diff --git a/test/unit/app/controllers/permissions/permissions-middleware-test.js b/test/unit/app/controllers/permissions/permissions-middleware-test.js
index 2cabda60baa2..d443c0b01b3f 100644
--- a/test/unit/app/controllers/permissions/permissions-middleware-test.js
+++ b/test/unit/app/controllers/permissions/permissions-middleware-test.js
@@ -536,7 +536,9 @@ describe('permissions middleware', function () {
 
       await permController.approvePermissionsRequest(approvedReq, ACCOUNT_ARRAYS.a)
 
-      // at this point, the permission should have been granted
+      // wait for permission to be granted
+      await pendingApproval
+
       const perms = permController.permissions.getPermissionsForDomain(ORIGINS.a)
 
       assert.equal(
@@ -551,8 +553,6 @@ describe('permissions middleware', function () {
         [CAVEATS.eth_accounts(ACCOUNT_ARRAYS.a)]
       )
 
-      await pendingApproval
-
       // we should also see the accounts on the response
       assert.ok(
         res.result && !res.error,