Skip to content

fix: validate EIP-5792 requests using PPOM #31231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 26, 2025
Merged

fix: validate EIP-5792 requests using PPOM #31231

merged 5 commits into from
Mar 26, 2025

Conversation

@matthewwalsh0
Copy link
Member

@matthewwalsh0 matthewwalsh0 commented Mar 23, 2025
edited
Loading

Description

Validate security for all EIP-5792 requests.

Specifically:

  • Use the new validateSecurity callback in the addTransactionBatch controller method.
  • Bump @metamask/transaction-controller to ^52.2.0.
  • Fix E2E tests due to version change.

Open in GitHub Codespaces

Related issues

Fixes: #31263

Manual testing steps

See issue.

Screenshots/Recordings

Before

After

Pre-merge author checklist

Pre-merge reviewer checklist

  • I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
  • I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

@metamaskbot metamaskbot added the team-confirmations Push issues to confirmations team label Mar 23, 2025
@socket-security
Copy link

socket-security bot commented Mar 23, 2025
edited
Loading

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@metamask/transaction-controller@52.1.052.2.0 None 0 2.59 MB metamaskbot

View full report↗︎

@matthewwalsh0 matthewwalsh0 marked this pull request as ready for review March 25, 2025 09:01
@matthewwalsh0 matthewwalsh0 mentioned this pull request Mar 25, 2025
Merged
7 tasks
matthewwalsh0 added a commit that referenced this pull request Mar 25, 2025
@matthewwalsh0
fix (cherry-pick): validate EIP-5792 requests using PPOM (#31231) (#3…
efb6446 
…1291)

## **Description**

Cherry-pick of #31231 for `12.15.0`.

Using patch as `@metamask/transaction-controller` release includes
unrelated changes.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/31291?quickstart=1)

## **Related issues**

## **Manual testing steps**

## **Screenshots/Recordings**

### **Before**

### **After**

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
jpuri
jpuri previously approved these changes Mar 26, 2025
View reviewed changes
@matthewwalsh0 matthewwalsh0 dismissed stale reviews from pedronfigueiredo and jpuri via 1dbc631 March 26, 2025 10:23
@matthewwalsh0 matthewwalsh0 enabled auto-merge March 26, 2025 10:23
@metamaskbot
Copy link
Collaborator

metamaskbot commented Mar 26, 2025

Builds ready [2b031fc]
Page Load Metrics (3248 ± 1310 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint54614009291526131255
domContentLoaded174513087269424061155
load187514824324827281310
domInteractive30246514723
backgroundConnect1511775575443213
firstReactRender4264911912661
getState3359821617886
initialActions01000
loadScripts127311477199221811047
setupStore221285156275132
uiStartup248918524589640901964
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 417 Bytes (0.01%)
  • ui: 0 Bytes (0.00%)
  • common: 9.05 KiB (0.09%)

@matthewwalsh0 matthewwalsh0 added this pull request to the merge queue Mar 26, 2025
Merged via the queue into main with commit 7acea0e Mar 26, 2025
147 checks passed
@matthewwalsh0 matthewwalsh0 deleted the fix/ppom-eip-5792 branch March 26, 2025 12:35
@github-actions github-actions bot locked and limited conversation to collaborators Mar 26, 2025
@metamaskbot metamaskbot added the release-12.16.0 Issue or pull request that will be included in release 12.16.0 label Mar 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@pedronfigueiredo pedronfigueiredo pedronfigueiredo approved these changes

@vinistevam vinistevam vinistevam approved these changes

@jpuri jpuri Awaiting requested review from jpuri

Assignees

No one assigned

Labels

release-12.16.0 Issue or pull request that will be included in release 12.16.0 team-confirmations Push issues to confirmations team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: No PPOM validation for EIP-5792 requests

6 participants

@matthewwalsh0 @metamaskbot @jpuri @pedronfigueiredo @vinistevam