From 2ecd9a3d6720bd6d0e44481deba490463948995f Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 4 Jun 2024 17:56:37 -0700 Subject: [PATCH 01/20] chore: write backend confirmation Signed-off-by: Ethan Wessel --- app/scripts/metamask-controller.js | 7 +++++++ package.json | 2 ++ shared/constants/bridge.ts | 3 +++ yarn.lock | 4 +++- 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index fdfddfd3689b..694a07fdd585 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -329,6 +329,7 @@ import AuthenticationController from './controllers/authentication/authenticatio import UserStorageController from './controllers/user-storage/user-storage-controller'; import { PushPlatformNotificationsController } from './controllers/push-platform-notifications/push-platform-notifications'; import { MetamaskNotificationsController } from './controllers/metamask-notifications/metamask-notifications'; +import { txVerificationMiddleware } from './lib/tx-verification/tx-verification-middleware'; import { updateSecurityAlertResponse } from './lib/ppom/ppom-util'; export const METAMASK_CONTROLLER_EVENTS = { @@ -5118,6 +5119,12 @@ export default class MetamaskController extends EventEmitter { engine.push(createLoggerMiddleware({ origin })); engine.push(this.permissionLogController.createMiddleware()); + console.log('origin') + console.log(origin) + if (origin === 'https://portfolio.metamask.io' || 'http://localhost:3000') { + engine.push(txVerificationMiddleware); + } + ///: BEGIN:ONLY_INCLUDE_IF(blockaid) engine.push( createPPOMMiddleware( diff --git a/package.json b/package.json index 9a71ebca5ce7..e11a4150359a 100644 --- a/package.json +++ b/package.json @@ -263,8 +263,10 @@ "@ethersproject/abi": "^5.6.4", "@ethersproject/bignumber": "^5.7.0", "@ethersproject/contracts": "^5.7.0", + "@ethersproject/hash": "^5.7.0", "@ethersproject/hdnode": "^5.6.2", "@ethersproject/providers": "^5.7.2", + "@ethersproject/wallet": "^5.7.0", "@fortawesome/fontawesome-free": "^5.13.0", "@keystonehq/bc-ur-registry-eth": "^0.19.1", "@keystonehq/metamask-airgapped-keyring": "^0.13.1", diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index e02c992bbbba..08f323e64da9 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -11,3 +11,6 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ CHAIN_IDS.LINEA_MAINNET, CHAIN_IDS.BASE, ]; + +export const TRUSTED_BRIDGE_SIGNER = + '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c'; diff --git a/yarn.lock b/yarn.lock index fc171c58a64b..164c81e21b4a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2826,7 +2826,7 @@ __metadata: languageName: node linkType: hard -"@ethersproject/wallet@npm:5.7.0": +"@ethersproject/wallet@npm:5.7.0, @ethersproject/wallet@npm:^5.7.0": version: 5.7.0 resolution: "@ethersproject/wallet@npm:5.7.0" dependencies: @@ -24848,8 +24848,10 @@ __metadata: "@ethersproject/abi": "npm:^5.6.4" "@ethersproject/bignumber": "npm:^5.7.0" "@ethersproject/contracts": "npm:^5.7.0" + "@ethersproject/hash": "npm:^5.7.0" "@ethersproject/hdnode": "npm:^5.6.2" "@ethersproject/providers": "npm:^5.7.2" + "@ethersproject/wallet": "npm:^5.7.0" "@fortawesome/fontawesome-free": "npm:^5.13.0" "@keystonehq/bc-ur-registry-eth": "npm:^0.19.1" "@keystonehq/metamask-airgapped-keyring": "npm:^0.13.1" From 7f1014229b354306f122e1392e4ae7c1969a18ff Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 4 Jun 2024 17:57:42 -0700 Subject: [PATCH 02/20] chore: remove console.log Signed-off-by: Ethan Wessel --- .../tx-verification-middleware.ts | 53 +++++++++++++++++++ app/scripts/metamask-controller.js | 2 - 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 app/scripts/lib/tx-verification/tx-verification-middleware.ts diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts new file mode 100644 index 000000000000..853bbaa2d22f --- /dev/null +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -0,0 +1,53 @@ +import { hashMessage } from '@ethersproject/hash'; +import { verifyMessage } from '@ethersproject/wallet'; +import { + Json, + JsonRpcParams, + JsonRpcRequest, + JsonRpcResponse, +} from '@metamask/utils'; +import { + JsonRpcEngineEndCallback, + JsonRpcEngineNextCallback, +} from 'json-rpc-engine'; +import { TRUSTED_BRIDGE_SIGNER } from '../../../../shared/constants/bridge'; +import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; + +export function txVerificationMiddleware( + req: JsonRpcRequest, + _res: JsonRpcResponse, + next: JsonRpcEngineNextCallback, + end: JsonRpcEngineEndCallback, +) { + // ignore if not sendTransaction and if the params not an array + if (req.method !== 'eth_sendTransaction' || !Array.isArray(req.params)) { + return next(); + } + + // 0 tx object is the first element + const params = req.params[0]; + const paramsToVerify = { + to: hashMessage(params.to.toLowerCase()), + from: hashMessage(params.from.toLowerCase()), + data: hashMessage( + params.data.toLowerCase().substr(0, params.data.length - 130), + ), + value: hashMessage(params.value.toLowerCase()), + }; + const h = hashMessage(JSON.stringify(paramsToVerify)); + const signature = `0x${params.data.substr(-130)}`; + // signature is 130 chars in length at the end + const addressToVerify = verifyMessage(h, signature); + const canSubmit = + params.to.toLowerCase() === + FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][params.chainId].toLowerCase() + ? addressToVerify.toLowerCase() === TRUSTED_BRIDGE_SIGNER.toLowerCase() + : true; + + if (!canSubmit) { + end(new Error('Validation Error')); + } + + // successful validation + return next(); +} diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index 694a07fdd585..c3d1b6374d67 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -5119,8 +5119,6 @@ export default class MetamaskController extends EventEmitter { engine.push(createLoggerMiddleware({ origin })); engine.push(this.permissionLogController.createMiddleware()); - console.log('origin') - console.log(origin) if (origin === 'https://portfolio.metamask.io' || 'http://localhost:3000') { engine.push(txVerificationMiddleware); } From 667ecb93ddfd0acd84b6c2ccdc2debbb7104af09 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Wed, 5 Jun 2024 16:19:06 -0700 Subject: [PATCH 03/20] chore: turn signature length into const Signed-off-by: Ethan Wessel --- .../lib/tx-verification/tx-verification-middleware.ts | 7 ++++--- shared/constants/bridge.ts | 2 ++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 853bbaa2d22f..46bbce9468b3 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -10,7 +10,7 @@ import { JsonRpcEngineEndCallback, JsonRpcEngineNextCallback, } from 'json-rpc-engine'; -import { TRUSTED_BRIDGE_SIGNER } from '../../../../shared/constants/bridge'; +import { SIG_LEN, TRUSTED_BRIDGE_SIGNER } from '../../../../shared/constants/bridge'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; export function txVerificationMiddleware( @@ -30,13 +30,14 @@ export function txVerificationMiddleware( to: hashMessage(params.to.toLowerCase()), from: hashMessage(params.from.toLowerCase()), data: hashMessage( - params.data.toLowerCase().substr(0, params.data.length - 130), + // strip signature from data + params.data.toLowerCase().substr(0, params.data.length - SIG_LEN), ), value: hashMessage(params.value.toLowerCase()), }; const h = hashMessage(JSON.stringify(paramsToVerify)); - const signature = `0x${params.data.substr(-130)}`; // signature is 130 chars in length at the end + const signature = `0x${params.data.substr(-SIG_LEN)}`; const addressToVerify = verifyMessage(h, signature); const canSubmit = params.to.toLowerCase() === diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index 08f323e64da9..7b2f9b881982 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -14,3 +14,5 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ export const TRUSTED_BRIDGE_SIGNER = '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c'; + +export const SIG_LEN = 130 From b224935a10351fee82e2e96f0273ac44ceb1f73e Mon Sep 17 00:00:00 2001 From: Erik Marks <25517051+rekmarks@users.noreply.github.com> Date: Wed, 5 Jun 2024 16:54:49 -0700 Subject: [PATCH 04/20] Tx verification updates (#25084) Commits are individually reviewable. --- .../tx-verification-middleware.ts | 128 ++++++++++++------ app/scripts/metamask-controller.js | 7 +- package.json | 1 + yarn.lock | 1 + 4 files changed, 95 insertions(+), 42 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 46bbce9468b3..34e6b18e7074 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -1,54 +1,104 @@ import { hashMessage } from '@ethersproject/hash'; import { verifyMessage } from '@ethersproject/wallet'; +import type { NetworkController } from '@metamask/network-controller'; +import { rpcErrors } from '@metamask/rpc-errors'; +import { Json, JsonRpcParams, hasProperty, isObject } from '@metamask/utils'; import { - Json, - JsonRpcParams, JsonRpcRequest, JsonRpcResponse, -} from '@metamask/utils'; -import { JsonRpcEngineEndCallback, JsonRpcEngineNextCallback, } from 'json-rpc-engine'; import { SIG_LEN, TRUSTED_BRIDGE_SIGNER } from '../../../../shared/constants/bridge'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; -export function txVerificationMiddleware( - req: JsonRpcRequest, - _res: JsonRpcResponse, - next: JsonRpcEngineNextCallback, - end: JsonRpcEngineEndCallback, +type TxParams = { + chainId?: `0x${string}`; + data: string; + from: string; + to: string; + value: string; +}; + +/** + * Creates a middleware function that verifies bridge transactions from the + * Portfolio. + * + * @param networkController - The network controller instance. + * @returns The middleware function. + */ +export function createTxVerificationMiddleware( + networkController: NetworkController, ) { - // ignore if not sendTransaction and if the params not an array - if (req.method !== 'eth_sendTransaction' || !Array.isArray(req.params)) { + return function txVerificationMiddleware( + req: JsonRpcRequest, + _res: JsonRpcResponse, + next: JsonRpcEngineNextCallback, + end: JsonRpcEngineEndCallback, + ) { + if ( + req.method !== 'eth_sendTransaction' || + !Array.isArray(req.params) || + !isValidParams(req.params) + ) { + return next(); + } + + // the tx object is the first element + const params = req.params[0]; + + const chainId = + typeof params.chainId === 'string' + ? (params.chainId.toLowerCase() as `0x${string}`) + : networkController.state.providerConfig.chainId; + + // if the recipient address is not the bridge contract, skip verification + if ( + params.to.toLowerCase() !== + FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId].toLowerCase() + ) { + return next(); + } + + const paramsToVerify = { + to: hashMessage(params.to.toLowerCase()), + from: hashMessage(params.from.toLowerCase()), + data: hashMessage( + params.data.toLowerCase().substring(0, params.data.length - SIG_LEN), + ), + value: hashMessage(params.value.toLowerCase()), + }; + const h = hashMessage(JSON.stringify(paramsToVerify)); + + // signature is 130 chars in length at the end + const signature = `0x${params.data.substring(-SIG_LEN)}`; + const addressToVerify = verifyMessage(h, signature); + + if (addressToVerify.toLowerCase() !== TRUSTED_BRIDGE_SIGNER.toLowerCase()) { + return end( + rpcErrors.invalidParams('Invalid bridge transaction signature.'), + ); + } return next(); - } - - // 0 tx object is the first element - const params = req.params[0]; - const paramsToVerify = { - to: hashMessage(params.to.toLowerCase()), - from: hashMessage(params.from.toLowerCase()), - data: hashMessage( - // strip signature from data - params.data.toLowerCase().substr(0, params.data.length - SIG_LEN), - ), - value: hashMessage(params.value.toLowerCase()), }; - const h = hashMessage(JSON.stringify(paramsToVerify)); - // signature is 130 chars in length at the end - const signature = `0x${params.data.substr(-SIG_LEN)}`; - const addressToVerify = verifyMessage(h, signature); - const canSubmit = - params.to.toLowerCase() === - FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][params.chainId].toLowerCase() - ? addressToVerify.toLowerCase() === TRUSTED_BRIDGE_SIGNER.toLowerCase() - : true; - - if (!canSubmit) { - end(new Error('Validation Error')); - } - - // successful validation - return next(); +} + +/** + * Checks if the params of a JSON-RPC request are valid `eth_sendTransaction` + * params. + * + * @param params - The params to validate. + * @returns Whether the params are valid. + */ +function isValidParams(params: Json[]): params is [TxParams] { + return ( + isObject(params[0]) && + (!hasProperty(params[0], 'chainId') || + (typeof params[0].chainId === 'string' && + params[0].chainId.startsWith('0x'))) && + typeof params[0].data === 'string' && + typeof params[0].from === 'string' && + typeof params[0].to === 'string' && + typeof params[0].value === 'string' + ); } diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js index c3d1b6374d67..b2f8d0d99ed9 100644 --- a/app/scripts/metamask-controller.js +++ b/app/scripts/metamask-controller.js @@ -219,6 +219,7 @@ import { getSmartTransactionsOptInStatus, getCurrentChainSupportsSmartTransactions, } from '../../shared/modules/selectors'; +import { BaseUrl } from '../../shared/constants/urls'; import { ///: BEGIN:ONLY_INCLUDE_IF(build-mmi) handleMMITransactionUpdate, @@ -329,7 +330,7 @@ import AuthenticationController from './controllers/authentication/authenticatio import UserStorageController from './controllers/user-storage/user-storage-controller'; import { PushPlatformNotificationsController } from './controllers/push-platform-notifications/push-platform-notifications'; import { MetamaskNotificationsController } from './controllers/metamask-notifications/metamask-notifications'; -import { txVerificationMiddleware } from './lib/tx-verification/tx-verification-middleware'; +import { createTxVerificationMiddleware } from './lib/tx-verification/tx-verification-middleware'; import { updateSecurityAlertResponse } from './lib/ppom/ppom-util'; export const METAMASK_CONTROLLER_EVENTS = { @@ -5119,8 +5120,8 @@ export default class MetamaskController extends EventEmitter { engine.push(createLoggerMiddleware({ origin })); engine.push(this.permissionLogController.createMiddleware()); - if (origin === 'https://portfolio.metamask.io' || 'http://localhost:3000') { - engine.push(txVerificationMiddleware); + if (origin === BaseUrl.Portfolio) { + engine.push(createTxVerificationMiddleware(this.networkController)); } ///: BEGIN:ONLY_INCLUDE_IF(blockaid) diff --git a/package.json b/package.json index e11a4150359a..9f375e59f055 100644 --- a/package.json +++ b/package.json @@ -328,6 +328,7 @@ "@metamask/providers": "^14.0.2", "@metamask/queued-request-controller": "^0.10.0", "@metamask/rate-limit-controller": "^5.0.1", + "@metamask/rpc-errors": "^6.2.1", "@metamask/safe-event-emitter": "^3.1.1", "@metamask/scure-bip39": "^2.0.3", "@metamask/selected-network-controller": "^13.0.0", diff --git a/yarn.lock b/yarn.lock index 164c81e21b4a..1bf391473ce0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -24927,6 +24927,7 @@ __metadata: "@metamask/providers": "npm:^14.0.2" "@metamask/queued-request-controller": "npm:^0.10.0" "@metamask/rate-limit-controller": "npm:^5.0.1" + "@metamask/rpc-errors": "npm:^6.2.1" "@metamask/safe-event-emitter": "npm:^3.1.1" "@metamask/scure-bip39": "npm:^2.0.3" "@metamask/selected-network-controller": "npm:^13.0.0" From 6ae5b1527f0b4820a5381cf7ec2646cc4c77f1d2 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Thu, 6 Jun 2024 13:49:50 -0700 Subject: [PATCH 05/20] chore: substring to substr --- app/scripts/lib/tx-verification/tx-verification-middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 34e6b18e7074..4072f31eaf11 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -71,7 +71,7 @@ export function createTxVerificationMiddleware( const h = hashMessage(JSON.stringify(paramsToVerify)); // signature is 130 chars in length at the end - const signature = `0x${params.data.substring(-SIG_LEN)}`; + const signature = `0x${params.data.substr(-SIG_LEN)}`; const addressToVerify = verifyMessage(h, signature); if (addressToVerify.toLowerCase() !== TRUSTED_BRIDGE_SIGNER.toLowerCase()) { From c176a5b91cf59a223f402a5b30b81f300c69e81f Mon Sep 17 00:00:00 2001 From: Erik Marks <25517051+rekmarks@users.noreply.github.com> Date: Thu, 6 Jun 2024 18:32:11 -0700 Subject: [PATCH 06/20] test: Add tx verification middleware validation tests (#25114) Adds basic validation tests for the tx verification middleware. More to come. --------- Signed-off-by: Ethan Wessel Co-authored-by: Ethan Wessel --- .../tx-verification-middleware.test.ts | 177 ++++++++++++++++ .../tx-verification-middleware.ts | 33 +-- lavamoat/browserify/beta/policy.json | 190 ++++++++++------- lavamoat/browserify/desktop/policy.json | 194 +++++++++++------- lavamoat/browserify/flask/policy.json | 194 +++++++++++------- lavamoat/browserify/main/policy.json | 194 +++++++++++------- lavamoat/browserify/mmi/policy.json | 194 +++++++++++------- shared/constants/bridge.ts | 2 +- 8 files changed, 781 insertions(+), 397 deletions(-) create mode 100644 app/scripts/lib/tx-verification/tx-verification-middleware.test.ts diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts new file mode 100644 index 000000000000..d6eed921c618 --- /dev/null +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts @@ -0,0 +1,177 @@ +import { NetworkController } from '@metamask/network-controller'; +import { JsonRpcParams, jsonrpc2 } from '@metamask/utils'; +import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; +import { + BridgeTxParams, + createTxVerificationMiddleware, +} from './tx-verification-middleware'; + +const getMockNetworkController = (chainId: `0x${string}` = '0x1') => + ({ state: { providerConfig: { chainId } } } as unknown as NetworkController); + +const jsonRpcTemplate = { jsonrpc: jsonrpc2, id: 1 }; + +const getMiddlewareParams = (method: string, params: JsonRpcParams = []) => { + const req = { ...jsonRpcTemplate, method, params }; + const res = { ...jsonRpcTemplate, result: null }; + const next = jest.fn(); + const end = jest.fn(); + return { req, res, next, end }; +}; + +const getBridgeTxParams = ( + txParams: Partial = {}, +): [BridgeTxParams] => { + return [ + { + data: '0x1', + from: '0x1', + to: '0x1', + value: '0x1', + ...txParams, + }, + ]; +}; + +describe('tx verification middleware', () => { + it('ignores methods other than eth_sendTransaction', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + const { req, res, next, end } = getMiddlewareParams('foo'); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }); + + // @ts-expect-error Our test types are broken + it.each([ + ['null', null], + ['string', 'foo'], + ['plain object', {}], + ['empty array', []], + ['array with non-object', ['foo']], + ['non-string "data"', [{ data: 1 }]], + ['non-string "from"', [{ data: 'data', from: 1 }]], + ['non-string "to"', [{ data: 'data', from: 'from', to: 1 }]], + [ + 'non-string "value"', + [{ data: 'data', from: 'from', to: 'to', value: 1 }], + ], + [ + 'non-string "chainId"', + [{ data: 'data', from: 'from', to: 'to', value: 'value', chainId: 1 }], + ], + [ + 'non-"0x"-prefixed "chainId"', + [{ data: 'data', from: 'from', to: 'to', value: 'value', chainId: '1' }], + ], + ])( + 'ignores invalid params: %s', + (_: string, invalidParams: JsonRpcParams) => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + invalidParams, + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }, + ); + + // @ts-expect-error Our test types are broken + it.each(Object.keys(FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge']))( + 'ignores transactions that are not addressed to the bridge contract for chain %s', + (chainId: `0x${string}`) => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ chainId, to: '0x1' }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }, + ); + + // @ts-expect-error Our test types are broken + it.each(['0x11111', '0x111', '0x222222'])( + 'ignores transactions that do not have a bridge contract deployed for chain %s', + (chainId: `0x${string}`) => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ chainId, to: '0x1' }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }, + ); + + it('passes through a valid bridge transaction', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ ...getFixtures().valid }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }); + + it('rejects modified bridge transactions', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ ...getFixtures().invalid }), + ); + middleware(req, res, next, end); + + expect(next).not.toHaveBeenCalled(); + expect(end).toHaveBeenCalledTimes(1); + }); +}); + +/** + * Returns bridge transaction validation fixtures. + * + * @returns The fixtures. + */ +function getFixtures() { + return { + valid: { + data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000f736f636b6574416461707465725632000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000003a23f943181408eac424116af7b7790c94cb97a50000000000000000000000003a23f943181408eac424116af7b7790c94cb97a5000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000e6b738da243e8fa2a0ed5915645789add5de515200000000000000000000000000000000000000000000000000000000000001280000019fd025dec0000000000000000000000000e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c000000000000000000000000b8901acb165ed027e32754e0ffe830802919727f000000000000000000000000710bda329b2a6224e4b44833de30f38e7f81d564000000000000000000000000000000000000000000000000000000000000a4b100000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000004614942c423e000000000000000000000000000000000000000000000000000000886c98b760000000000000000000000000000000000000000000000000000000019012a41ba800000000000000000000000000000000000000000000000000000000000000c40000000000000000000000000000000000000000000000005dedaf7e04c3f5c842c30ed9a4a19baceb915cdd3e865f0dad99ffca277743a20bac00e0f366e7265f1fcad502791ff49e9c5c98e1841a090df23ce5555051da1c', + from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', + to: FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge']['0x1'], + value: '0x470de4df820000', + }, + invalid: { + data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000d6c6966694164617074657256320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0000000000000000000000000e397c4883ec89ed4fc9d258f00c689708b2799c9000000000000000000000000e397c4883ec89ed4fc9d258f00c689708b2799c9000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000c8c0e780960f954c3426a32b6ab453248d632b59000000000000000000000000000000000000000000000000000000000000006c5a39b10a5d458d62482fa1e7e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c0000a4b10002a9de92aa00576661f103ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd00dfeeddeadbeef8932eb23bad9bddb5cf81426f78279a53c6c3b710000000000000000000000000000000000000000', + from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', + to: FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge']['0x1'], + value: '0x470de4df820000', + }, + } as const; +} diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 4072f31eaf11..9aade561e35f 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -9,10 +9,13 @@ import { JsonRpcEngineEndCallback, JsonRpcEngineNextCallback, } from 'json-rpc-engine'; -import { SIG_LEN, TRUSTED_BRIDGE_SIGNER } from '../../../../shared/constants/bridge'; +import { + SIG_LEN, + TRUSTED_BRIDGE_SIGNER, +} from '../../../../shared/constants/bridge'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; -type TxParams = { +export type BridgeTxParams = { chainId?: `0x${string}`; data: string; from: string; @@ -52,10 +55,14 @@ export function createTxVerificationMiddleware( ? (params.chainId.toLowerCase() as `0x${string}`) : networkController.state.providerConfig.chainId; - // if the recipient address is not the bridge contract, skip verification + // skip verification if bridge is not deployed on the specified chain. + // skip verification to address is not the bridge contract if ( + !Object.keys(FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge']).includes( + chainId, + ) || params.to.toLowerCase() !== - FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId].toLowerCase() + FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId].toLowerCase() ) { return next(); } @@ -64,15 +71,15 @@ export function createTxVerificationMiddleware( to: hashMessage(params.to.toLowerCase()), from: hashMessage(params.from.toLowerCase()), data: hashMessage( - params.data.toLowerCase().substring(0, params.data.length - SIG_LEN), + params.data.toLowerCase().slice(0, params.data.length - SIG_LEN), ), value: hashMessage(params.value.toLowerCase()), }; - const h = hashMessage(JSON.stringify(paramsToVerify)); + const hashedParams = hashMessage(JSON.stringify(paramsToVerify)); // signature is 130 chars in length at the end - const signature = `0x${params.data.substr(-SIG_LEN)}`; - const addressToVerify = verifyMessage(h, signature); + const signature = `0x${params.data.slice(-SIG_LEN)}`; + const addressToVerify = verifyMessage(hashedParams, signature); if (addressToVerify.toLowerCase() !== TRUSTED_BRIDGE_SIGNER.toLowerCase()) { return end( @@ -90,15 +97,15 @@ export function createTxVerificationMiddleware( * @param params - The params to validate. * @returns Whether the params are valid. */ -function isValidParams(params: Json[]): params is [TxParams] { +function isValidParams(params: Json[]): params is [BridgeTxParams] { return ( isObject(params[0]) && - (!hasProperty(params[0], 'chainId') || - (typeof params[0].chainId === 'string' && - params[0].chainId.startsWith('0x'))) && typeof params[0].data === 'string' && typeof params[0].from === 'string' && typeof params[0].to === 'string' && - typeof params[0].value === 'string' + typeof params[0].value === 'string' && + (!hasProperty(params[0], 'chainId') || + (typeof params[0].chainId === 'string' && + params[0].chainId.startsWith('0x'))) ); } diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index 3e29576edd63..fabc251dcd9a 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -227,12 +227,12 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/keccak256": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true + "@ethersproject/bignumber": true, + "@ethersproject/hash": true } }, "@ethersproject/abi>@ethersproject/address": { @@ -254,18 +254,6 @@ "@ethersproject/bignumber": true } }, - "@ethersproject/abi>@ethersproject/hash": { - "packages": { - "@ethersproject/abi>@ethersproject/address": true, - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/keccak256": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true, - "@ethersproject/providers>@ethersproject/base64": true - } - }, "@ethersproject/abi>@ethersproject/keccak256": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -307,9 +295,36 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true + "@ethersproject/wallet>@ethersproject/abstract-provider": true + } + }, + "@ethersproject/hash": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/bignumber": true, + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/hash>@ethersproject/abstract-signer": { + "packages": { + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true + } + }, + "@ethersproject/hash>@ethersproject/base64": { + "globals": { + "atob": true, + "btoa": true + }, + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true } }, "@ethersproject/hdnode": { @@ -327,12 +342,6 @@ "@ethersproject/hdnode>@ethersproject/wordlists": true } }, - "@ethersproject/hdnode>@ethersproject/abstract-signer": { - "packages": { - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true - } - }, "@ethersproject/hdnode>@ethersproject/basex": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -376,10 +385,10 @@ "@ethersproject/hdnode>@ethersproject/wordlists": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hash": true } }, "@ethersproject/providers": { @@ -396,39 +405,26 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/base64": true, "@ethersproject/hdnode>@ethersproject/basex": true, "@ethersproject/hdnode>@ethersproject/sha2": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@ethersproject/providers>@ethersproject/base64": true, - "@ethersproject/providers>@ethersproject/random": true, "@ethersproject/providers>@ethersproject/web": true, "@ethersproject/providers>bech32": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/random": true, "@metamask/test-bundler>@ethersproject/networks": true } }, - "@ethersproject/providers>@ethersproject/base64": { - "globals": { - "atob": true, - "btoa": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true - } - }, "@ethersproject/providers>@ethersproject/random": { "globals": { "crypto.getRandomValues": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true } }, "@ethersproject/providers>@ethersproject/rlp": { @@ -448,7 +444,59 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/providers>@ethersproject/base64": true + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/wallet": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/signing-key": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/json-wallets": true, + "@ethersproject/wallet>@ethersproject/random": true + } + }, + "@ethersproject/wallet>@ethersproject/abstract-provider": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/bignumber": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/pbkdf2": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": true, + "@ethersproject/wallet>@ethersproject/random": true, + "ethereumjs-util>ethereum-cryptography>scrypt-js": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": { + "globals": { + "define": true + } + }, + "@ethersproject/wallet>@ethersproject/random": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true } }, "@keystonehq/bc-ur-registry-eth": { @@ -800,7 +848,7 @@ "packages": { "@metamask/approval-controller>@metamask/base-controller": true, "@metamask/approval-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true + "@metamask/rpc-errors": true } }, "@metamask/approval-controller>@metamask/base-controller": { @@ -844,7 +892,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/name-controller>async-mutex": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, "lodash": true, @@ -1033,7 +1081,7 @@ }, "@metamask/eth-json-rpc-filters>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1048,7 +1096,7 @@ "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": true, "@metamask/eth-json-rpc-middleware>safe-stable-stringify": true, "@metamask/eth-sig-util": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "pify": true, "sass-loader>klona": true @@ -1056,7 +1104,7 @@ }, "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1696,7 +1744,7 @@ "@metamask/network-controller>@metamask/eth-json-rpc-infura": true, "@metamask/network-controller>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/swappable-obj-proxy": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "browserify>assert": true, @@ -1718,7 +1766,7 @@ "packages": { "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "node-fetch": true } @@ -1731,7 +1779,7 @@ }, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1775,7 +1823,7 @@ "@metamask/controller-utils": true, "@metamask/permission-controller>@metamask/base-controller": true, "@metamask/permission-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "deep-freeze-strict": true, @@ -1876,16 +1924,10 @@ "ethereumjs-util>ethereum-cryptography>hash.js": true } }, - "@metamask/providers>@metamask/rpc-errors": { - "packages": { - "@metamask/utils": true, - "eth-rpc-errors>fast-safe-stringify": true - } - }, "@metamask/queued-request-controller": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/queued-request-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/selected-network-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true @@ -1899,6 +1941,12 @@ "immer": true } }, + "@metamask/rpc-errors": { + "packages": { + "@metamask/utils": true, + "eth-rpc-errors>fast-safe-stringify": true + } + }, "@metamask/rpc-methods-flask>nanoid": { "globals": { "crypto.getRandomValues": true @@ -1953,7 +2001,7 @@ "packages": { "@metamask/controller-utils": true, "@metamask/logging-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/signature-controller>@metamask/base-controller": true, "@metamask/signature-controller>@metamask/message-manager": true, "@metamask/utils": true, @@ -2066,7 +2114,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/tx": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/util": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@metamask/base-controller": true, @@ -2273,7 +2321,7 @@ }, "@metamask/snaps-controllers>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2296,7 +2344,7 @@ "@metamask/snaps-rpc-methods": { "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils": true, @@ -2310,7 +2358,7 @@ "fetch": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk>fast-xml-parser": true, "@metamask/utils": true, "superstruct": true @@ -2351,7 +2399,7 @@ }, "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils>@metamask/slip44": true, @@ -2397,14 +2445,6 @@ "semver": true } }, - "@metamask/test-bundler>@ethersproject/abstract-provider": { - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/bignumber": true - } - }, "@metamask/test-bundler>@ethersproject/networks": { "packages": { "@ethersproject/abi>@ethersproject/logger": true @@ -2428,7 +2468,7 @@ "@metamask/gas-fee-controller": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller>@metamask/base-controller": true, "@metamask/transaction-controller>@metamask/controller-utils": true, "@metamask/transaction-controller>@metamask/nonce-tracker": true, @@ -2503,7 +2543,7 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/gas-fee-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller": true, "@metamask/user-operation-controller>@metamask/base-controller": true, "@metamask/utils": true, diff --git a/lavamoat/browserify/desktop/policy.json b/lavamoat/browserify/desktop/policy.json index 850cc2fafd29..646ed20944d7 100644 --- a/lavamoat/browserify/desktop/policy.json +++ b/lavamoat/browserify/desktop/policy.json @@ -227,12 +227,12 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/keccak256": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true + "@ethersproject/bignumber": true, + "@ethersproject/hash": true } }, "@ethersproject/abi>@ethersproject/address": { @@ -254,18 +254,6 @@ "@ethersproject/bignumber": true } }, - "@ethersproject/abi>@ethersproject/hash": { - "packages": { - "@ethersproject/abi>@ethersproject/address": true, - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/keccak256": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true, - "@ethersproject/providers>@ethersproject/base64": true - } - }, "@ethersproject/abi>@ethersproject/keccak256": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -307,9 +295,36 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true + "@ethersproject/wallet>@ethersproject/abstract-provider": true + } + }, + "@ethersproject/hash": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/bignumber": true, + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/hash>@ethersproject/abstract-signer": { + "packages": { + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true + } + }, + "@ethersproject/hash>@ethersproject/base64": { + "globals": { + "atob": true, + "btoa": true + }, + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true } }, "@ethersproject/hdnode": { @@ -327,12 +342,6 @@ "@ethersproject/hdnode>@ethersproject/wordlists": true } }, - "@ethersproject/hdnode>@ethersproject/abstract-signer": { - "packages": { - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true - } - }, "@ethersproject/hdnode>@ethersproject/basex": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -376,10 +385,10 @@ "@ethersproject/hdnode>@ethersproject/wordlists": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hash": true } }, "@ethersproject/providers": { @@ -396,39 +405,26 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/base64": true, "@ethersproject/hdnode>@ethersproject/basex": true, "@ethersproject/hdnode>@ethersproject/sha2": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@ethersproject/providers>@ethersproject/base64": true, - "@ethersproject/providers>@ethersproject/random": true, "@ethersproject/providers>@ethersproject/web": true, "@ethersproject/providers>bech32": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/random": true, "@metamask/test-bundler>@ethersproject/networks": true } }, - "@ethersproject/providers>@ethersproject/base64": { - "globals": { - "atob": true, - "btoa": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true - } - }, "@ethersproject/providers>@ethersproject/random": { "globals": { "crypto.getRandomValues": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true } }, "@ethersproject/providers>@ethersproject/rlp": { @@ -448,7 +444,59 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/providers>@ethersproject/base64": true + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/wallet": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/signing-key": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/json-wallets": true, + "@ethersproject/wallet>@ethersproject/random": true + } + }, + "@ethersproject/wallet>@ethersproject/abstract-provider": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/bignumber": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/pbkdf2": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": true, + "@ethersproject/wallet>@ethersproject/random": true, + "ethereumjs-util>ethereum-cryptography>scrypt-js": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": { + "globals": { + "define": true + } + }, + "@ethersproject/wallet>@ethersproject/random": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true } }, "@keystonehq/bc-ur-registry-eth": { @@ -800,7 +848,7 @@ "packages": { "@metamask/approval-controller>@metamask/base-controller": true, "@metamask/approval-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true + "@metamask/rpc-errors": true } }, "@metamask/approval-controller>@metamask/base-controller": { @@ -844,7 +892,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/name-controller>async-mutex": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, "lodash": true, @@ -1178,7 +1226,7 @@ }, "@metamask/eth-json-rpc-filters>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1193,7 +1241,7 @@ "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": true, "@metamask/eth-json-rpc-middleware>safe-stable-stringify": true, "@metamask/eth-sig-util": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "pify": true, "sass-loader>klona": true @@ -1201,7 +1249,7 @@ }, "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1841,7 +1889,7 @@ "@metamask/network-controller>@metamask/eth-json-rpc-infura": true, "@metamask/network-controller>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/swappable-obj-proxy": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "browserify>assert": true, @@ -1863,7 +1911,7 @@ "packages": { "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "node-fetch": true } @@ -1876,7 +1924,7 @@ }, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1947,7 +1995,7 @@ "@metamask/controller-utils": true, "@metamask/permission-controller>@metamask/base-controller": true, "@metamask/permission-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "deep-freeze-strict": true, @@ -2048,16 +2096,10 @@ "ethereumjs-util>ethereum-cryptography>hash.js": true } }, - "@metamask/providers>@metamask/rpc-errors": { - "packages": { - "@metamask/utils": true, - "eth-rpc-errors>fast-safe-stringify": true - } - }, "@metamask/queued-request-controller": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/queued-request-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/selected-network-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true @@ -2076,8 +2118,8 @@ "setTimeout": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/rate-limit-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/utils": true } }, @@ -2089,6 +2131,12 @@ "immer": true } }, + "@metamask/rpc-errors": { + "packages": { + "@metamask/utils": true, + "eth-rpc-errors>fast-safe-stringify": true + } + }, "@metamask/rpc-methods-flask>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2143,7 +2191,7 @@ "packages": { "@metamask/controller-utils": true, "@metamask/logging-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/signature-controller>@metamask/base-controller": true, "@metamask/signature-controller>@metamask/message-manager": true, "@metamask/utils": true, @@ -2256,7 +2304,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/tx": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/util": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@metamask/base-controller": true, @@ -2471,7 +2519,7 @@ "@metamask/object-multiplex": true, "@metamask/permission-controller": true, "@metamask/post-message-stream": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/base-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/snaps-controllers>@metamask/json-rpc-middleware-stream": true, @@ -2506,7 +2554,7 @@ }, "@metamask/snaps-controllers>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2579,7 +2627,7 @@ "@metamask/snaps-rpc-methods": { "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils": true, @@ -2593,7 +2641,7 @@ "fetch": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk>fast-xml-parser": true, "@metamask/utils": true, "superstruct": true @@ -2634,7 +2682,7 @@ }, "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils>@metamask/slip44": true, @@ -2688,14 +2736,6 @@ "semver": true } }, - "@metamask/test-bundler>@ethersproject/abstract-provider": { - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/bignumber": true - } - }, "@metamask/test-bundler>@ethersproject/networks": { "packages": { "@ethersproject/abi>@ethersproject/logger": true @@ -2719,7 +2759,7 @@ "@metamask/gas-fee-controller": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller>@metamask/base-controller": true, "@metamask/transaction-controller>@metamask/controller-utils": true, "@metamask/transaction-controller>@metamask/nonce-tracker": true, @@ -2794,7 +2834,7 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/gas-fee-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller": true, "@metamask/user-operation-controller>@metamask/base-controller": true, "@metamask/utils": true, diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index ebbcd63fc205..9ddf39f273f8 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -227,12 +227,12 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/keccak256": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true + "@ethersproject/bignumber": true, + "@ethersproject/hash": true } }, "@ethersproject/abi>@ethersproject/address": { @@ -254,18 +254,6 @@ "@ethersproject/bignumber": true } }, - "@ethersproject/abi>@ethersproject/hash": { - "packages": { - "@ethersproject/abi>@ethersproject/address": true, - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/keccak256": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true, - "@ethersproject/providers>@ethersproject/base64": true - } - }, "@ethersproject/abi>@ethersproject/keccak256": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -307,9 +295,36 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true + "@ethersproject/wallet>@ethersproject/abstract-provider": true + } + }, + "@ethersproject/hash": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/bignumber": true, + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/hash>@ethersproject/abstract-signer": { + "packages": { + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true + } + }, + "@ethersproject/hash>@ethersproject/base64": { + "globals": { + "atob": true, + "btoa": true + }, + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true } }, "@ethersproject/hdnode": { @@ -327,12 +342,6 @@ "@ethersproject/hdnode>@ethersproject/wordlists": true } }, - "@ethersproject/hdnode>@ethersproject/abstract-signer": { - "packages": { - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true - } - }, "@ethersproject/hdnode>@ethersproject/basex": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -376,10 +385,10 @@ "@ethersproject/hdnode>@ethersproject/wordlists": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hash": true } }, "@ethersproject/providers": { @@ -396,39 +405,26 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/base64": true, "@ethersproject/hdnode>@ethersproject/basex": true, "@ethersproject/hdnode>@ethersproject/sha2": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@ethersproject/providers>@ethersproject/base64": true, - "@ethersproject/providers>@ethersproject/random": true, "@ethersproject/providers>@ethersproject/web": true, "@ethersproject/providers>bech32": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/random": true, "@metamask/test-bundler>@ethersproject/networks": true } }, - "@ethersproject/providers>@ethersproject/base64": { - "globals": { - "atob": true, - "btoa": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true - } - }, "@ethersproject/providers>@ethersproject/random": { "globals": { "crypto.getRandomValues": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true } }, "@ethersproject/providers>@ethersproject/rlp": { @@ -448,7 +444,59 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/providers>@ethersproject/base64": true + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/wallet": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/signing-key": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/json-wallets": true, + "@ethersproject/wallet>@ethersproject/random": true + } + }, + "@ethersproject/wallet>@ethersproject/abstract-provider": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/bignumber": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/pbkdf2": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": true, + "@ethersproject/wallet>@ethersproject/random": true, + "ethereumjs-util>ethereum-cryptography>scrypt-js": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": { + "globals": { + "define": true + } + }, + "@ethersproject/wallet>@ethersproject/random": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true } }, "@keystonehq/bc-ur-registry-eth": { @@ -800,7 +848,7 @@ "packages": { "@metamask/approval-controller>@metamask/base-controller": true, "@metamask/approval-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true + "@metamask/rpc-errors": true } }, "@metamask/approval-controller>@metamask/base-controller": { @@ -844,7 +892,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/name-controller>async-mutex": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, "lodash": true, @@ -1178,7 +1226,7 @@ }, "@metamask/eth-json-rpc-filters>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1193,7 +1241,7 @@ "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": true, "@metamask/eth-json-rpc-middleware>safe-stable-stringify": true, "@metamask/eth-sig-util": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "pify": true, "sass-loader>klona": true @@ -1201,7 +1249,7 @@ }, "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1841,7 +1889,7 @@ "@metamask/network-controller>@metamask/eth-json-rpc-infura": true, "@metamask/network-controller>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/swappable-obj-proxy": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "browserify>assert": true, @@ -1863,7 +1911,7 @@ "packages": { "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "node-fetch": true } @@ -1876,7 +1924,7 @@ }, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1947,7 +1995,7 @@ "@metamask/controller-utils": true, "@metamask/permission-controller>@metamask/base-controller": true, "@metamask/permission-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "deep-freeze-strict": true, @@ -2100,16 +2148,10 @@ "ethereumjs-util>ethereum-cryptography>hash.js": true } }, - "@metamask/providers>@metamask/rpc-errors": { - "packages": { - "@metamask/utils": true, - "eth-rpc-errors>fast-safe-stringify": true - } - }, "@metamask/queued-request-controller": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/queued-request-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/selected-network-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true @@ -2128,8 +2170,8 @@ "setTimeout": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/rate-limit-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/utils": true } }, @@ -2141,6 +2183,12 @@ "immer": true } }, + "@metamask/rpc-errors": { + "packages": { + "@metamask/utils": true, + "eth-rpc-errors>fast-safe-stringify": true + } + }, "@metamask/rpc-methods-flask>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2195,7 +2243,7 @@ "packages": { "@metamask/controller-utils": true, "@metamask/logging-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/signature-controller>@metamask/base-controller": true, "@metamask/signature-controller>@metamask/message-manager": true, "@metamask/utils": true, @@ -2308,7 +2356,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/tx": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/util": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@metamask/base-controller": true, @@ -2523,7 +2571,7 @@ "@metamask/object-multiplex": true, "@metamask/permission-controller": true, "@metamask/post-message-stream": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/base-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/snaps-controllers>@metamask/json-rpc-middleware-stream": true, @@ -2558,7 +2606,7 @@ }, "@metamask/snaps-controllers>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2631,7 +2679,7 @@ "@metamask/snaps-rpc-methods": { "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils": true, @@ -2645,7 +2693,7 @@ "fetch": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk>fast-xml-parser": true, "@metamask/utils": true, "superstruct": true @@ -2686,7 +2734,7 @@ }, "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils>@metamask/slip44": true, @@ -2740,14 +2788,6 @@ "semver": true } }, - "@metamask/test-bundler>@ethersproject/abstract-provider": { - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/bignumber": true - } - }, "@metamask/test-bundler>@ethersproject/networks": { "packages": { "@ethersproject/abi>@ethersproject/logger": true @@ -2771,7 +2811,7 @@ "@metamask/gas-fee-controller": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller>@metamask/base-controller": true, "@metamask/transaction-controller>@metamask/controller-utils": true, "@metamask/transaction-controller>@metamask/nonce-tracker": true, @@ -2846,7 +2886,7 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/gas-fee-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller": true, "@metamask/user-operation-controller>@metamask/base-controller": true, "@metamask/utils": true, diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index 4f340c1a2d0d..b1fc546980c9 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -227,12 +227,12 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/keccak256": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true + "@ethersproject/bignumber": true, + "@ethersproject/hash": true } }, "@ethersproject/abi>@ethersproject/address": { @@ -254,18 +254,6 @@ "@ethersproject/bignumber": true } }, - "@ethersproject/abi>@ethersproject/hash": { - "packages": { - "@ethersproject/abi>@ethersproject/address": true, - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/keccak256": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true, - "@ethersproject/providers>@ethersproject/base64": true - } - }, "@ethersproject/abi>@ethersproject/keccak256": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -307,9 +295,36 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true + "@ethersproject/wallet>@ethersproject/abstract-provider": true + } + }, + "@ethersproject/hash": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/bignumber": true, + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/hash>@ethersproject/abstract-signer": { + "packages": { + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true + } + }, + "@ethersproject/hash>@ethersproject/base64": { + "globals": { + "atob": true, + "btoa": true + }, + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true } }, "@ethersproject/hdnode": { @@ -327,12 +342,6 @@ "@ethersproject/hdnode>@ethersproject/wordlists": true } }, - "@ethersproject/hdnode>@ethersproject/abstract-signer": { - "packages": { - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true - } - }, "@ethersproject/hdnode>@ethersproject/basex": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -376,10 +385,10 @@ "@ethersproject/hdnode>@ethersproject/wordlists": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hash": true } }, "@ethersproject/providers": { @@ -396,39 +405,26 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/base64": true, "@ethersproject/hdnode>@ethersproject/basex": true, "@ethersproject/hdnode>@ethersproject/sha2": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@ethersproject/providers>@ethersproject/base64": true, - "@ethersproject/providers>@ethersproject/random": true, "@ethersproject/providers>@ethersproject/web": true, "@ethersproject/providers>bech32": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/random": true, "@metamask/test-bundler>@ethersproject/networks": true } }, - "@ethersproject/providers>@ethersproject/base64": { - "globals": { - "atob": true, - "btoa": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true - } - }, "@ethersproject/providers>@ethersproject/random": { "globals": { "crypto.getRandomValues": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true } }, "@ethersproject/providers>@ethersproject/rlp": { @@ -448,7 +444,59 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/providers>@ethersproject/base64": true + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/wallet": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/signing-key": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/json-wallets": true, + "@ethersproject/wallet>@ethersproject/random": true + } + }, + "@ethersproject/wallet>@ethersproject/abstract-provider": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/bignumber": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/pbkdf2": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": true, + "@ethersproject/wallet>@ethersproject/random": true, + "ethereumjs-util>ethereum-cryptography>scrypt-js": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": { + "globals": { + "define": true + } + }, + "@ethersproject/wallet>@ethersproject/random": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true } }, "@keystonehq/bc-ur-registry-eth": { @@ -800,7 +848,7 @@ "packages": { "@metamask/approval-controller>@metamask/base-controller": true, "@metamask/approval-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true + "@metamask/rpc-errors": true } }, "@metamask/approval-controller>@metamask/base-controller": { @@ -844,7 +892,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/name-controller>async-mutex": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, "lodash": true, @@ -1033,7 +1081,7 @@ }, "@metamask/eth-json-rpc-filters>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1048,7 +1096,7 @@ "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": true, "@metamask/eth-json-rpc-middleware>safe-stable-stringify": true, "@metamask/eth-sig-util": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "pify": true, "sass-loader>klona": true @@ -1056,7 +1104,7 @@ }, "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1696,7 +1744,7 @@ "@metamask/network-controller>@metamask/eth-json-rpc-infura": true, "@metamask/network-controller>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/swappable-obj-proxy": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "browserify>assert": true, @@ -1718,7 +1766,7 @@ "packages": { "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "node-fetch": true } @@ -1731,7 +1779,7 @@ }, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1802,7 +1850,7 @@ "@metamask/controller-utils": true, "@metamask/permission-controller>@metamask/base-controller": true, "@metamask/permission-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "deep-freeze-strict": true, @@ -1955,16 +2003,10 @@ "ethereumjs-util>ethereum-cryptography>hash.js": true } }, - "@metamask/providers>@metamask/rpc-errors": { - "packages": { - "@metamask/utils": true, - "eth-rpc-errors>fast-safe-stringify": true - } - }, "@metamask/queued-request-controller": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/queued-request-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/selected-network-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true @@ -1983,8 +2025,8 @@ "setTimeout": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/rate-limit-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/utils": true } }, @@ -1996,6 +2038,12 @@ "immer": true } }, + "@metamask/rpc-errors": { + "packages": { + "@metamask/utils": true, + "eth-rpc-errors>fast-safe-stringify": true + } + }, "@metamask/rpc-methods-flask>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2050,7 +2098,7 @@ "packages": { "@metamask/controller-utils": true, "@metamask/logging-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/signature-controller>@metamask/base-controller": true, "@metamask/signature-controller>@metamask/message-manager": true, "@metamask/utils": true, @@ -2163,7 +2211,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/tx": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/util": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@metamask/base-controller": true, @@ -2378,7 +2426,7 @@ "@metamask/object-multiplex": true, "@metamask/permission-controller": true, "@metamask/post-message-stream": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/base-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/snaps-controllers>@metamask/json-rpc-middleware-stream": true, @@ -2413,7 +2461,7 @@ }, "@metamask/snaps-controllers>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2486,7 +2534,7 @@ "@metamask/snaps-rpc-methods": { "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils": true, @@ -2500,7 +2548,7 @@ "fetch": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk>fast-xml-parser": true, "@metamask/utils": true, "superstruct": true @@ -2541,7 +2589,7 @@ }, "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils>@metamask/slip44": true, @@ -2595,14 +2643,6 @@ "semver": true } }, - "@metamask/test-bundler>@ethersproject/abstract-provider": { - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/bignumber": true - } - }, "@metamask/test-bundler>@ethersproject/networks": { "packages": { "@ethersproject/abi>@ethersproject/logger": true @@ -2626,7 +2666,7 @@ "@metamask/gas-fee-controller": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller>@metamask/base-controller": true, "@metamask/transaction-controller>@metamask/controller-utils": true, "@metamask/transaction-controller>@metamask/nonce-tracker": true, @@ -2701,7 +2741,7 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/gas-fee-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller": true, "@metamask/user-operation-controller>@metamask/base-controller": true, "@metamask/utils": true, diff --git a/lavamoat/browserify/mmi/policy.json b/lavamoat/browserify/mmi/policy.json index 718b11a4d3ad..f14720affc39 100644 --- a/lavamoat/browserify/mmi/policy.json +++ b/lavamoat/browserify/mmi/policy.json @@ -227,12 +227,12 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/keccak256": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true + "@ethersproject/bignumber": true, + "@ethersproject/hash": true } }, "@ethersproject/abi>@ethersproject/address": { @@ -254,18 +254,6 @@ "@ethersproject/bignumber": true } }, - "@ethersproject/abi>@ethersproject/hash": { - "packages": { - "@ethersproject/abi>@ethersproject/address": true, - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/keccak256": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/bignumber": true, - "@ethersproject/providers>@ethersproject/base64": true - } - }, "@ethersproject/abi>@ethersproject/keccak256": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -307,9 +295,36 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true + "@ethersproject/wallet>@ethersproject/abstract-provider": true + } + }, + "@ethersproject/hash": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/bignumber": true, + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/hash>@ethersproject/abstract-signer": { + "packages": { + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true + } + }, + "@ethersproject/hash>@ethersproject/base64": { + "globals": { + "atob": true, + "btoa": true + }, + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true } }, "@ethersproject/hdnode": { @@ -327,12 +342,6 @@ "@ethersproject/hdnode>@ethersproject/wordlists": true } }, - "@ethersproject/hdnode>@ethersproject/abstract-signer": { - "packages": { - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true - } - }, "@ethersproject/hdnode>@ethersproject/basex": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, @@ -376,10 +385,10 @@ "@ethersproject/hdnode>@ethersproject/wordlists": { "packages": { "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/abi>@ethersproject/strings": true + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hash": true } }, "@ethersproject/providers": { @@ -396,39 +405,26 @@ "@ethersproject/abi>@ethersproject/address": true, "@ethersproject/abi>@ethersproject/bytes": true, "@ethersproject/abi>@ethersproject/constants": true, - "@ethersproject/abi>@ethersproject/hash": true, "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, "@ethersproject/bignumber": true, - "@ethersproject/hdnode>@ethersproject/abstract-signer": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hash>@ethersproject/base64": true, "@ethersproject/hdnode>@ethersproject/basex": true, "@ethersproject/hdnode>@ethersproject/sha2": true, "@ethersproject/hdnode>@ethersproject/transactions": true, - "@ethersproject/providers>@ethersproject/base64": true, - "@ethersproject/providers>@ethersproject/random": true, "@ethersproject/providers>@ethersproject/web": true, "@ethersproject/providers>bech32": true, - "@metamask/test-bundler>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/random": true, "@metamask/test-bundler>@ethersproject/networks": true } }, - "@ethersproject/providers>@ethersproject/base64": { - "globals": { - "atob": true, - "btoa": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true - } - }, "@ethersproject/providers>@ethersproject/random": { "globals": { "crypto.getRandomValues": true - }, - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true } }, "@ethersproject/providers>@ethersproject/rlp": { @@ -448,7 +444,59 @@ "@ethersproject/abi>@ethersproject/logger": true, "@ethersproject/abi>@ethersproject/properties": true, "@ethersproject/abi>@ethersproject/strings": true, - "@ethersproject/providers>@ethersproject/base64": true + "@ethersproject/hash>@ethersproject/base64": true + } + }, + "@ethersproject/wallet": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/hash": true, + "@ethersproject/hash>@ethersproject/abstract-signer": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/signing-key": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/abstract-provider": true, + "@ethersproject/wallet>@ethersproject/json-wallets": true, + "@ethersproject/wallet>@ethersproject/random": true + } + }, + "@ethersproject/wallet>@ethersproject/abstract-provider": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/bignumber": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets": { + "packages": { + "@ethersproject/abi>@ethersproject/address": true, + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/keccak256": true, + "@ethersproject/abi>@ethersproject/logger": true, + "@ethersproject/abi>@ethersproject/properties": true, + "@ethersproject/abi>@ethersproject/strings": true, + "@ethersproject/hdnode": true, + "@ethersproject/hdnode>@ethersproject/pbkdf2": true, + "@ethersproject/hdnode>@ethersproject/transactions": true, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": true, + "@ethersproject/wallet>@ethersproject/random": true, + "ethereumjs-util>ethereum-cryptography>scrypt-js": true + } + }, + "@ethersproject/wallet>@ethersproject/json-wallets>aes-js": { + "globals": { + "define": true + } + }, + "@ethersproject/wallet>@ethersproject/random": { + "packages": { + "@ethersproject/abi>@ethersproject/bytes": true, + "@ethersproject/abi>@ethersproject/logger": true } }, "@keystonehq/bc-ur-registry-eth": { @@ -1085,7 +1133,7 @@ "packages": { "@metamask/approval-controller>@metamask/base-controller": true, "@metamask/approval-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true + "@metamask/rpc-errors": true } }, "@metamask/approval-controller>@metamask/base-controller": { @@ -1129,7 +1177,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/name-controller>async-mutex": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, "lodash": true, @@ -1318,7 +1366,7 @@ }, "@metamask/eth-json-rpc-filters>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1333,7 +1381,7 @@ "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": true, "@metamask/eth-json-rpc-middleware>safe-stable-stringify": true, "@metamask/eth-sig-util": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "pify": true, "sass-loader>klona": true @@ -1341,7 +1389,7 @@ }, "@metamask/eth-json-rpc-middleware>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -1981,7 +2029,7 @@ "@metamask/network-controller>@metamask/eth-json-rpc-infura": true, "@metamask/network-controller>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/swappable-obj-proxy": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "browserify>assert": true, @@ -2003,7 +2051,7 @@ "packages": { "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/eth-json-rpc-provider": true, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/utils": true, "node-fetch": true } @@ -2016,7 +2064,7 @@ }, "@metamask/network-controller>@metamask/eth-json-rpc-infura>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2087,7 +2135,7 @@ "@metamask/controller-utils": true, "@metamask/permission-controller>@metamask/base-controller": true, "@metamask/permission-controller>nanoid": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true, "deep-freeze-strict": true, @@ -2240,16 +2288,10 @@ "ethereumjs-util>ethereum-cryptography>hash.js": true } }, - "@metamask/providers>@metamask/rpc-errors": { - "packages": { - "@metamask/utils": true, - "eth-rpc-errors>fast-safe-stringify": true - } - }, "@metamask/queued-request-controller": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/queued-request-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/selected-network-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/utils": true @@ -2268,8 +2310,8 @@ "setTimeout": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, "@metamask/rate-limit-controller>@metamask/base-controller": true, + "@metamask/rpc-errors": true, "@metamask/utils": true } }, @@ -2281,6 +2323,12 @@ "immer": true } }, + "@metamask/rpc-errors": { + "packages": { + "@metamask/utils": true, + "eth-rpc-errors>fast-safe-stringify": true + } + }, "@metamask/rpc-methods-flask>nanoid": { "globals": { "crypto.getRandomValues": true @@ -2335,7 +2383,7 @@ "packages": { "@metamask/controller-utils": true, "@metamask/logging-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/signature-controller>@metamask/base-controller": true, "@metamask/signature-controller>@metamask/message-manager": true, "@metamask/utils": true, @@ -2448,7 +2496,7 @@ "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/tx": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@ethereumjs/util": true, "@metamask/smart-transactions-controller>@metamask/transaction-controller>@metamask/base-controller": true, @@ -2663,7 +2711,7 @@ "@metamask/object-multiplex": true, "@metamask/permission-controller": true, "@metamask/post-message-stream": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-controllers>@metamask/base-controller": true, "@metamask/snaps-controllers>@metamask/json-rpc-engine": true, "@metamask/snaps-controllers>@metamask/json-rpc-middleware-stream": true, @@ -2698,7 +2746,7 @@ }, "@metamask/snaps-controllers>@metamask/json-rpc-engine": { "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/safe-event-emitter": true, "@metamask/utils": true } @@ -2771,7 +2819,7 @@ "@metamask/snaps-rpc-methods": { "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils": true, @@ -2785,7 +2833,7 @@ "fetch": true }, "packages": { - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk>fast-xml-parser": true, "@metamask/utils": true, "superstruct": true @@ -2826,7 +2874,7 @@ }, "packages": { "@metamask/permission-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/snaps-sdk": true, "@metamask/snaps-sdk>@metamask/key-tree": true, "@metamask/snaps-utils>@metamask/slip44": true, @@ -2880,14 +2928,6 @@ "semver": true } }, - "@metamask/test-bundler>@ethersproject/abstract-provider": { - "packages": { - "@ethersproject/abi>@ethersproject/bytes": true, - "@ethersproject/abi>@ethersproject/logger": true, - "@ethersproject/abi>@ethersproject/properties": true, - "@ethersproject/bignumber": true - } - }, "@metamask/test-bundler>@ethersproject/networks": { "packages": { "@ethersproject/abi>@ethersproject/logger": true @@ -2911,7 +2951,7 @@ "@metamask/gas-fee-controller": true, "@metamask/metamask-eth-abis": true, "@metamask/network-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller>@metamask/base-controller": true, "@metamask/transaction-controller>@metamask/controller-utils": true, "@metamask/transaction-controller>@metamask/nonce-tracker": true, @@ -2986,7 +3026,7 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/gas-fee-controller": true, - "@metamask/providers>@metamask/rpc-errors": true, + "@metamask/rpc-errors": true, "@metamask/transaction-controller": true, "@metamask/user-operation-controller>@metamask/base-controller": true, "@metamask/utils": true, diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index 7b2f9b881982..435644fae1ef 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -15,4 +15,4 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ export const TRUSTED_BRIDGE_SIGNER = '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c'; -export const SIG_LEN = 130 +export const SIG_LEN = 130; From 51017a196b46edd38461cf4017e9df2ac7f99161 Mon Sep 17 00:00:00 2001 From: Erik Marks <25517051+rekmarks@users.noreply.github.com> Date: Thu, 6 Jun 2024 23:16:31 -0700 Subject: [PATCH 07/20] chore: Fix lavamoat policies (#25135) Fixing some LavaMoat policy conflicts. --------- Co-authored-by: MetaMask Bot From d275d4efd8e8d74d6a940d65a2bcba6292dbc958 Mon Sep 17 00:00:00 2001 From: Erik Marks Date: Fri, 7 Jun 2024 09:54:40 -0700 Subject: [PATCH 08/20] fix: LavaMoat policies --- lavamoat/browserify/beta/policy.json | 1 - lavamoat/browserify/desktop/policy.json | 1 - lavamoat/browserify/flask/policy.json | 1 - lavamoat/browserify/main/policy.json | 1 - lavamoat/browserify/mmi/policy.json | 1 - 5 files changed, 5 deletions(-) diff --git a/lavamoat/browserify/beta/policy.json b/lavamoat/browserify/beta/policy.json index 79f61dc63f81..513fb3884a5b 100644 --- a/lavamoat/browserify/beta/policy.json +++ b/lavamoat/browserify/beta/policy.json @@ -910,7 +910,6 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, - "@metamask/name-controller>async-mutex": true, "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, diff --git a/lavamoat/browserify/desktop/policy.json b/lavamoat/browserify/desktop/policy.json index f2a1cd28a4a7..5f3d33fd7329 100644 --- a/lavamoat/browserify/desktop/policy.json +++ b/lavamoat/browserify/desktop/policy.json @@ -910,7 +910,6 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, - "@metamask/name-controller>async-mutex": true, "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, diff --git a/lavamoat/browserify/flask/policy.json b/lavamoat/browserify/flask/policy.json index 979021afdaf4..6584cd59649d 100644 --- a/lavamoat/browserify/flask/policy.json +++ b/lavamoat/browserify/flask/policy.json @@ -910,7 +910,6 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, - "@metamask/name-controller>async-mutex": true, "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, diff --git a/lavamoat/browserify/main/policy.json b/lavamoat/browserify/main/policy.json index 0a58745adfe6..9cca35615fb1 100644 --- a/lavamoat/browserify/main/policy.json +++ b/lavamoat/browserify/main/policy.json @@ -910,7 +910,6 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, - "@metamask/name-controller>async-mutex": true, "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, diff --git a/lavamoat/browserify/mmi/policy.json b/lavamoat/browserify/mmi/policy.json index c0a9d7992355..63c2846c6cfb 100644 --- a/lavamoat/browserify/mmi/policy.json +++ b/lavamoat/browserify/mmi/policy.json @@ -1195,7 +1195,6 @@ "@metamask/controller-utils": true, "@metamask/eth-query": true, "@metamask/metamask-eth-abis": true, - "@metamask/name-controller>async-mutex": true, "@metamask/rpc-errors": true, "@metamask/utils": true, "bn.js": true, From 6ebfd00f6ee63d5ac18c6edd4ee40e07a9203597 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Mon, 10 Jun 2024 15:05:29 -0700 Subject: [PATCH 09/20] chore: update key Signed-off-by: Ethan Wessel --- shared/constants/bridge.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index 435644fae1ef..4f5e7c779c03 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -13,6 +13,6 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ ]; export const TRUSTED_BRIDGE_SIGNER = - '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c'; + '0x533FbF047Ed13C20e263e2576e41c747206d1348'; export const SIG_LEN = 130; From 180794381ebd5a57e865827686fb0ac57ddb7de2 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 11:51:49 -0700 Subject: [PATCH 10/20] chore: PR update requests Signed-off-by: Ethan Wessel --- .../tx-verification-middleware.ts | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 9aade561e35f..89edf4691fc0 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -57,29 +57,18 @@ export function createTxVerificationMiddleware( // skip verification if bridge is not deployed on the specified chain. // skip verification to address is not the bridge contract + const bridgeContractAddress = + FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId]?.toLowerCase(); if ( - !Object.keys(FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge']).includes( - chainId, - ) || - params.to.toLowerCase() !== - FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId].toLowerCase() + !bridgeContractAddress || + params.to.toLowerCase() !== bridgeContractAddress ) { return next(); } - const paramsToVerify = { - to: hashMessage(params.to.toLowerCase()), - from: hashMessage(params.from.toLowerCase()), - data: hashMessage( - params.data.toLowerCase().slice(0, params.data.length - SIG_LEN), - ), - value: hashMessage(params.value.toLowerCase()), - }; - const hashedParams = hashMessage(JSON.stringify(paramsToVerify)); - // signature is 130 chars in length at the end const signature = `0x${params.data.slice(-SIG_LEN)}`; - const addressToVerify = verifyMessage(hashedParams, signature); + const addressToVerify = verifyMessage(hashedParams(params), signature); if (addressToVerify.toLowerCase() !== TRUSTED_BRIDGE_SIGNER.toLowerCase()) { return end( @@ -90,6 +79,18 @@ export function createTxVerificationMiddleware( }; } +function hashedParams(params: BridgeTxParams): string { + const paramsToVerify = { + to: hashMessage(params.to.toLowerCase()), + from: hashMessage(params.from.toLowerCase()), + data: hashMessage( + params.data.toLowerCase().slice(0, params.data.length - SIG_LEN), + ), + value: hashMessage(params.value.toLowerCase()), + }; + return hashMessage(JSON.stringify(paramsToVerify)); +} + /** * Checks if the params of a JSON-RPC request are valid `eth_sendTransaction` * params. From c765d307e786aaef7598a208b11b30c8d2cb30de Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 12:20:46 -0700 Subject: [PATCH 11/20] chore move constants into dedicated file --- .../lib/tx-verification/tx-verification-middleware.ts | 6 +++--- shared/constants/bridge.ts | 7 +------ shared/constants/verification.ts | 2 ++ 3 files changed, 6 insertions(+), 9 deletions(-) create mode 100644 shared/constants/verification.ts diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 89edf4691fc0..dda9445882d8 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -11,8 +11,8 @@ import { } from 'json-rpc-engine'; import { SIG_LEN, - TRUSTED_BRIDGE_SIGNER, -} from '../../../../shared/constants/bridge'; + TRUSTED_BRIDGE_SIGNERS, +} from '../../../../shared/constants/verification'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; export type BridgeTxParams = { @@ -70,7 +70,7 @@ export function createTxVerificationMiddleware( const signature = `0x${params.data.slice(-SIG_LEN)}`; const addressToVerify = verifyMessage(hashedParams(params), signature); - if (addressToVerify.toLowerCase() !== TRUSTED_BRIDGE_SIGNER.toLowerCase()) { + if (!TRUSTED_BRIDGE_SIGNERS.map((s) => s.toLowerCase()).includes(addressToVerify.toLowerCase())) { return end( rpcErrors.invalidParams('Invalid bridge transaction signature.'), ); diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index 4f5e7c779c03..479ff0a53bac 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -10,9 +10,4 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ CHAIN_IDS.ARBITRUM, CHAIN_IDS.LINEA_MAINNET, CHAIN_IDS.BASE, -]; - -export const TRUSTED_BRIDGE_SIGNER = - '0x533FbF047Ed13C20e263e2576e41c747206d1348'; - -export const SIG_LEN = 130; +]; \ No newline at end of file diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts new file mode 100644 index 000000000000..e17cf72f5a22 --- /dev/null +++ b/shared/constants/verification.ts @@ -0,0 +1,2 @@ +export const TRUSTED_BRIDGE_SIGNERS = ['0x533FbF047Ed13C20e263e2576e41c747206d1348']; +export const SIG_LEN = 130; From 00d9f6e62a36586305b3b1ff9f0b40a6b46afb07 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 12:22:36 -0700 Subject: [PATCH 12/20] remove 'bridge' --- .../lib/tx-verification/tx-verification-middleware.ts | 10 +++++----- shared/constants/verification.ts | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index dda9445882d8..ea13c9ef4225 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -11,11 +11,11 @@ import { } from 'json-rpc-engine'; import { SIG_LEN, - TRUSTED_BRIDGE_SIGNERS, + TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; -export type BridgeTxParams = { +export type TxParams = { chainId?: `0x${string}`; data: string; from: string; @@ -70,7 +70,7 @@ export function createTxVerificationMiddleware( const signature = `0x${params.data.slice(-SIG_LEN)}`; const addressToVerify = verifyMessage(hashedParams(params), signature); - if (!TRUSTED_BRIDGE_SIGNERS.map((s) => s.toLowerCase()).includes(addressToVerify.toLowerCase())) { + if (!TRUSTED_SIGNERS.map((s) => s.toLowerCase()).includes(addressToVerify.toLowerCase())) { return end( rpcErrors.invalidParams('Invalid bridge transaction signature.'), ); @@ -79,7 +79,7 @@ export function createTxVerificationMiddleware( }; } -function hashedParams(params: BridgeTxParams): string { +function hashedParams(params: TxParams): string { const paramsToVerify = { to: hashMessage(params.to.toLowerCase()), from: hashMessage(params.from.toLowerCase()), @@ -98,7 +98,7 @@ function hashedParams(params: BridgeTxParams): string { * @param params - The params to validate. * @returns Whether the params are valid. */ -function isValidParams(params: Json[]): params is [BridgeTxParams] { +function isValidParams(params: Json[]): params is [TxParams] { return ( isObject(params[0]) && typeof params[0].data === 'string' && diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts index e17cf72f5a22..56bd99404709 100644 --- a/shared/constants/verification.ts +++ b/shared/constants/verification.ts @@ -1,2 +1,2 @@ -export const TRUSTED_BRIDGE_SIGNERS = ['0x533FbF047Ed13C20e263e2576e41c747206d1348']; +export const TRUSTED_SIGNERS = ['0x533FbF047Ed13C20e263e2576e41c747206d1348']; export const SIG_LEN = 130; From 1a1805e60388f998cecc7511ab95ae799843d90b Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 13:32:23 -0700 Subject: [PATCH 13/20] update PR requests --- .../lib/tx-verification/tx-verification-middleware.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index ea13c9ef4225..3113acdc425c 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -14,6 +14,7 @@ import { TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; +import { Hex } from '@metamask/utils'; export type TxParams = { chainId?: `0x${string}`; @@ -50,9 +51,12 @@ export function createTxVerificationMiddleware( // the tx object is the first element const params = req.params[0]; + console.log(params) + console.log(params.chainId.toLowerCase() as Hex) + const chainId = typeof params.chainId === 'string' - ? (params.chainId.toLowerCase() as `0x${string}`) + ? params.chainId.toLowerCase() as Hex : networkController.state.providerConfig.chainId; // skip verification if bridge is not deployed on the specified chain. From a7c0f4e36574910b5f9a93468c23ea0d9e65b0ba Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 13:39:58 -0700 Subject: [PATCH 14/20] made variable names more unopinionated --- .../tx-verification/tx-verification-middleware.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 3113acdc425c..884927f931e3 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -59,13 +59,13 @@ export function createTxVerificationMiddleware( ? params.chainId.toLowerCase() as Hex : networkController.state.providerConfig.chainId; - // skip verification if bridge is not deployed on the specified chain. - // skip verification to address is not the bridge contract - const bridgeContractAddress = + // skip verification if trusted contract is not deployed on the specified chain. + // skip verification if 'to' address is not a trusted contract + const contractAddress = FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId]?.toLowerCase(); if ( - !bridgeContractAddress || - params.to.toLowerCase() !== bridgeContractAddress + !contractAddress || + params.to.toLowerCase() !== contractAddress ) { return next(); } @@ -76,7 +76,7 @@ export function createTxVerificationMiddleware( if (!TRUSTED_SIGNERS.map((s) => s.toLowerCase()).includes(addressToVerify.toLowerCase())) { return end( - rpcErrors.invalidParams('Invalid bridge transaction signature.'), + rpcErrors.invalidParams('Invalid transaction signature.'), ); } return next(); From edd7cf2446bb07f426d4453b6dad6f7778de0b52 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 15:38:38 -0700 Subject: [PATCH 15/20] refactor to further generalize --- .../tx-verification-middleware.test.ts | 84 +++++++++++++++++-- .../tx-verification-middleware.ts | 39 ++++----- shared/constants/first-party-contracts.ts | 23 +++-- shared/constants/verification.ts | 18 +++- 4 files changed, 128 insertions(+), 36 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts index d6eed921c618..339be1ce189c 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts @@ -1,14 +1,15 @@ import { NetworkController } from '@metamask/network-controller'; import { JsonRpcParams, jsonrpc2 } from '@metamask/utils'; -import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; +import { EXPERIENCES_TYPE, FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; import { - BridgeTxParams, - createTxVerificationMiddleware, + createTxVerificationMiddleware, TxParams, } from './tx-verification-middleware'; const getMockNetworkController = (chainId: `0x${string}` = '0x1') => ({ state: { providerConfig: { chainId } } } as unknown as NetworkController); +const mockTrustedSigners = { [EXPERIENCES_TYPE.METAMASK_BRIDGE]: '0xe672B534ccf9876a7554a1dD1685a2a5C2Cc8e8C'} + const jsonRpcTemplate = { jsonrpc: jsonrpc2, id: 1 }; const getMiddlewareParams = (method: string, params: JsonRpcParams = []) => { @@ -20,8 +21,8 @@ const getMiddlewareParams = (method: string, params: JsonRpcParams = []) => { }; const getBridgeTxParams = ( - txParams: Partial = {}, -): [BridgeTxParams] => { + txParams: Partial = {}, +): [TxParams] => { return [ { data: '0x1', @@ -37,6 +38,7 @@ describe('tx verification middleware', () => { it('ignores methods other than eth_sendTransaction', () => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams('foo'); middleware(req, res, next, end); @@ -72,6 +74,7 @@ describe('tx verification middleware', () => { (_: string, invalidParams: JsonRpcParams) => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams( @@ -91,6 +94,7 @@ describe('tx verification middleware', () => { (chainId: `0x${string}`) => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams( @@ -110,6 +114,7 @@ describe('tx verification middleware', () => { (chainId: `0x${string}`) => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams( @@ -123,9 +128,59 @@ describe('tx verification middleware', () => { }, ); + it('calls next() if reverse address mapping look up is undefined', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + mockTrustedSigners, + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ ...getFixtures().mapUndefined }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }); + + it('calls next() if chainId for `to` address does not match', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + mockTrustedSigners, + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ ...getFixtures().mapIncorrectChain }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }); + + it('calls next() if experience type for `to` address is not an experience to verify', () => { + const middleware = createTxVerificationMiddleware( + getMockNetworkController(), + mockTrustedSigners, + ); + + const { req, res, next, end } = getMiddlewareParams( + 'eth_sendTransaction', + getBridgeTxParams({ ...getFixtures().mapIncorrectExp }), + ); + middleware(req, res, next, end); + + expect(next).toHaveBeenCalledTimes(1); + expect(end).not.toHaveBeenCalled(); + }); + + it('passes through a valid bridge transaction', () => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams( @@ -141,6 +196,7 @@ describe('tx verification middleware', () => { it('rejects modified bridge transactions', () => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), + mockTrustedSigners, ); const { req, res, next, end } = getMiddlewareParams( @@ -161,6 +217,24 @@ describe('tx verification middleware', () => { */ function getFixtures() { return { + mapIncorrectExp: { + data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000f736f636b6574416461707465725632000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000003a23f943181408eac424116af7b7790c94cb97a50000000000000000000000003a23f943181408eac424116af7b7790c94cb97a5000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000e6b738da243e8fa2a0ed5915645789add5de515200000000000000000000000000000000000000000000000000000000000001280000019fd025dec0000000000000000000000000e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c000000000000000000000000b8901acb165ed027e32754e0ffe830802919727f000000000000000000000000710bda329b2a6224e4b44833de30f38e7f81d564000000000000000000000000000000000000000000000000000000000000a4b100000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000004614942c423e000000000000000000000000000000000000000000000000000000886c98b760000000000000000000000000000000000000000000000000000000019012a41ba800000000000000000000000000000000000000000000000000000000000000c40000000000000000000000000000000000000000000000005dedaf7e04c3f5c842c30ed9a4a19baceb915cdd3e865f0dad99ffca277743a20bac00e0f366e7265f1fcad502791ff49e9c5c98e1841a090df23ce5555051da1c', + from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', + to: '0xc7bE520a13dC023A1b34C03F4Abdab8A43653F7B', + value: '0x470de4df820000', + }, + mapIncorrectChain: { + data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000f736f636b6574416461707465725632000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000003a23f943181408eac424116af7b7790c94cb97a50000000000000000000000003a23f943181408eac424116af7b7790c94cb97a5000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000e6b738da243e8fa2a0ed5915645789add5de515200000000000000000000000000000000000000000000000000000000000001280000019fd025dec0000000000000000000000000e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c000000000000000000000000b8901acb165ed027e32754e0ffe830802919727f000000000000000000000000710bda329b2a6224e4b44833de30f38e7f81d564000000000000000000000000000000000000000000000000000000000000a4b100000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000004614942c423e000000000000000000000000000000000000000000000000000000886c98b760000000000000000000000000000000000000000000000000000000019012a41ba800000000000000000000000000000000000000000000000000000000000000c40000000000000000000000000000000000000000000000005dedaf7e04c3f5c842c30ed9a4a19baceb915cdd3e865f0dad99ffca277743a20bac00e0f366e7265f1fcad502791ff49e9c5c98e1841a090df23ce5555051da1c', + from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', + to: `0xaEc23140408534b378bf5832defc426dF8604B59`, + value: '0x470de4df820000', + }, + mapUndefined: { + data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000f736f636b6574416461707465725632000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000003a23f943181408eac424116af7b7790c94cb97a50000000000000000000000003a23f943181408eac424116af7b7790c94cb97a5000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000e6b738da243e8fa2a0ed5915645789add5de515200000000000000000000000000000000000000000000000000000000000001280000019fd025dec0000000000000000000000000e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c000000000000000000000000b8901acb165ed027e32754e0ffe830802919727f000000000000000000000000710bda329b2a6224e4b44833de30f38e7f81d564000000000000000000000000000000000000000000000000000000000000a4b100000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000004614942c423e000000000000000000000000000000000000000000000000000000886c98b760000000000000000000000000000000000000000000000000000000019012a41ba800000000000000000000000000000000000000000000000000000000000000c40000000000000000000000000000000000000000000000005dedaf7e04c3f5c842c30ed9a4a19baceb915cdd3e865f0dad99ffca277743a20bac00e0f366e7265f1fcad502791ff49e9c5c98e1841a090df23ce5555051da1c', + from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', + to: '0x0439e60F02a8900a951603950d8D4527f400C3f9', + value: '0x470de4df820000', + }, valid: { data: '0x3ce33bff0000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000470de4df82000000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000000f736f636b6574416461707465725632000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002800000000000000000000000003a23f943181408eac424116af7b7790c94cb97a50000000000000000000000003a23f943181408eac424116af7b7790c94cb97a5000000000000000000000000000000000000000000000000000000000000a4b10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000000000000000014000000000000000000000000000000000000000000000000000009f295cd5f000000000000000000000000000e6b738da243e8fa2a0ed5915645789add5de515200000000000000000000000000000000000000000000000000000000000001280000019fd025dec0000000000000000000000000e672b534ccf9876a7554a1dd1685a2a5c2cc8e8c000000000000000000000000b8901acb165ed027e32754e0ffe830802919727f000000000000000000000000710bda329b2a6224e4b44833de30f38e7f81d564000000000000000000000000000000000000000000000000000000000000a4b100000000000000000000000000000000000000000000000000466ebb82ac1000000000000000000000000000000000000000000000000000004614942c423e000000000000000000000000000000000000000000000000000000886c98b760000000000000000000000000000000000000000000000000000000019012a41ba800000000000000000000000000000000000000000000000000000000000000c40000000000000000000000000000000000000000000000005dedaf7e04c3f5c842c30ed9a4a19baceb915cdd3e865f0dad99ffca277743a20bac00e0f366e7265f1fcad502791ff49e9c5c98e1841a090df23ce5555051da1c', from: '0xe672b534ccf9876a7554a1dd1685a2a5c2cc8e8c', diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 884927f931e3..2139446ae4dc 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -10,10 +10,12 @@ import { JsonRpcEngineNextCallback, } from 'json-rpc-engine'; import { - SIG_LEN, + EXPERIENCES_TO_VERIFY, + addrToExpMap, + TX_SIG_LEN, TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; -import { FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; +import { EXPERIENCES_TYPE } from '../../../../shared/constants/first-party-contracts'; import { Hex } from '@metamask/utils'; export type TxParams = { @@ -33,6 +35,7 @@ export type TxParams = { */ export function createTxVerificationMiddleware( networkController: NetworkController, + trustedSigners = TRUSTED_SIGNERS, ) { return function txVerificationMiddleware( req: JsonRpcRequest, @@ -50,31 +53,23 @@ export function createTxVerificationMiddleware( // the tx object is the first element const params = req.params[0]; - - console.log(params) - console.log(params.chainId.toLowerCase() as Hex) - const chainId = typeof params.chainId === 'string' ? params.chainId.toLowerCase() as Hex : networkController.state.providerConfig.chainId; - // skip verification if trusted contract is not deployed on the specified chain. - // skip verification if 'to' address is not a trusted contract - const contractAddress = - FIRST_PARTY_CONTRACT_NAMES['MetaMask Bridge'][chainId]?.toLowerCase(); - if ( - !contractAddress || - params.to.toLowerCase() !== contractAddress - ) { - return next(); - } + const r = addrToExpMap[params.to.toLowerCase()] + // if undefined then no address matched + if(!r) return next() + const { experienceType, chainId:experienceChainId } = r + // skip if chainId is different + if (experienceChainId != chainId) return next() + // skip if experience is not one we want to verify against + if (!EXPERIENCES_TO_VERIFY.includes(experienceType as EXPERIENCES_TYPE)) return next() - // signature is 130 chars in length at the end - const signature = `0x${params.data.slice(-SIG_LEN)}`; + const signature = `0x${params.data.slice(-TX_SIG_LEN)}`; const addressToVerify = verifyMessage(hashedParams(params), signature); - - if (!TRUSTED_SIGNERS.map((s) => s.toLowerCase()).includes(addressToVerify.toLowerCase())) { + if (addressToVerify != trustedSigners[experienceType]) { return end( rpcErrors.invalidParams('Invalid transaction signature.'), ); @@ -88,7 +83,7 @@ function hashedParams(params: TxParams): string { to: hashMessage(params.to.toLowerCase()), from: hashMessage(params.from.toLowerCase()), data: hashMessage( - params.data.toLowerCase().slice(0, params.data.length - SIG_LEN), + params.data.toLowerCase().slice(0, params.data.length - TX_SIG_LEN), ), value: hashMessage(params.value.toLowerCase()), }; @@ -113,4 +108,4 @@ function isValidParams(params: Json[]): params is [TxParams] { (typeof params[0].chainId === 'string' && params[0].chainId.startsWith('0x'))) ); -} +} \ No newline at end of file diff --git a/shared/constants/first-party-contracts.ts b/shared/constants/first-party-contracts.ts index 07c3860a5168..44cce737cf5b 100644 --- a/shared/constants/first-party-contracts.ts +++ b/shared/constants/first-party-contracts.ts @@ -1,23 +1,32 @@ import { Hex } from '@metamask/utils'; import { CHAIN_IDS } from './network'; +export enum EXPERIENCES_TYPE { + METAMASK_VALIDATOR_STAKING = 'MetaMask Validator Staking', + METAMASK_POOLED_STAKING = 'MetaMask Pooled Staking', + METAMASK_THIRD_PARTY_STAKING = 'MetaMask Third Party Staking', + METAMASK_POOLED_STAKING_V1 = 'MetaMask Pool Staking (v1)', + METAMASK_BRIDGE = 'MetaMask Bridge', + METAMASK_SWAPS = 'MetaMask Swaps', +} + /** * A map of first-party contract names to their addresses on various chains. */ -export const FIRST_PARTY_CONTRACT_NAMES: Record> = { - 'MetaMask Validator Staking': { +export const FIRST_PARTY_CONTRACT_NAMES: Record> = { + [EXPERIENCES_TYPE.METAMASK_VALIDATOR_STAKING]: { [CHAIN_IDS.MAINNET]: '0xDc71aFFC862fceB6aD32BE58E098423A7727bEbd', }, - 'MetaMask Pooled Staking': { + [EXPERIENCES_TYPE.METAMASK_POOLED_STAKING]: { [CHAIN_IDS.MAINNET]: '0x4FEF9D741011476750A243aC70b9789a63dd47Df', }, - 'MetaMask Third Party Staking': { + [EXPERIENCES_TYPE.METAMASK_THIRD_PARTY_STAKING]: { [CHAIN_IDS.MAINNET]: '0x1f6692E78dDE07FF8da75769B6d7c716215bC7D0', }, - 'MetaMask Pool Staking (v1)': { + [EXPERIENCES_TYPE.METAMASK_POOLED_STAKING_V1]: { [CHAIN_IDS.MAINNET]: '0xc7bE520a13dC023A1b34C03F4Abdab8A43653F7B', }, - 'MetaMask Bridge': { + [EXPERIENCES_TYPE.METAMASK_BRIDGE]: { [CHAIN_IDS.MAINNET]: '0x0439e60F02a8900a951603950d8D4527f400C3f1', [CHAIN_IDS.OPTIMISM]: '0xB90357f2b86dbfD59c3502215d4060f71DF8ca0e', [CHAIN_IDS.BSC]: '0xaEc23140408534b378bf5832defc426dF8604B59', @@ -28,7 +37,7 @@ export const FIRST_PARTY_CONTRACT_NAMES: Record> = { [CHAIN_IDS.AVALANCHE]: '0x29106d08382d3c73bF477A94333C61Db1142E1B6', [CHAIN_IDS.LINEA_MAINNET]: '0xE3d0d2607182Af5B24f5C3C2E4990A053aDd64e3', }, - 'MetaMask Swaps': { + [EXPERIENCES_TYPE.METAMASK_SWAPS]: { [CHAIN_IDS.MAINNET]: '0x881D40237659C251811CEC9c364ef91dC08D300C', [CHAIN_IDS.BSC]: '0x1a1ec25DC08e98e5E93F1104B5e5cdD298707d31', [CHAIN_IDS.POLYGON]: '0x1a1ec25DC08e98e5E93F1104B5e5cdD298707d31', diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts index 56bd99404709..7ca573d942d9 100644 --- a/shared/constants/verification.ts +++ b/shared/constants/verification.ts @@ -1,2 +1,16 @@ -export const TRUSTED_SIGNERS = ['0x533FbF047Ed13C20e263e2576e41c747206d1348']; -export const SIG_LEN = 130; +import { EXPERIENCES_TYPE, FIRST_PARTY_CONTRACT_NAMES } from "./first-party-contracts"; +import { Hex } from '@metamask/utils'; + +export const TX_SIG_LEN = 130; +export const EXPERIENCES_TO_VERIFY = [EXPERIENCES_TYPE.METAMASK_BRIDGE] +export const TRUSTED_SIGNERS: Partial>= { + [EXPERIENCES_TYPE.METAMASK_BRIDGE]: '0x533FbF047Ed13C20e263e2576e41c747206d1348' +}; + +// look up the corresponding experience and the chain id within FIRST_PARTY_CONTRACT_NAMES +export const addrToExpMap = Object.entries(FIRST_PARTY_CONTRACT_NAMES).reduce((acc, [experienceType, chainMap]) => { + Object.entries(chainMap).forEach(([chainId, address]) => { + acc[address.toLowerCase()] = { experienceType, chainId }; + }); + return acc; +}, {} as Record); From a9095b55090e9b8f9a006cc0fa7193b876f4536e Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 15:45:04 -0700 Subject: [PATCH 16/20] chore: lint:fix --- .../tx-verification-middleware.test.ts | 18 +++++---- .../tx-verification-middleware.ts | 38 ++++++++++++------- shared/constants/bridge.ts | 2 +- shared/constants/first-party-contracts.ts | 5 ++- shared/constants/verification.ts | 27 ++++++++----- 5 files changed, 57 insertions(+), 33 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts index 339be1ce189c..7f2c2109a6a2 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts @@ -1,14 +1,21 @@ import { NetworkController } from '@metamask/network-controller'; import { JsonRpcParams, jsonrpc2 } from '@metamask/utils'; -import { EXPERIENCES_TYPE, FIRST_PARTY_CONTRACT_NAMES } from '../../../../shared/constants/first-party-contracts'; import { - createTxVerificationMiddleware, TxParams, + EXPERIENCES_TYPE, + FIRST_PARTY_CONTRACT_NAMES, +} from '../../../../shared/constants/first-party-contracts'; +import { + createTxVerificationMiddleware, + TxParams, } from './tx-verification-middleware'; const getMockNetworkController = (chainId: `0x${string}` = '0x1') => ({ state: { providerConfig: { chainId } } } as unknown as NetworkController); -const mockTrustedSigners = { [EXPERIENCES_TYPE.METAMASK_BRIDGE]: '0xe672B534ccf9876a7554a1dD1685a2a5C2Cc8e8C'} +const mockTrustedSigners = { + [EXPERIENCES_TYPE.METAMASK_BRIDGE]: + '0xe672B534ccf9876a7554a1dD1685a2a5C2Cc8e8C', +}; const jsonRpcTemplate = { jsonrpc: jsonrpc2, id: 1 }; @@ -20,9 +27,7 @@ const getMiddlewareParams = (method: string, params: JsonRpcParams = []) => { return { req, res, next, end }; }; -const getBridgeTxParams = ( - txParams: Partial = {}, -): [TxParams] => { +const getBridgeTxParams = (txParams: Partial = {}): [TxParams] => { return [ { data: '0x1', @@ -176,7 +181,6 @@ describe('tx verification middleware', () => { expect(end).not.toHaveBeenCalled(); }); - it('passes through a valid bridge transaction', () => { const middleware = createTxVerificationMiddleware( getMockNetworkController(), diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 2139446ae4dc..2d42572b5b8d 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -2,7 +2,13 @@ import { hashMessage } from '@ethersproject/hash'; import { verifyMessage } from '@ethersproject/wallet'; import type { NetworkController } from '@metamask/network-controller'; import { rpcErrors } from '@metamask/rpc-errors'; -import { Json, JsonRpcParams, hasProperty, isObject } from '@metamask/utils'; +import { + Json, + JsonRpcParams, + hasProperty, + isObject, + Hex, +} from '@metamask/utils'; import { JsonRpcRequest, JsonRpcResponse, @@ -16,7 +22,6 @@ import { TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; import { EXPERIENCES_TYPE } from '../../../../shared/constants/first-party-contracts'; -import { Hex } from '@metamask/utils'; export type TxParams = { chainId?: `0x${string}`; @@ -31,6 +36,7 @@ export type TxParams = { * Portfolio. * * @param networkController - The network controller instance. + * @param trustedSigners * @returns The middleware function. */ export function createTxVerificationMiddleware( @@ -44,7 +50,7 @@ export function createTxVerificationMiddleware( end: JsonRpcEngineEndCallback, ) { if ( - req.method !== 'eth_sendTransaction' || + req.method !=== 'eth_sendTransaction' || !Array.isArray(req.params) || !isValidParams(req.params) ) { @@ -55,24 +61,28 @@ export function createTxVerificationMiddleware( const params = req.params[0]; const chainId = typeof params.chainId === 'string' - ? params.chainId.toLowerCase() as Hex + ? (params.chainId.toLowerCase() as Hex) : networkController.state.providerConfig.chainId; - const r = addrToExpMap[params.to.toLowerCase()] + const r = addrToExpMap[params.to.toLowerCase()]; // if undefined then no address matched - if(!r) return next() - const { experienceType, chainId:experienceChainId } = r + if (!r) { + return next(); + } + const { experienceType, chainId: experienceChainId } = r; // skip if chainId is different - if (experienceChainId != chainId) return next() + if (experienceChainId !== chainId) { + return next(); + } // skip if experience is not one we want to verify against - if (!EXPERIENCES_TO_VERIFY.includes(experienceType as EXPERIENCES_TYPE)) return next() + if (!EXPERIENCES_TO_VERIFY.includes(experienceType as EXPERIENCES_TYPE)) { + return next(); + } const signature = `0x${params.data.slice(-TX_SIG_LEN)}`; const addressToVerify = verifyMessage(hashedParams(params), signature); - if (addressToVerify != trustedSigners[experienceType]) { - return end( - rpcErrors.invalidParams('Invalid transaction signature.'), - ); + if (addressToVerify !== trustedSigners[experienceType]) { + return end(rpcErrors.invalidParams('Invalid transaction signature.')); } return next(); }; @@ -108,4 +118,4 @@ function isValidParams(params: Json[]): params is [TxParams] { (typeof params[0].chainId === 'string' && params[0].chainId.startsWith('0x'))) ); -} \ No newline at end of file +} diff --git a/shared/constants/bridge.ts b/shared/constants/bridge.ts index 479ff0a53bac..e02c992bbbba 100644 --- a/shared/constants/bridge.ts +++ b/shared/constants/bridge.ts @@ -10,4 +10,4 @@ export const ALLOWED_BRIDGE_CHAIN_IDS = [ CHAIN_IDS.ARBITRUM, CHAIN_IDS.LINEA_MAINNET, CHAIN_IDS.BASE, -]; \ No newline at end of file +]; diff --git a/shared/constants/first-party-contracts.ts b/shared/constants/first-party-contracts.ts index 44cce737cf5b..100ef1ec6c7c 100644 --- a/shared/constants/first-party-contracts.ts +++ b/shared/constants/first-party-contracts.ts @@ -13,7 +13,10 @@ export enum EXPERIENCES_TYPE { /** * A map of first-party contract names to their addresses on various chains. */ -export const FIRST_PARTY_CONTRACT_NAMES: Record> = { +export const FIRST_PARTY_CONTRACT_NAMES: Record< + EXPERIENCES_TYPE, + Record +> = { [EXPERIENCES_TYPE.METAMASK_VALIDATOR_STAKING]: { [CHAIN_IDS.MAINNET]: '0xDc71aFFC862fceB6aD32BE58E098423A7727bEbd', }, diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts index 7ca573d942d9..451943be78f5 100644 --- a/shared/constants/verification.ts +++ b/shared/constants/verification.ts @@ -1,16 +1,23 @@ -import { EXPERIENCES_TYPE, FIRST_PARTY_CONTRACT_NAMES } from "./first-party-contracts"; import { Hex } from '@metamask/utils'; +import { + EXPERIENCES_TYPE, + FIRST_PARTY_CONTRACT_NAMES, +} from './first-party-contracts'; export const TX_SIG_LEN = 130; -export const EXPERIENCES_TO_VERIFY = [EXPERIENCES_TYPE.METAMASK_BRIDGE] -export const TRUSTED_SIGNERS: Partial>= { - [EXPERIENCES_TYPE.METAMASK_BRIDGE]: '0x533FbF047Ed13C20e263e2576e41c747206d1348' +export const EXPERIENCES_TO_VERIFY = [EXPERIENCES_TYPE.METAMASK_BRIDGE]; +export const TRUSTED_SIGNERS: Partial> = { + [EXPERIENCES_TYPE.METAMASK_BRIDGE]: + '0x533FbF047Ed13C20e263e2576e41c747206d1348', }; // look up the corresponding experience and the chain id within FIRST_PARTY_CONTRACT_NAMES -export const addrToExpMap = Object.entries(FIRST_PARTY_CONTRACT_NAMES).reduce((acc, [experienceType, chainMap]) => { - Object.entries(chainMap).forEach(([chainId, address]) => { - acc[address.toLowerCase()] = { experienceType, chainId }; - }); - return acc; -}, {} as Record); +export const addrToExpMap = Object.entries(FIRST_PARTY_CONTRACT_NAMES).reduce( + (acc, [experienceType, chainMap]) => { + Object.entries(chainMap).forEach(([chainId, address]) => { + acc[address.toLowerCase()] = { experienceType, chainId }; + }); + return acc; + }, + {} as Record, +); From 065df3d886a02b5f66c1fcd55989863ec3ecfdb6 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 15:45:48 -0700 Subject: [PATCH 17/20] fix typo --- app/scripts/lib/tx-verification/tx-verification-middleware.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 2d42572b5b8d..bdc41dc82320 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -50,7 +50,7 @@ export function createTxVerificationMiddleware( end: JsonRpcEngineEndCallback, ) { if ( - req.method !=== 'eth_sendTransaction' || + req.method !== 'eth_sendTransaction' || !Array.isArray(req.params) || !isValidParams(req.params) ) { From eb60a6093c442e28f35ffa0d836c9fd614f83963 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Tue, 11 Jun 2024 16:43:05 -0700 Subject: [PATCH 18/20] chore: added new methods to MESSAGE_TYPE Signed-off-by: Ethan Wessel --- app/scripts/lib/tx-verification/tx-verification-middleware.ts | 3 ++- shared/constants/app.ts | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index bdc41dc82320..d0b538402364 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -22,6 +22,7 @@ import { TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; import { EXPERIENCES_TYPE } from '../../../../shared/constants/first-party-contracts'; +import { MESSAGE_TYPE } from '../../../../shared/constants/app'; export type TxParams = { chainId?: `0x${string}`; @@ -50,7 +51,7 @@ export function createTxVerificationMiddleware( end: JsonRpcEngineEndCallback, ) { if ( - req.method !== 'eth_sendTransaction' || + req.method !== MESSAGE_TYPE.ETH_SEND_TRANSACTION || !Array.isArray(req.params) || !isValidParams(req.params) ) { diff --git a/shared/constants/app.ts b/shared/constants/app.ts index db176b8bbe93..9aeb58235c5c 100644 --- a/shared/constants/app.ts +++ b/shared/constants/app.ts @@ -34,6 +34,8 @@ export const MESSAGE_TYPE = { ETH_GET_ENCRYPTION_PUBLIC_KEY: 'eth_getEncryptionPublicKey', ETH_GET_BLOCK_BY_NUMBER: 'eth_getBlockByNumber', ETH_REQUEST_ACCOUNTS: 'eth_requestAccounts', + ETH_SEND_TRANSACTION: 'eth_sendTransaction', + ETH_SEND_RAW_TRANSACTION: 'eth_sendRawTransaction', ETH_SIGN: 'eth_sign', ETH_SIGN_TRANSACTION: 'eth_signTransaction', ETH_SIGN_TYPED_DATA: 'eth_signTypedData', From bc68e30a04d368b1d7c9c1ec5d0dbc9253e52201 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Wed, 12 Jun 2024 15:05:01 -0700 Subject: [PATCH 19/20] update linting --- .../tx-verification/tx-verification-middleware.test.ts | 4 ++-- .../lib/tx-verification/tx-verification-middleware.ts | 6 ++++-- shared/constants/verification.ts | 2 +- ui/hooks/useFirstPartyContractName.ts | 10 +++++++--- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts index 7f2c2109a6a2..110a2dc3040e 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.test.ts @@ -1,5 +1,5 @@ import { NetworkController } from '@metamask/network-controller'; -import { JsonRpcParams, jsonrpc2 } from '@metamask/utils'; +import { JsonRpcParams, jsonrpc2, Hex } from '@metamask/utils'; import { EXPERIENCES_TYPE, FIRST_PARTY_CONTRACT_NAMES, @@ -12,7 +12,7 @@ import { const getMockNetworkController = (chainId: `0x${string}` = '0x1') => ({ state: { providerConfig: { chainId } } } as unknown as NetworkController); -const mockTrustedSigners = { +const mockTrustedSigners: Partial> = { [EXPERIENCES_TYPE.METAMASK_BRIDGE]: '0xe672B534ccf9876a7554a1dD1685a2a5C2Cc8e8C', }; diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index d0b538402364..49d36d3bc82d 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -65,7 +65,7 @@ export function createTxVerificationMiddleware( ? (params.chainId.toLowerCase() as Hex) : networkController.state.providerConfig.chainId; - const r = addrToExpMap[params.to.toLowerCase()]; + const r = addrToExpMap[params.to.toLowerCase() as Hex]; // if undefined then no address matched if (!r) { return next(); @@ -82,7 +82,9 @@ export function createTxVerificationMiddleware( const signature = `0x${params.data.slice(-TX_SIG_LEN)}`; const addressToVerify = verifyMessage(hashedParams(params), signature); - if (addressToVerify !== trustedSigners[experienceType]) { + if ( + addressToVerify !== trustedSigners[experienceType as EXPERIENCES_TYPE] + ) { return end(rpcErrors.invalidParams('Invalid transaction signature.')); } return next(); diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts index 451943be78f5..3224fb79ad64 100644 --- a/shared/constants/verification.ts +++ b/shared/constants/verification.ts @@ -15,7 +15,7 @@ export const TRUSTED_SIGNERS: Partial> = { export const addrToExpMap = Object.entries(FIRST_PARTY_CONTRACT_NAMES).reduce( (acc, [experienceType, chainMap]) => { Object.entries(chainMap).forEach(([chainId, address]) => { - acc[address.toLowerCase()] = { experienceType, chainId }; + acc[address.toLowerCase() as Hex] = { experienceType, chainId }; }); return acc; }, diff --git a/ui/hooks/useFirstPartyContractName.ts b/ui/hooks/useFirstPartyContractName.ts index 005282886eb8..47468b472955 100644 --- a/ui/hooks/useFirstPartyContractName.ts +++ b/ui/hooks/useFirstPartyContractName.ts @@ -1,7 +1,10 @@ import { NameType } from '@metamask/name-controller'; import { useSelector } from 'react-redux'; import { getCurrentChainId } from '../selectors'; -import { FIRST_PARTY_CONTRACT_NAMES } from '../../shared/constants/first-party-contracts'; +import { + EXPERIENCES_TYPE, + FIRST_PARTY_CONTRACT_NAMES, +} from '../../shared/constants/first-party-contracts'; export type UseFirstPartyContractNameRequest = { value: string; @@ -25,8 +28,9 @@ export function useFirstPartyContractNames( return ( Object.keys(FIRST_PARTY_CONTRACT_NAMES).find( (name) => - FIRST_PARTY_CONTRACT_NAMES[name]?.[chainId]?.toLowerCase() === - normalizedValue, + FIRST_PARTY_CONTRACT_NAMES[name as EXPERIENCES_TYPE]?.[ + chainId + ]?.toLowerCase() === normalizedValue, ) ?? null ); }); From 2a8935f8c680e603405209649d5a906878fa2c85 Mon Sep 17 00:00:00 2001 From: Ethan Wessel Date: Wed, 12 Jun 2024 15:55:58 -0700 Subject: [PATCH 20/20] PR comments --- .../tx-verification-middleware.ts | 29 +++++++------------ shared/constants/verification.ts | 25 +++++++++------- 2 files changed, 25 insertions(+), 29 deletions(-) diff --git a/app/scripts/lib/tx-verification/tx-verification-middleware.ts b/app/scripts/lib/tx-verification/tx-verification-middleware.ts index 49d36d3bc82d..30782a98721b 100644 --- a/app/scripts/lib/tx-verification/tx-verification-middleware.ts +++ b/app/scripts/lib/tx-verification/tx-verification-middleware.ts @@ -17,11 +17,10 @@ import { } from 'json-rpc-engine'; import { EXPERIENCES_TO_VERIFY, - addrToExpMap, + getExperience, TX_SIG_LEN, TRUSTED_SIGNERS, } from '../../../../shared/constants/verification'; -import { EXPERIENCES_TYPE } from '../../../../shared/constants/first-party-contracts'; import { MESSAGE_TYPE } from '../../../../shared/constants/app'; export type TxParams = { @@ -65,33 +64,25 @@ export function createTxVerificationMiddleware( ? (params.chainId.toLowerCase() as Hex) : networkController.state.providerConfig.chainId; - const r = addrToExpMap[params.to.toLowerCase() as Hex]; - // if undefined then no address matched - if (!r) { - return next(); - } - const { experienceType, chainId: experienceChainId } = r; - // skip if chainId is different - if (experienceChainId !== chainId) { - return next(); - } - // skip if experience is not one we want to verify against - if (!EXPERIENCES_TO_VERIFY.includes(experienceType as EXPERIENCES_TYPE)) { + const experienceType = getExperience( + params.to.toLowerCase() as Hex, + chainId, + ); + // if undefined then no address matched - skip OR if experience is not one we want to verify against - skip + if (!experienceType || !EXPERIENCES_TO_VERIFY.includes(experienceType)) { return next(); } const signature = `0x${params.data.slice(-TX_SIG_LEN)}`; - const addressToVerify = verifyMessage(hashedParams(params), signature); - if ( - addressToVerify !== trustedSigners[experienceType as EXPERIENCES_TYPE] - ) { + const addressToVerify = verifyMessage(hashParams(params), signature); + if (addressToVerify !== trustedSigners[experienceType]) { return end(rpcErrors.invalidParams('Invalid transaction signature.')); } return next(); }; } -function hashedParams(params: TxParams): string { +function hashParams(params: TxParams): string { const paramsToVerify = { to: hashMessage(params.to.toLowerCase()), from: hashMessage(params.from.toLowerCase()), diff --git a/shared/constants/verification.ts b/shared/constants/verification.ts index 3224fb79ad64..ce6ddaed9ea9 100644 --- a/shared/constants/verification.ts +++ b/shared/constants/verification.ts @@ -11,13 +11,18 @@ export const TRUSTED_SIGNERS: Partial> = { '0x533FbF047Ed13C20e263e2576e41c747206d1348', }; -// look up the corresponding experience and the chain id within FIRST_PARTY_CONTRACT_NAMES -export const addrToExpMap = Object.entries(FIRST_PARTY_CONTRACT_NAMES).reduce( - (acc, [experienceType, chainMap]) => { - Object.entries(chainMap).forEach(([chainId, address]) => { - acc[address.toLowerCase() as Hex] = { experienceType, chainId }; - }); - return acc; - }, - {} as Record, -); +// look up the corresponding experience provided an address on a chain id +export const getExperience = ( + address: Hex, + chainId: Hex, +): EXPERIENCES_TYPE | undefined => + ( + Object.entries(FIRST_PARTY_CONTRACT_NAMES) as [ + EXPERIENCES_TYPE, + Record, + ][] + ).find( + ([, chainMap]) => + (chainMap[chainId]?.toLowerCase() as Hex) === + (address.toLowerCase() as Hex), + )?.[0];