From 68103ac7a5710aa8a0d151c0729e0392d6c63827 Mon Sep 17 00:00:00 2001 From: Jyoti Puri Date: Wed, 4 Sep 2024 23:04:19 +0530 Subject: [PATCH 1/4] Request validation should not throw if verifyingContract is not defined in typed signature (#328) (#330) --- src/wallet.test.ts | 73 ++++++++++++++++++++++++++++++++++++++++++++++ src/wallet.ts | 6 ++-- 2 files changed, 75 insertions(+), 4 deletions(-) diff --git a/src/wallet.test.ts b/src/wallet.test.ts index 9a8e783c..a58efb81 100644 --- a/src/wallet.test.ts +++ b/src/wallet.test.ts @@ -432,6 +432,50 @@ describe('wallet', () => { const promise = pify(engine.handle).call(engine, payload); await expect(promise).rejects.toThrow('Invalid input.'); }); + + it('should not throw if verifyingContract is undefined', async () => { + const { engine } = createTestSetup(); + const getAccounts = async () => testAddresses.slice(); + const witnessedMsgParams: TypedMessageParams[] = []; + const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { + witnessedMsgParams.push(msgParams); + // Assume testMsgSig is the expected signature result + return testMsgSig; + }; + + engine.push( + createWalletMiddleware({ getAccounts, processTypedMessageV3 }), + ); + + const message = { + types: { + EIP712Domain: [ + { name: 'name', type: 'string' }, + { name: 'version', type: 'string' }, + { name: 'chainId', type: 'uint256' }, + { name: 'verifyingContract', type: 'address' }, + ], + }, + primaryType: 'EIP712Domain', + message: {}, + }; + + const stringifiedMessage = JSON.stringify(message); + + const payload = { + method: 'eth_signTypedData_v3', + params: [testAddresses[0], stringifiedMessage], // Assuming testAddresses[0] is a valid address from your setup + }; + + const promise = pify(engine.handle).call(engine, payload); + const result = await promise; + expect(result).toStrictEqual({ + id: undefined, + jsonrpc: undefined, + result: + '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', + }); + }); }); describe('signTypedDataV4', () => { @@ -524,6 +568,35 @@ describe('wallet', () => { const promise = pify(engine.handle).call(engine, payload); await expect(promise).rejects.toThrow('Invalid input.'); }); + + it('should not throw if request is permit with undefined value for verifyingContract address', async () => { + const { engine } = createTestSetup(); + const getAccounts = async () => testAddresses.slice(); + const witnessedMsgParams: TypedMessageParams[] = []; + const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { + witnessedMsgParams.push(msgParams); + // Assume testMsgSig is the expected signature result + return testMsgSig; + }; + + engine.push( + createWalletMiddleware({ getAccounts, processTypedMessageV4 }), + ); + + const payload = { + method: 'eth_signTypedData_v4', + params: [testAddresses[0], JSON.stringify(getMsgParams())], + }; + + const promise = pify(engine.handle).call(engine, payload); + const result = await promise; + expect(result).toStrictEqual({ + id: undefined, + jsonrpc: undefined, + result: + '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', + }); + }); }); describe('sign', () => { diff --git a/src/wallet.ts b/src/wallet.ts index db8eee6c..45b4951d 100644 --- a/src/wallet.ts +++ b/src/wallet.ts @@ -499,10 +499,8 @@ WalletMiddlewareOptions): JsonRpcMiddleware { * @param data - The data passed in typedSign request. */ function validateVerifyingContract(data: string) { - const { - domain: { verifyingContract }, - } = parseTypedMessage(data); - if (!isValidHexAddress(verifyingContract)) { + const { domain: { verifyingContract } = {} } = parseTypedMessage(data); + if (verifyingContract && !isValidHexAddress(verifyingContract)) { throw rpcErrors.invalidInput(); } } From 7bce6e81a22b12e83e1944996d14832434356631 Mon Sep 17 00:00:00 2001 From: Jyoti Puri Date: Wed, 4 Sep 2024 23:25:30 +0530 Subject: [PATCH 2/4] 14.0.1 (#331) --- CHANGELOG.md | 7 ++++++- package.json | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e45bcd5..5f84f36f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [14.0.1] +### Fixed +- Request validation should not throw if verifyingContract is not defined in typed signature ([#328](https://github.com/MetaMask/eth-json-rpc-middleware/pull/328)) + ## [14.0.0] ### Changed - **BREAKING:** Adapt to EIP-1193 provider changes by replacing the deprecated `sendAsync` method with the `request` method ([#317](https://github.com/MetaMask/eth-json-rpc-middleware/pull/317)) @@ -196,7 +200,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `json-rpc-engine@5.3.0` ([#53](https://github.com/MetaMask/eth-json-rpc-middleware/pull/53)) - `eth-rpc-errors@3.0.0` ([#55](https://github.com/MetaMask/eth-json-rpc-middleware/pull/55)) -[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.1...HEAD +[14.0.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...v14.0.1 [14.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v13.0.0...v14.0.0 [13.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.2...v13.0.0 [12.1.2]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.1...v12.1.2 diff --git a/package.json b/package.json index dbe4e495..54125b6b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/eth-json-rpc-middleware", - "version": "14.0.0", + "version": "14.0.1", "description": "Ethereum-related json-rpc-engine middleware.", "repository": { "type": "git", From eac3ad7d87addc46f5db70d4a155d93584628679 Mon Sep 17 00:00:00 2001 From: Michael Tsitrin <114929630+mtsitrin@users.noreply.github.com> Date: Wed, 2 Oct 2024 15:45:53 +0300 Subject: [PATCH 3/4] [14.x] fix: support ethermint's EIP712 implementation (#333) * setting cosmos as allowed string for verifyingContract field * fixed and linter * readability * Update condition to match main branch * Remove duplicate copy of test --------- Co-authored-by: Jyoti Puri Co-authored-by: Mark Stacey --- src/wallet.test.ts | 29 +++++++++++++++++++++++++++++ src/wallet.ts | 12 +++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/src/wallet.test.ts b/src/wallet.test.ts index a58efb81..27cd1fa8 100644 --- a/src/wallet.test.ts +++ b/src/wallet.test.ts @@ -597,6 +597,35 @@ describe('wallet', () => { '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', }); }); + + it('should not throw if request is permit with verifyingContract address equal to "cosmos"', async () => { + const { engine } = createTestSetup(); + const getAccounts = async () => testAddresses.slice(); + const witnessedMsgParams: TypedMessageParams[] = []; + const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { + witnessedMsgParams.push(msgParams); + // Assume testMsgSig is the expected signature result + return testMsgSig; + }; + + engine.push( + createWalletMiddleware({ getAccounts, processTypedMessageV4 }), + ); + + const payload = { + method: 'eth_signTypedData_v4', + params: [testAddresses[0], JSON.stringify(getMsgParams('cosmos'))], + }; + + const promise = pify(engine.handle).call(engine, payload); + const result = await promise; + expect(result).toStrictEqual({ + id: undefined, + jsonrpc: undefined, + result: + '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', + }); + }); }); describe('sign', () => { diff --git a/src/wallet.ts b/src/wallet.ts index 45b4951d..445e5e80 100644 --- a/src/wallet.ts +++ b/src/wallet.ts @@ -497,10 +497,20 @@ WalletMiddlewareOptions): JsonRpcMiddleware { * Validates verifyingContract of typedSignMessage. * * @param data - The data passed in typedSign request. + * This function allows the verifyingContract to be either: + * - A valid hex address + * - The string "cosmos" (as it is hard-coded in some Cosmos ecosystem's EVM adapters) + * - An empty string */ function validateVerifyingContract(data: string) { const { domain: { verifyingContract } = {} } = parseTypedMessage(data); - if (verifyingContract && !isValidHexAddress(verifyingContract)) { + // Explicit check for cosmos here has been added to address this issue + // https://github.com/MetaMask/eth-json-rpc-middleware/issues/new + if ( + verifyingContract && + (verifyingContract as string) !== 'cosmos' && + !isValidHexAddress(verifyingContract) + ) { throw rpcErrors.invalidInput(); } } From 48218dc7f37699e5c11e9e2f63122ad423fa65dc Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Wed, 2 Oct 2024 10:50:19 -0230 Subject: [PATCH 4/4] Version 14.0.2 (#339) * Version 14.0.2 * Fix typo Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --------- Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --- CHANGELOG.md | 8 +++++++- package.json | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f84f36f..4f7aed46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [14.0.2] +### Fixed +- Allow the string "cosmos" in the "verifyingContract" field of EIP-712 signatures ([#333](https://github.com/MetaMask/eth-json-rpc-middleware/pull/333)) + - This change was made to support Ethermint's EIP-712 implementation, which was broken by validation added in v14.0.0 + ## [14.0.1] ### Fixed - Request validation should not throw if verifyingContract is not defined in typed signature ([#328](https://github.com/MetaMask/eth-json-rpc-middleware/pull/328)) @@ -200,7 +205,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `json-rpc-engine@5.3.0` ([#53](https://github.com/MetaMask/eth-json-rpc-middleware/pull/53)) - `eth-rpc-errors@3.0.0` ([#55](https://github.com/MetaMask/eth-json-rpc-middleware/pull/55)) -[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.1...HEAD +[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.2...HEAD +[14.0.2]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.1...v14.0.2 [14.0.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...v14.0.1 [14.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v13.0.0...v14.0.0 [13.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.2...v13.0.0 diff --git a/package.json b/package.json index 54125b6b..2a2b7595 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/eth-json-rpc-middleware", - "version": "14.0.1", + "version": "14.0.2", "description": "Ethereum-related json-rpc-engine middleware.", "repository": { "type": "git",