deploy: d4b5abb

MetaMask · Jul 17, 2024 · 2590dc2 · 2590dc2
1 parent e593f13
commit 2590dc2
Show file tree

Hide file tree

Showing 18 changed files with 2,879 additions and 0 deletions.
diff --git a/v3.0.4/bundle.js b/v3.0.4/bundle.js
diff --git a/v3.0.4/bundle.js.map b/v3.0.4/bundle.js.map
diff --git a/v3.0.4/design-tokens.css b/v3.0.4/design-tokens.css
diff --git a/v3.0.4/favicon.ico b/v3.0.4/favicon.ico
diff --git a/v3.0.4/fonts/EuclidCircularB-Bold-WebXL.ttf b/v3.0.4/fonts/EuclidCircularB-Bold-WebXL.ttf
diff --git a/v3.0.4/fonts/EuclidCircularB-Regular-WebXL.ttf b/v3.0.4/fonts/EuclidCircularB-Regular-WebXL.ttf
diff --git a/v3.0.4/fonts/EuclidCircularB-RegularItalic-WebXL.ttf b/v3.0.4/fonts/EuclidCircularB-RegularItalic-WebXL.ttf
diff --git a/v3.0.4/index.css b/v3.0.4/index.css
@@ -0,0 +1,165 @@
+@font-face {
+  font-family: 'Euclid';
+  font-style: normal;
+  font-weight: 400;
+  src: url('fonts/EuclidCircularB-Regular-WebXL.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Euclid';
+  font-style: italic;
+  font-weight: 400;
+  src: url('fonts/EuclidCircularB-RegularItalic-WebXL.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Euclid';
+  font-style: normal;
+  font-weight: 700;
+  src: url('fonts/EuclidCircularB-Bold-WebXL.ttf') format('truetype');
+}
+
+* {
+  margin: 0;
+  padding: 0;
+  box-sizing: border-box;
+}
+
+html {
+  height: 100%;
+}
+
+body {
+  background-color: var(--color-error-alternative);
+  height: 100%;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-family: var(--typography-s-body-md-font-family);
+  font-weight: var(--typography-s-body-md-font-weight);
+  font-size: var(--typography-s-body-md-font-size);
+  line-height: var(--typography-s-body-md-line-height);
+  letter-spacing: var(--typography-s-body-md-letter-spacing);
+  color: var(--color-error-inverse);
+}
+
+@media screen and (min-width: 768px) {
+  body {
+    font-family: var(--typography-l-body-md-font-family);
+    font-weight: var(--typography-l-body-md-font-weight);
+    font-size: var(--typography-l-body-md-font-size);
+    line-height: var(--typography-l-body-md-line-height);
+    letter-spacing: var(--typography-l-body-md-letter-spacing);
+  }
+}
+
+.heading-lg {
+  font-family: var(--typography-s-heading-lg-font-family);
+  font-weight: var(--typography-s-heading-lg-font-weight);
+  font-size: var(--typography-s-heading-lg-font-size);
+  line-height: var(--typography-s-heading-lg-line-height);
+  letter-spacing: var(--typography-s-heading-lg-letter-spacing);
+}
+
+@media screen and (min-width: 768px) {
+  .heading-lg {
+    font-family: var(--typography-l-heading-lg-font-family);
+    font-weight: var(--typography-l-heading-lg-font-weight);
+    font-size: var(--typography-l-heading-lg-font-size);
+    line-height: var(--typography-l-heading-lg-line-height);
+    letter-spacing: var(--typography-l-heading-lg-letter-spacing);
+  }
+}
+
+a {
+  text-decoration: underline;
+  color: var(--color-error-inverse);
+  cursor: pointer;
+}
+
+ul {
+  padding-left: 32px;
+}
+
+.button-secondary {
+  color: var(--color-primary-default);
+  background: var(--color-background-default);
+  border: 1px solid var(--color-primary-default);
+  padding-right: 16px;
+  padding-left: 16px;
+  border-radius: 9999px;
+  height: 48px;
+  display: flex;
+  align-items: center;
+  margin-top: 48px;
+  font-family: var(--typography-s-body-md-font-family);
+  font-weight: var(--typography-s-body-md-font-weight);
+  font-size: var(--typography-s-body-md-font-size);
+  line-height: var(--typography-s-body-md-line-height);
+  letter-spacing: var(--typography-s-body-md-letter-spacing);
+  cursor: pointer;
+  margin-left: auto;
+}
+
+@media screen and (min-width: 768px) {
+  .button-secondary {
+    font-family: var(--typography-l-body-md-font-family);
+    font-weight: var(--typography-l-body-md-font-weight);
+    font-size: var(--typography-l-body-md-font-size);
+    line-height: var(--typography-l-body-md-line-height);
+    letter-spacing: var(--typography-l-body-md-letter-spacing);
+  }
+}
+
+.button-secondary:hover {
+  color: var(--color-primary-inverse);
+  background-color: var(--color-primary-default);
+  box-shadow: var(--component-button-primary-shadow);
+}
+
+.button-secondary:active {
+  color: var(--color-primary-inverse);
+  background-color: var(--color-primary-alternative);
+  border-color: var(--color-primary-alternative);
+}
+
+.content {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  max-width: 700px;
+  padding: 24px;
+}
+
+.content__header {
+  display: flex;
+  flex-direction: column;
+  width: 100%;
+  margin-bottom: 16px;
+}
+
+.content__header h1 {
+  font-family: var(--typography-s-heading-lg-font-family);
+  font-weight: var(--typography-s-heading-lg-font-weight);
+  font-size: var(--typography-s-heading-lg-font-size);
+  line-height: var(--typography-s-heading-lg-line-height);
+  letter-spacing: var(--typography-s-heading-lg-letter-spacing);
+}
+
+@media screen and (min-width: 768px) {
+  .content__header h1 {
+    font-family: var(--typography-l-heading-lg-font-family);
+    font-weight: var(--typography-l-heading-lg-font-weight);
+    font-size: var(--typography-l-heading-lg-font-size);
+    line-height: var(--typography-l-heading-lg-line-height);
+    letter-spacing: var(--typography-l-heading-lg-letter-spacing);
+  }
+}
+
+.content__header svg {
+  fill: var(--color-error-inverse);
+  width: 64px;
+  height: 64px;
+  margin-bottom: 24px;
+}
diff --git a/v3.0.4/index.html b/v3.0.4/index.html
@@ -0,0 +1,82 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <style id="antiClickjack">
+      #content__body {
+        display: none !important;
+      }
+    </style>
+    <script type="text/javascript">
+      if (self === top) {
+        document.getElementById('antiClickjack').innerHTML =
+          '#content__framed-body { display: none !important; }';
+      }
+    </script>
+    <title>MetaMask Phishing Detection</title>
+    <script
+      src="./lockdown-install.js"
+      type="text/javascript"
+      charset="utf-8"
+    ></script>
+    <script
+      src="./lockdown-run.js"
+      type="text/javascript"
+      charset="utf-8"
+    ></script>
+    <script
+      src="./lockdown-more.js"
+      type="text/javascript"
+      charset="utf-8"
+    ></script>
+    <script
+      src="./bundle.js"
+      type="text/javascript"
+      charset="utf-8"
+    ></script>
+    <link rel="stylesheet" type="text/css" href="./design-tokens.css">
+    <link rel="stylesheet" type="text/css" href="./index.css">
+    <link rel="icon" href="./favicon.ico" sizes="any"><!-- 32×32 -->
+    <link rel="icon" href="./metamask-fox.svg" type="image/svg+xml">
+  </head>
+  <body>
+    <div class="content">
+      <div class="content__header">
+        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Pro 6.2.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license (Commercial License) Copyright 2022 Fonticons, Inc. -->
+          <path d="M256 32c14.2 0 27.3 7.5 34.5 19.8l216 368c7.3 12.4 7.3 27.7 .2 40.1S486.3 480 472 480H40c-14.3 0-27.6-7.7-34.7-20.1s-7-27.8 .2-40.1l216-368C228.7 39.5 241.8 32 256 32zm0 128c-13.3 0-24 10.7-24 24V296c0 13.3 10.7 24 24 24s24-10.7 24-24V184c0-13.3-10.7-24-24-24zm32 224c0-17.7-14.3-32-32-32s-32 14.3-32 32s14.3 32 32 32s32-14.3 32-32z"/>
+        </svg>
+        <h1>
+          Deceptive site ahead
+        </h1>
+      </div>
+      <div id="content__body" class="content__body">
+        <p>
+          MetaMask flagged the site you're trying to visit as potentially deceptive. Attackers may trick you into doing something dangerous. <a id="csdbLink" rel="noopener" href='https://cryptoscamdb.org/search' target='_blank'>Learn more</a>
+        </p>
+      </br>
+        <p>Potential threats on <span id="suspect-link"></span> include:
+          <ul>
+            <li>Fake versions of MetaMask</li>
+            <li>Secret Recovery Phrase or password theft</li>
+            <li>Malicious transactions resulting in stolen assets </li>
+          </ul>
+        </p>
+      </br>
+        <p>Advisory provided by multiple sources, including <span id="detection-repo">Ethereum Phishing Detector, SEAL, ChainPatrol, and PhishFort.</span>.</p>
+      </br>
+      </br>
+        <p>If we're flagging a legitimate website, please <a id="new-issue-link" href="#">report a detection problem.</a></p>
+        <p>If you understand the risks and still want to proceed, you can <a id="unsafe-continue">continue to the site.</a></p>
+        <button class="button-secondary" type="submit" id="back-to-safety">Back to safety</button>
+      </div>
+      <div id="content__framed-body" class="content__framed-body">
+        <p>
+          MetaMask flagged the site you're trying to visit as potentially deceptive. Attackers may trick you into doing something dangerous.
+        </p>
+        <p>
+          <a id="open-self-in-new-tab" target="_blank">Open this warning in a new tab</a> for more information
+          on why this domain is blocked, and how to continue at your own risk.
+        </p>
+      </div>
+    </div>
+  </body>
+</html>
diff --git a/v3.0.4/lockdown-install.js b/v3.0.4/lockdown-install.js
diff --git a/v3.0.4/lockdown-more.js b/v3.0.4/lockdown-more.js
@@ -0,0 +1,93 @@
+// copied from `metamask-extension` v10.13.0
+
+// Make all "object" and "function" own properties of globalThis
+// non-configurable and non-writable, when possible.
+// We call a property that is non-configurable and non-writable,
+// "non-modifiable".
+try {
+  /**
+   * `lockdown` only hardens the properties enumerated by the
+   * universalPropertyNames constant specified in 'ses/src/whitelist'. This
+   * function makes all function and object properties on the start compartment
+   * global non-configurable and non-writable, unless they are already
+   * non-configurable.
+   *
+   * It is critical that this function runs at the right time during
+   * initialization, which should always be immediately after `lockdown` has been
+   * called. At the time of writing, the modifications this function makes to the
+   * runtime environment appear to be non-breaking, but that could change with
+   * the addition of dependencies, or the order of our scripts in our HTML files.
+   * Exercise caution.
+   *
+   * See inline comments for implementation details.
+   *
+   * We write this function in IIFE format to avoid polluting global scope.
+   */
+  (function protectIntrinsics() {
+    const namedIntrinsics = Reflect.ownKeys(new Compartment().globalThis);
+
+    // These named intrinsics are not automatically hardened by `lockdown`
+    const shouldHardenManually = new Set(['eval', 'Function']);
+
+    const globalProperties = new Set([
+      // universalPropertyNames is a constant added by lockdown to global scope
+      // at the time of writing, it is initialized in 'ses/src/whitelist'.
+      // These properties tend to be non-enumerable.
+      ...namedIntrinsics,
+
+      // TODO: Also include the named platform globals
+      // This grabs every enumerable property on globalThis.
+      // ...Object.keys(globalThis),
+    ]);
+
+    globalProperties.forEach((propertyName) => {
+      const descriptor = Reflect.getOwnPropertyDescriptor(
+        globalThis,
+        propertyName,
+      );
+
+      if (descriptor) {
+        if (descriptor.configurable) {
+          // If the property on globalThis is configurable, make it
+          // non-configurable. If it has no accessor properties, also make it
+          // non-writable.
+          if (hasAccessor(descriptor)) {
+            Object.defineProperty(globalThis, propertyName, {
+              configurable: false,
+            });
+          } else {
+            Object.defineProperty(globalThis, propertyName, {
+              configurable: false,
+              writable: false,
+            });
+          }
+        }
+
+        if (shouldHardenManually.has(propertyName)) {
+          harden(globalThis[propertyName]);
+        }
+      }
+    });
+
+    /**
+     * Checks whether the given propertyName descriptor has any accessors, i.e. the
+     * properties `get` or `set`.
+     *
+     * We want to make globals non-writable, and we can't set the `writable`
+     * property and accessor properties at the same time.
+     *
+     * @param {Object} descriptor - The propertyName descriptor to check.
+     * @returns {boolean} Whether the propertyName descriptor has any accessors.
+     */
+    function hasAccessor(descriptor) {
+      return 'set' in descriptor || 'get' in descriptor;
+    }
+  })();
+} catch (error) {
+  console.error('Protecting intrinsics failed:', error);
+  if (globalThis.sentry && globalThis.sentry.captureException) {
+    globalThis.sentry.captureException(
+      new Error(`Protecting intrinsics failed: ${error.message}`),
+    );
+  }
+}
diff --git a/v3.0.4/lockdown-run.js b/v3.0.4/lockdown-run.js
@@ -0,0 +1,25 @@
+// copied from `metamask-extension` v10.13.0
+
+// Freezes all intrinsics
+try {
+  // eslint-disable-next-line no-undef,import/unambiguous
+  lockdown({
+    consoleTaming: 'unsafe',
+    errorTaming: 'unsafe',
+    mathTaming: 'unsafe',
+    dateTaming: 'unsafe',
+    domainTaming: 'unsafe',
+    overrideTaming: 'severe',
+  });
+} catch (error) {
+  // If the `lockdown` call throws an exception, it interferes with the
+  // contentscript injection on some versions of Firefox. The error is
+  // caught and logged here so that the contentscript still gets injected.
+  // This affects Firefox v56 and Waterfox Classic.
+  console.error('Lockdown failed:', error);
+  if (globalThis.sentry && globalThis.sentry.captureException) {
+    globalThis.sentry.captureException(
+      new Error(`Lockdown failed: ${error.message}`),
+    );
+  }
+}
diff --git a/v3.0.4/manifest.webmanifest b/v3.0.4/manifest.webmanifest
@@ -0,0 +1,6 @@
+{
+  "icons": [
+    { "src": "/icon-192.png", "type": "image/png", "sizes": "192x192" },
+    { "src": "/icon-512.png", "type": "image/png", "sizes": "512x512" }
+  ]
+}
diff --git a/v3.0.4/metamask-fox.svg b/v3.0.4/metamask-fox.svg
diff --git a/v3.0.4/service-worker.js b/v3.0.4/service-worker.js
diff --git a/v3.0.4/service-worker.js.map b/v3.0.4/service-worker.js.map