Skip to content

Commit

Permalink
Merge pull request #29484 from MetaMask/cp-Version-v12.10.0-merge-mas…
Browse files Browse the repository at this point in the history
…ter1

Merge master into v12.10.0
  • Loading branch information
danjm authored Jan 7, 2025
2 parents 8a06843 + e665f5e commit 136b5a8
Show file tree
Hide file tree
Showing 16 changed files with 511 additions and 34 deletions.
61 changes: 61 additions & 0 deletions .yarn/patches/@metamask-assets-controllers-patch-d6ed5f8213.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
diff --git a/dist/multicall.cjs b/dist/multicall.cjs
index bf9aa5e86573fc1651f421cc0b64f5af121c3ab2..43a0531ed86cd3ee1774dcda3f990dd40f7f52de 100644
--- a/dist/multicall.cjs
+++ b/dist/multicall.cjs
@@ -342,9 +342,22 @@ const multicallOrFallback = async (calls, chainId, provider, maxCallsPerMultical
return [];
}
const multicallAddress = MULTICALL_CONTRACT_BY_CHAINID[chainId];
- return await (multicallAddress
- ? multicall(calls, multicallAddress, provider, maxCallsPerMulticall)
- : fallback(calls, maxCallsParallel));
+ if (multicallAddress) {
+ try {
+ return await multicall(calls, multicallAddress, provider, maxCallsPerMulticall);
+ }
+ catch (error) {
+ // Fallback only on revert
+ // https://docs.ethers.org/v5/troubleshooting/errors/#help-CALL_EXCEPTION
+ if (!error ||
+ typeof error !== 'object' ||
+ !('code' in error) ||
+ error.code !== 'CALL_EXCEPTION') {
+ throw error;
+ }
+ }
+ }
+ return await fallback(calls, maxCallsParallel);
};
exports.multicallOrFallback = multicallOrFallback;
//# sourceMappingURL=multicall.cjs.map
\ No newline at end of file
diff --git a/dist/multicall.mjs b/dist/multicall.mjs
index 8fbe0112303d5df1d868e0357a9d31e43a3b6cf9..860dfdbddd813659cb2be5f7faed5d4016db5966 100644
--- a/dist/multicall.mjs
+++ b/dist/multicall.mjs
@@ -339,8 +339,21 @@ export const multicallOrFallback = async (calls, chainId, provider, maxCallsPerM
return [];
}
const multicallAddress = MULTICALL_CONTRACT_BY_CHAINID[chainId];
- return await (multicallAddress
- ? multicall(calls, multicallAddress, provider, maxCallsPerMulticall)
- : fallback(calls, maxCallsParallel));
+ if (multicallAddress) {
+ try {
+ return await multicall(calls, multicallAddress, provider, maxCallsPerMulticall);
+ }
+ catch (error) {
+ // Fallback only on revert
+ // https://docs.ethers.org/v5/troubleshooting/errors/#help-CALL_EXCEPTION
+ if (!error ||
+ typeof error !== 'object' ||
+ !('code' in error) ||
+ error.code !== 'CALL_EXCEPTION') {
+ throw error;
+ }
+ }
+ }
+ return await fallback(calls, maxCallsParallel);
};
//# sourceMappingURL=multicall.mjs.map
\ No newline at end of file
9 changes: 8 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- test: [POM] fix change language flaky tests and migrate tests to Page Object Model ([#28777](https://github.com/MetaMask/metamask-extension/pull/28777))
- fix: Correct preferences controller usage for `isOnPhishingList` hook ([#28803](https://github.com/MetaMask/metamask-extension/pull/28803))

## [12.9.3]
### Fixed
- Fix some cases where users were incorrectly seeing 0 token balances ([#29361](https://github.com/MetaMask/metamask-extension/pull/29361))
- Ensure users that opt out of smart transaction decoding don't send network requests to related APIs ([#29341](https://github.com/
MetaMask/metamask-extension/pull/29341))

## [12.9.2]
### Changed
- Display the "Amount" row within the advanced view of contract interaction confirmations, and whenever the amount being sent differs from the "You Send" row of the transaction simulation information by more than 5% ([#29131](https://github.com/MetaMask/metamask-extension/pull/29131))
Expand Down Expand Up @@ -5611,7 +5617,8 @@ Update styles and spacing on the critical error page ([#20350](https://github.c


[Unreleased]: https://github.com/MetaMask/metamask-extension/compare/v12.10.0...HEAD
[12.10.0]: https://github.com/MetaMask/metamask-extension/compare/v12.9.2...v12.10.0
[12.10.0]: https://github.com/MetaMask/metamask-extension/compare/v12.9.3...v12.10.0
[12.9.3]: https://github.com/MetaMask/metamask-extension/compare/v12.9.2...v12.9.3
[12.9.2]: https://github.com/MetaMask/metamask-extension/compare/v12.9.1...v12.9.2
[12.9.1]: https://github.com/MetaMask/metamask-extension/compare/v12.9.0...v12.9.1
[12.9.0]: https://github.com/MetaMask/metamask-extension/compare/v12.8.1...v12.9.0
Expand Down
24 changes: 24 additions & 0 deletions app/scripts/lib/createMainFrameOriginMiddleware.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
// Request and responses are currently untyped.
/* eslint-disable @typescript-eslint/no-explicit-any */

/**
* Returns a middleware that appends the mainFrameOrigin to request
*
* @param {{ mainFrameOrigin: string }} opts - The middleware options
* @returns {Function}
*/

export default function createMainFrameOriginMiddleware({
mainFrameOrigin,
}: {
mainFrameOrigin: string;
}) {
return function mainFrameOriginMiddleware(
req: any,
_res: any,
next: () => void,
) {
req.mainFrameOrigin = mainFrameOrigin;
next();
};
}
50 changes: 49 additions & 1 deletion app/scripts/lib/ppom/ppom-util.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {
SignatureController,
SignatureRequest,
} from '@metamask/signature-controller';
import { Hex } from '@metamask/utils';
import { Hex, JsonRpcRequest } from '@metamask/utils';
import {
BlockaidReason,
BlockaidResultType,
Expand All @@ -22,6 +22,8 @@ import { AppStateController } from '../../controllers/app-state-controller';
import {
generateSecurityAlertId,
isChainSupported,
METHOD_SIGN_TYPED_DATA_V3,
METHOD_SIGN_TYPED_DATA_V4,
updateSecurityAlertResponse,
validateRequestWithPPOM,
} from './ppom-util';
Expand Down Expand Up @@ -57,6 +59,10 @@ const TRANSACTION_PARAMS_MOCK_1: TransactionParams = {
value: '0x123',
};

const SIGN_TYPED_DATA_PARAMS_MOCK_1 = '0x123';
const SIGN_TYPED_DATA_PARAMS_MOCK_2 =
'{"primaryType":"Permit","domain":{},"types":{}}';

const TRANSACTION_PARAMS_MOCK_2: TransactionParams = {
...TRANSACTION_PARAMS_MOCK_1,
to: '0x456',
Expand Down Expand Up @@ -261,6 +267,48 @@ describe('PPOM Utils', () => {
);
});

// @ts-expect-error This is missing from the Mocha type definitions
it.each([METHOD_SIGN_TYPED_DATA_V3, METHOD_SIGN_TYPED_DATA_V4])(
'sanitizes request params if method is %s',
async (method: string) => {
const ppom = createPPOMMock();
const ppomController = createPPOMControllerMock();

ppomController.usePPOM.mockImplementation(
(callback) =>
// eslint-disable-next-line @typescript-eslint/no-explicit-any
callback(ppom as any) as any,
);

const firstTwoParams = [
SIGN_TYPED_DATA_PARAMS_MOCK_1,
SIGN_TYPED_DATA_PARAMS_MOCK_2,
];

const unwantedParams = [{}, undefined, 1, null];

const params = [...firstTwoParams, ...unwantedParams];

const request = {
...REQUEST_MOCK,
method,
params,
} as unknown as JsonRpcRequest;

await validateRequestWithPPOM({
...validateRequestWithPPOMOptionsBase,
ppomController,
request,
});

expect(ppom.validateJsonRpc).toHaveBeenCalledTimes(1);
expect(ppom.validateJsonRpc).toHaveBeenCalledWith({
...request,
params: firstTwoParams,
});
},
);

it('updates response indicating chain is not supported', async () => {
const ppomController = {} as PPOMController;
const CHAIN_ID_UNSUPPORTED_MOCK = '0x2';
Expand Down
20 changes: 19 additions & 1 deletion app/scripts/lib/ppom/ppom-util.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ import {
const { sentry } = global;

const METHOD_SEND_TRANSACTION = 'eth_sendTransaction';
export const METHOD_SIGN_TYPED_DATA_V3 = 'eth_signTypedData_v3';
export const METHOD_SIGN_TYPED_DATA_V4 = 'eth_signTypedData_v4';

const SECURITY_ALERT_RESPONSE_ERROR = {
result_type: BlockaidResultType.Errored,
Expand Down Expand Up @@ -171,7 +173,7 @@ function normalizePPOMRequest(
request,
)
) {
return request;
return sanitizeRequest(request);
}

const transactionParams = request.params[0];
Expand All @@ -183,6 +185,22 @@ function normalizePPOMRequest(
};
}

function sanitizeRequest(request: JsonRpcRequest): JsonRpcRequest {
// This is a temporary fix to prevent a PPOM bypass
if (
request.method === METHOD_SIGN_TYPED_DATA_V4 ||
request.method === METHOD_SIGN_TYPED_DATA_V3
) {
if (Array.isArray(request.params)) {
return {
...request,
params: request.params.slice(0, 2),
};
}
}
return request;
}

function getErrorMessage(error: unknown) {
if (error instanceof Error) {
return `${error.name}: ${error.message}`;
Expand Down
22 changes: 21 additions & 1 deletion app/scripts/metamask-controller.js
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ import {
createUnsupportedMethodMiddleware,
} from './lib/rpc-method-middleware';
import createOriginMiddleware from './lib/createOriginMiddleware';
import createMainFrameOriginMiddleware from './lib/createMainFrameOriginMiddleware';
import createTabIdMiddleware from './lib/createTabIdMiddleware';
import { NetworkOrderController } from './controllers/network-order';
import { AccountOrderController } from './controllers/account-order';
Expand Down Expand Up @@ -5804,11 +5805,18 @@ export default class MetamaskController extends EventEmitter {
tabId = sender.tab.id;
}

let mainFrameOrigin = origin;
if (sender.tab && sender.tab.url) {
// If sender origin is an iframe, then get the top-level frame's origin
mainFrameOrigin = new URL(sender.tab.url).origin;
}

const engine = this.setupProviderEngineEip1193({
origin,
sender,
subjectType,
tabId,
mainFrameOrigin,
});

const dupeReqFilterStream = createDupeReqFilterStream();
Expand Down Expand Up @@ -5929,13 +5937,25 @@ export default class MetamaskController extends EventEmitter {
* @param {MessageSender | SnapSender} options.sender - The sender object.
* @param {string} options.subjectType - The type of the sender subject.
* @param {tabId} [options.tabId] - The tab ID of the sender - if the sender is within a tab
* @param {mainFrameOrigin} [options.mainFrameOrigin] - The origin of the main frame if the sender is an iframe
*/
setupProviderEngineEip1193({ origin, subjectType, sender, tabId }) {
setupProviderEngineEip1193({
origin,
subjectType,
sender,
tabId,
mainFrameOrigin,
}) {
const engine = new JsonRpcEngine();

// Append origin to each request
engine.push(createOriginMiddleware({ origin }));

// Append mainFrameOrigin to each request if present
if (mainFrameOrigin) {
engine.push(createMainFrameOriginMiddleware({ mainFrameOrigin }));
}

// Append selectedNetworkClientId to each request
engine.push(createSelectedNetworkMiddleware(this.controllerMessenger));

Expand Down
Loading

0 comments on commit 136b5a8

Please sign in to comment.