-
-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request validation should not throw if verifyingContract is not defined in typed signature #328
Conversation
…ed in typed signature
} = parseTypedMessage(data); | ||
if (!isValidHexAddress(verifyingContract)) { | ||
const { domain: { verifyingContract } = {} } = parseTypedMessage(data); | ||
if (verifyingContract && !isValidHexAddress(verifyingContract)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it matter if verifyingContract
is an empty string?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An empty value will not throw error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @jiexi meant to ask should it throw an error.
I've just tested with v12.0.6 and it looks like an empty verifyingContract
was accepted though, so continuing to accept it sounds reasonable for now. It did trigger a blockaid warning on v12.0.6, but no crash, and I was able to sign it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Some test cleanup suggested, but the tests were already pretty messy to start with
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: It looks like we're testing the case where the domain
is in the type definition given for the message, but missing from the message itself. It would also be useful to test these cases:
- The type definition omits
verifyingContract
, anddomain
is missing from the message - The type definition includes
verifyingContract
, anddomain
is included in the message, butverifyingContract
is missing
const promise = pify(engine.handle).call(engine, payload); | ||
const result = await promise; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Unnecessary deferred Promise:
const promise = pify(engine.handle).call(engine, payload); | |
const result = await promise; | |
const result = await pify(engine.handle).call(engine, payload); |
const promise = pify(engine.handle).call(engine, payload); | ||
const result = await promise; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Unnecessary deferred Promise:
const promise = pify(engine.handle).call(engine, payload); | |
const result = await promise; | |
const result = await pify(engine.handle).call(engine, payload); |
const witnessedMsgParams: TypedMessageParams[] = []; | ||
const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { | ||
witnessedMsgParams.push(msgParams); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: This variable seems to serve no purpose:
const witnessedMsgParams: TypedMessageParams[] = []; | |
const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { | |
witnessedMsgParams.push(msgParams); | |
const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { |
const witnessedMsgParams: TypedMessageParams[] = []; | ||
const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { | ||
witnessedMsgParams.push(msgParams); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: This variable isn't used either
const witnessedMsgParams: TypedMessageParams[] = []; | |
const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { | |
witnessedMsgParams.push(msgParams); | |
const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { |
* origin/main: fix: change types signatures verifyingContract validation to allow 'cosmos' as address (#334) Update `main` with changes from v14.0.1 (#332) Request validation should not throw if verifyingContract is not defined in typed signature (#328) Add changelog entries for `#318` (#327) remove eth_sign (#320)
* Request validation should not throw if verifyingContract is not defined in typed signature (#328) (#330) * 14.0.1 (#331) * [14.x] fix: support ethermint's EIP712 implementation (#333) * setting cosmos as allowed string for verifyingContract field * fixed and linter * readability * Update condition to match main branch * Remove duplicate copy of test --------- Co-authored-by: Jyoti Puri <jyotipuri@gmail.com> Co-authored-by: Mark Stacey <markjstacey@gmail.com> * Version 14.0.2 (#339) * Version 14.0.2 * Fix typo Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --------- Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --------- Co-authored-by: Jyoti Puri <jyotipuri@gmail.com> Co-authored-by: Michael Tsitrin <114929630+mtsitrin@users.noreply.github.com> Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com>
MetaMask/metamask-extension#26908