Skip to content

Commit

Permalink
Skip blockaid validation for users internal accounts
Browse files Browse the repository at this point in the history
  • Loading branch information
@jpuri
jpuri committed Jul 8, 2024
1 parent b2cce87 commit 79ea9c5
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 1 deletion.
22 changes: 22 additions & 0 deletions app/lib/ppom/ppom-util.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ jest.mock('../../core/Engine', () => ({
providerConfig: { chainId: CHAIN_ID_MOCK },
},
},
AccountsController: {
state: {
internalAccounts: { accounts: [] },
},
listAccounts: () => [],
},
},
}));

Expand Down Expand Up @@ -110,6 +116,22 @@ describe('PPOM Utils', () => {
expect(spyTransactionAction).toBeCalledTimes(0);
});

it('should not validate if request is send to users own account ', async () => {
const spyTransactionAction = jest.spyOn(
TransactionActions,
'setTransactionSecurityAlertResponse',
);
MockEngine.context.PreferencesController.state.securityAlertsEnabled =
false;
MockEngine.context.AccountsController.listAccounts = () => [
{ address: '0x0c54FcCd2e384b4BB6f2E405Bf5Cbc15a017AaFb' },

Check failure on line 127 in app/lib/ppom/ppom-util.test.ts

View workflow job for this annotation

GitHub Actions / scripts (lint:tsc) 

Type '{ address: string; }' is not assignable to type 'InternalAccountTypes'.
];
await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
expect(MockEngine.context.PPOMController?.usePPOM).toBeCalledTimes(0);
expect(spyTransactionAction).toBeCalledTimes(0);
MockEngine.context.AccountsController.listAccounts = () => [];

Check failure on line 132 in app/lib/ppom/ppom-util.test.ts

View workflow job for this annotation

GitHub Actions / scripts (lint:tsc) 

Type '() => never[]' is not assignable to type '(() => InternalAccountTypes[]) & MockWithArgs<() => InternalAccountTypes[]> & {} & {}'.
});

it('should not validate user if on a non supporting blockaid network', async () => {
const spyTransactionAction = jest.spyOn(
TransactionActions,
Expand Down
21 changes: 20 additions & 1 deletion app/lib/ppom/ppom-util.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,13 @@ import {
} from './security-alerts-api';
import { PPOMController } from '@metamask/ppom-validator';

interface Params {
to: string;
}

export interface PPOMRequest {
method: string;
params: unknown[];
params: Params[];
origin?: string;
}

Expand Down Expand Up @@ -61,6 +65,7 @@ async function validateRequest(req: PPOMRequest, transactionId?: string) {
PPOMController: ppomController,
PreferencesController,
NetworkController,
AccountsController,
} = Engine.context;

const chainId = NetworkController.state.providerConfig.chainId;
Expand All @@ -80,6 +85,20 @@ async function validateRequest(req: PPOMRequest, transactionId?: string) {
return;
}

if (req.method === 'eth_sendTransaction') {
const internalAccounts = AccountsController.listAccounts();
const { to: toAddress } = req?.params?.[0] ?? {};

if (
internalAccounts.some(
({ address }: { address: string }) =>
address?.toLowerCase() === toAddress?.toLowerCase(),
)
) {
return;
}
}

const isTransaction = isTransactionRequest(req);
let securityAlertResponse: SecurityAlertResponse | undefined;

Expand Down

0 comments on commit 79ea9c5

Please sign in to comment.