From 68103ac7a5710aa8a0d151c0729e0392d6c63827 Mon Sep 17 00:00:00 2001 From: Jyoti Puri Date: Wed, 4 Sep 2024 23:04:19 +0530 Subject: [PATCH 1/2] Request validation should not throw if verifyingContract is not defined in typed signature (#328) (#330) --- src/wallet.test.ts | 73 ++++++++++++++++++++++++++++++++++++++++++++++ src/wallet.ts | 6 ++-- 2 files changed, 75 insertions(+), 4 deletions(-) diff --git a/src/wallet.test.ts b/src/wallet.test.ts index 9a8e783c..a58efb81 100644 --- a/src/wallet.test.ts +++ b/src/wallet.test.ts @@ -432,6 +432,50 @@ describe('wallet', () => { const promise = pify(engine.handle).call(engine, payload); await expect(promise).rejects.toThrow('Invalid input.'); }); + + it('should not throw if verifyingContract is undefined', async () => { + const { engine } = createTestSetup(); + const getAccounts = async () => testAddresses.slice(); + const witnessedMsgParams: TypedMessageParams[] = []; + const processTypedMessageV3 = async (msgParams: TypedMessageParams) => { + witnessedMsgParams.push(msgParams); + // Assume testMsgSig is the expected signature result + return testMsgSig; + }; + + engine.push( + createWalletMiddleware({ getAccounts, processTypedMessageV3 }), + ); + + const message = { + types: { + EIP712Domain: [ + { name: 'name', type: 'string' }, + { name: 'version', type: 'string' }, + { name: 'chainId', type: 'uint256' }, + { name: 'verifyingContract', type: 'address' }, + ], + }, + primaryType: 'EIP712Domain', + message: {}, + }; + + const stringifiedMessage = JSON.stringify(message); + + const payload = { + method: 'eth_signTypedData_v3', + params: [testAddresses[0], stringifiedMessage], // Assuming testAddresses[0] is a valid address from your setup + }; + + const promise = pify(engine.handle).call(engine, payload); + const result = await promise; + expect(result).toStrictEqual({ + id: undefined, + jsonrpc: undefined, + result: + '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', + }); + }); }); describe('signTypedDataV4', () => { @@ -524,6 +568,35 @@ describe('wallet', () => { const promise = pify(engine.handle).call(engine, payload); await expect(promise).rejects.toThrow('Invalid input.'); }); + + it('should not throw if request is permit with undefined value for verifyingContract address', async () => { + const { engine } = createTestSetup(); + const getAccounts = async () => testAddresses.slice(); + const witnessedMsgParams: TypedMessageParams[] = []; + const processTypedMessageV4 = async (msgParams: TypedMessageParams) => { + witnessedMsgParams.push(msgParams); + // Assume testMsgSig is the expected signature result + return testMsgSig; + }; + + engine.push( + createWalletMiddleware({ getAccounts, processTypedMessageV4 }), + ); + + const payload = { + method: 'eth_signTypedData_v4', + params: [testAddresses[0], JSON.stringify(getMsgParams())], + }; + + const promise = pify(engine.handle).call(engine, payload); + const result = await promise; + expect(result).toStrictEqual({ + id: undefined, + jsonrpc: undefined, + result: + '0x68dc980608bceb5f99f691e62c32caccaee05317309015e9454eba1a14c3cd4505d1dd098b8339801239c9bcaac3c4df95569dcf307108b92f68711379be14d81c', + }); + }); }); describe('sign', () => { diff --git a/src/wallet.ts b/src/wallet.ts index db8eee6c..45b4951d 100644 --- a/src/wallet.ts +++ b/src/wallet.ts @@ -499,10 +499,8 @@ WalletMiddlewareOptions): JsonRpcMiddleware { * @param data - The data passed in typedSign request. */ function validateVerifyingContract(data: string) { - const { - domain: { verifyingContract }, - } = parseTypedMessage(data); - if (!isValidHexAddress(verifyingContract)) { + const { domain: { verifyingContract } = {} } = parseTypedMessage(data); + if (verifyingContract && !isValidHexAddress(verifyingContract)) { throw rpcErrors.invalidInput(); } } From 7bce6e81a22b12e83e1944996d14832434356631 Mon Sep 17 00:00:00 2001 From: Jyoti Puri Date: Wed, 4 Sep 2024 23:25:30 +0530 Subject: [PATCH 2/2] 14.0.1 (#331) --- CHANGELOG.md | 7 ++++++- package.json | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e45bcd5..5f84f36f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [14.0.1] +### Fixed +- Request validation should not throw if verifyingContract is not defined in typed signature ([#328](https://github.com/MetaMask/eth-json-rpc-middleware/pull/328)) + ## [14.0.0] ### Changed - **BREAKING:** Adapt to EIP-1193 provider changes by replacing the deprecated `sendAsync` method with the `request` method ([#317](https://github.com/MetaMask/eth-json-rpc-middleware/pull/317)) @@ -196,7 +200,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `json-rpc-engine@5.3.0` ([#53](https://github.com/MetaMask/eth-json-rpc-middleware/pull/53)) - `eth-rpc-errors@3.0.0` ([#55](https://github.com/MetaMask/eth-json-rpc-middleware/pull/55)) -[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...HEAD +[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.1...HEAD +[14.0.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...v14.0.1 [14.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v13.0.0...v14.0.0 [13.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.2...v13.0.0 [12.1.2]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.1...v12.1.2 diff --git a/package.json b/package.json index dbe4e495..54125b6b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@metamask/eth-json-rpc-middleware", - "version": "14.0.0", + "version": "14.0.1", "description": "Ethereum-related json-rpc-engine middleware.", "repository": { "type": "git",