Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: change types signatures verifyingContract validation to allow 'cosmos' as address #334

Merged
merged 2 commits into from
Sep 23, 2024
Merged

fix: change types signatures verifyingContract validation to allow 'cosmos' as address #334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bc08672
Change types signatures verifyingContract validation to allow 'cosmos…
jpuri Sep 17, 2024
67f51db
update
jpuri Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions src/wallet.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,35 @@ describe('wallet', () => {
'0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c',
});
});

it('should not throw if request is permit with verifyingContract address equal to "cosmos"', async () => {
const { engine } = createTestSetup();
const getAccounts = async () => testAddresses.slice();
const witnessedMsgParams: TypedMessageParams[] = [];
const processTypedMessageV4 = async (msgParams: TypedMessageParams) => {
witnessedMsgParams.push(msgParams);
// Assume testMsgSig is the expected signature result
return testMsgSig;
};

engine.push(
createWalletMiddleware({ getAccounts, processTypedMessageV4 }),
);

const payload = {
method: 'eth_signTypedData_v4',
params: [testAddresses[0], JSON.stringify(getMsgParams('cosmos'))],
};

const promise = pify(engine.handle).call(engine, payload);
const result = await promise;
expect(result).toStrictEqual({
id: undefined,
jsonrpc: undefined,
result:
'0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c',
});
});
});

describe('sign', () => {
Expand Down
8 changes: 7 additions & 1 deletion src/wallet.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -426,7 +426,7 @@
*
* @param address - The address to validate and normalize.
* @param req - The request object.
* @returns {string} - The normalized address, if valid. Otherwise, throws

Check warning on line 429 in src/wallet.ts

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (18.x) 

There must be no hyphen before @returns description

Check warning on line 429 in src/wallet.ts

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (20.x) 

There must be no hyphen before @returns description

Check warning on line 429 in src/wallet.ts

View workflow job for this annotation

GitHub Actions / Build, lint, and test / Lint (22.x) 

There must be no hyphen before @returns description
* an error
*/
async function validateAndNormalizeKeyholder(
Expand Down Expand Up @@ -464,7 +464,13 @@
*/
function validateVerifyingContract(data: string) {
const { domain: { verifyingContract } = {} } = parseTypedMessage(data);
if (verifyingContract && !isValidHexAddress(verifyingContract)) {
// Explicit check for cosmos here has been added to address this issue
// https://github.com/MetaMask/eth-json-rpc-middleware/issues/new
if (
verifyingContract &&
(verifyingContract as string) !== 'cosmos' &&
Copy link
Contributor

@adonesky1 adonesky1 Sep 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're going to introduce this single exception? Doesn't it seem possible there are other cases here that we're going to be chasing? Do we have a plan to deprecate support for this exception and start enforcing this more strictly or?

cc @MetaMask/wallet-api-platform-engineers

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cosmos network DAPPs are using this deprecated SDK which has verifyingContract hard coded to cosmos https://github.com/evmos/ethermint/blob/main/ethereum/eip712/domain.go#L29 thus we need to do it to support cosmos network. Once this old library goes out of use we can revert the change.

We do not see more such cases currently.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if I understand correctly we are planning on removing this sometime in the future: if so, to make sure we don't lose track of it, perhaps we can open a new issue and mention it in the code comment instead of using the issue that will be closed by this PR (#26980)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point @mikesposito , I added this issue #337 and updated the comment.

!isValidHexAddress(verifyingContract)
) {
throw rpcErrors.invalidInput();
}
}
Expand Down
Loading