Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into sync-v14-main
Browse files Browse the repository at this point in the history
* origin/main:
  fix: change types signatures verifyingContract validation to allow 'cosmos' as address (#334)
  Update `main` with changes from v14.0.1 (#332)
  Request validation should not throw if verifyingContract is not defined in typed signature (#328)
  Add changelog entries for `#318` (#327)
  remove eth_sign (#320)
  • Loading branch information
Gudahtt committed Oct 2, 2024
2 parents 48218dc + 7fbac8b commit 568232d
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 36 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Bump `@metamask/rpc-errors` from `^6.0.0` to `^6.3.1` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
- Bump `@metamask/utils` from `^8.1.0` to `^9.1.0` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))

### Security
- **BREAKING:** Typed signature validation only replaces `0X` prefix with `0x`, and contract address normalization is removed for decimal and octal values ([#318](https://github.com/MetaMask/eth-json-rpc-middleware/pull/318))
- Threat actors have been manipulating `eth_signTypedData_v4` fields to cause failures in blockaid's detectors.
- Extension crashes with an error when performing Malicious permit with a non-0x prefixed integer address.
- This fixes an issue where the key value row or petname component disappears if a signed address is prefixed by "0X" instead of "0x".

## [13.0.0]
### Changed
- **BREAKING**: Drop support for Node.js v16; add support for Node.js v20, v22 ([#312](https://github.com/MetaMask/eth-json-rpc-middleware/pull/312))
Expand Down
36 changes: 0 additions & 36 deletions src/wallet.ts
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,6 @@ export interface WalletMiddlewareOptions {
address: string,
req: JsonRpcRequest,
) => Promise<string>;
processEthSignMessage?: (
msgParams: MessageParams,
req: JsonRpcRequest,
) => Promise<string>;
processPersonalMessage?: (
msgParams: MessageParams,
req: JsonRpcRequest,
Expand Down Expand Up @@ -92,7 +88,6 @@ export function createWalletMiddleware({
getAccounts,
processDecryptMessage,
processEncryptionPublicKey,
processEthSignMessage,
processPersonalMessage,
processTransaction,
processSignTransaction,
Expand All @@ -113,7 +108,6 @@ WalletMiddlewareOptions): JsonRpcMiddleware<any, Block> {
eth_sendTransaction: createAsyncMiddleware(sendTransaction),
eth_signTransaction: createAsyncMiddleware(signTransaction),
// message signatures
eth_sign: createAsyncMiddleware(ethSign),
eth_signTypedData: createAsyncMiddleware(signTypedData),
eth_signTypedData_v3: createAsyncMiddleware(signTypedDataV3),
eth_signTypedData_v4: createAsyncMiddleware(signTypedDataV4),
Expand Down Expand Up @@ -195,36 +189,6 @@ WalletMiddlewareOptions): JsonRpcMiddleware<any, Block> {
//
// message signatures
//

async function ethSign(
req: JsonRpcRequest,
res: PendingJsonRpcResponse<Json>,
): Promise<void> {
if (!processEthSignMessage) {
throw rpcErrors.methodNotSupported();
}
if (
!req?.params ||
!Array.isArray(req.params) ||
!(req.params.length >= 2)
) {
throw rpcErrors.invalidInput();
}

const params = req.params as [string, string, Record<string, string>?];
const address: string = await validateAndNormalizeKeyholder(params[0], req);
const message = params[1];
const extraParams = params[2] || {};
const msgParams: MessageParams = {
...extraParams,
from: address,
data: message,
signatureMethod: 'eth_sign',
};

res.result = await processEthSignMessage(msgParams, req);
}

async function signTypedData(
req: JsonRpcRequest,
res: PendingJsonRpcResponse<Json>,
Expand Down

0 comments on commit 568232d

Please sign in to comment.