It would also be useful to test these cases:
- The type definition omits
verifyingContract, anddomainis missing from the message - The type definition includes
verifyingContract, anddomainis included in the message, butverifyingContractis missing
Comment on lines
+470
to
+471
| const promise = pify(engine.handle).call(engine, payload); | ||
| const result = await promise; |
There was a problem hiding this comment.
Nit: Unnecessary deferred Promise:
Suggested change
| const promise = pify(engine.handle).call(engine, payload); | |
| const result = await promise; | |
| const result = await pify(engine.handle).call(engine, payload); |
Comment on lines
+591
to
+592
| const promise = pify(engine.handle).call(engine, payload); | ||
| const result = await promise; |
There was a problem hiding this comment.
Nit: Unnecessary deferred Promise:
Suggested change
| const promise = pify(engine.handle).call(engine, payload); | |
| const result = await promise; | |
| const result = await pify(engine.handle).call(engine, payload); |
Comment on lines
+439
to
+441
| const witnessedMsgParams: TypedMessageParams[] = []; | ||
| const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { | ||
| witnessedMsgParams.push(msgParams); |
There was a problem hiding this comment.
Nit: This variable seems to serve no purpose:
Suggested change
| const witnessedMsgParams: TypedMessageParams[] = []; | |
| const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { | |
| witnessedMsgParams.push(msgParams); | |
| const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { |
Comment on lines
+575
to
+577
| const witnessedMsgParams: TypedMessageParams[] = []; | ||
| const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { | ||
| witnessedMsgParams.push(msgParams); |
There was a problem hiding this comment.
Nit: This variable isn't used either
Suggested change
| const witnessedMsgParams: TypedMessageParams[] = []; | |
| const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { | |
| witnessedMsgParams.push(msgParams); | |
| const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { |
Gudahtt
added a commit
that referenced
this pull request
Sep 6, 2024
Gudahtt
added a commit
that referenced
this pull request
Oct 2, 2024
* origin/main: fix: change types signatures verifyingContract validation to allow 'cosmos' as address (#334) Update `main` with changes from v14.0.1 (#332) Request validation should not throw if verifyingContract is not defined in typed signature (#328) Add changelog entries for `#318` (#327) remove eth_sign (#320)
Gudahtt
added a commit
that referenced
this pull request
Oct 2, 2024
* Request validation should not throw if verifyingContract is not defined in typed signature (#328) (#330) * 14.0.1 (#331) * [14.x] fix: support ethermint's EIP712 implementation (#333) * setting cosmos as allowed string for verifyingContract field * fixed and linter * readability * Update condition to match main branch * Remove duplicate copy of test --------- Co-authored-by: Jyoti Puri <jyotipuri@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * Version 14.0.2 (#339) * Version 14.0.2 * Fix typo Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --------- Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --------- Co-authored-by: Jyoti Puri <jyotipuri@gmail.com> Co-authored-by: Michael Tsitrin <114929630+mtsitrin@users.noreply.github.com> Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
MetaMask/metamask-extension#26908