Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix signing method bugs #8833

Merged
merged 6 commits into from
Jun 23, 2020
Merged

Fix signing method bugs #8833

merged 6 commits into from
Jun 23, 2020

Conversation

rekmarks
Copy link
Member

@rekmarks rekmarks commented Jun 18, 2020
edited
Loading

This PR fixes a number of bugs related to our signing methods. Most of them are fixed by updating eth-json-rpc-middleware.

Summary of Changes

  • Add [email protected]
  • Add personal_ecRecover to permissions safe methods
  • Minor refactor of sign typed data validation
  • Remove now-redundant normalization of transaction from address

Changes in Detail

  • Add [email protected]
  • Add personal_ecRecover to permissions safe methods
    • The method will now work again
  • Minor refactor of sign typed data validation
    • It's now more DRY, and with better error messages
  • Remove now-redundant normalization of transaction from address
    • The from address is already normalized by the time it hits addUnapprovedTransaction, and the tx-state-manager does not lowercase addresses. Thus, it's useless.
    • The to address is still lowercased by addUnapprovedTransacation

@rekmarks rekmarks added the DO-NOT-MERGE Pull requests that should not be merged label Jun 18, 2020
@metamaskbot
Copy link
Collaborator

Builds ready [b09a391]
Page Load Metrics (589 ± 27 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint298139168
domContentLoaded3446245885828
load3476255895727
domInteractive3446235875828

@rekmarks rekmarks force-pushed the sign-typed-message-fix branch from b09a391 to 2c2a21e Compare June 23, 2020 04:49
rekmarks
rekmarks commented Jun 23, 2020
View reviewed changes
app/scripts/controllers/permissions/enums.js
@@ -75,6 +75,7 @@ export const SAFE_METHODS = [
'eth_sendTransaction',
'eth_sign',
'personal_sign',
'personal_ecRecover',
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'd forgotten to add it, so it wasn't working!

@rekmarks rekmarks changed the title Sign typed message fix Fix signing method bugs Jun 23, 2020
rekmarks
rekmarks commented Jun 23, 2020
View reviewed changes
test/unit/app/controllers/metamask-controller-test.js
Comment on lines +38 to +60
let loggerMiddlewareMock
const initializeMockMiddlewareLog = () => {
loggerMiddlewareMock = {
requests: [],
responses: [],
}
}
const tearDownMockMiddlewareLog = () => {
loggerMiddlewareMock = undefined
}

const createLoggerMiddlewareMock = () => (req, res, next) => {
if (loggerMiddlewareMock) {
loggerMiddlewareMock.requests.push(req)
next((cb) => {
loggerMiddlewareMock.responses.push(res)
cb()
})
} else {
next()
}
}

Copy link
Member Author

@rekmarks rekmarks Jun 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This mock was added to get around a new test failure.

We were relying on the lack of validation in eth-json-rpc-middleware to test middleware behavior by means of a bogus transaction. Bogus transactions are now rejected by the middleware, so that no longer works.

This mock allows us to arbitrarily inspect RPC requests sent during tests. I'm open to moving it elsewhere, but couldn't think of a better solution.

@rekmarks rekmarks marked this pull request as ready for review June 23, 2020 05:14
@rekmarks rekmarks requested a review from a team as a code owner June 23, 2020 05:14
@Gudahtt
Copy link
Member

Gudahtt commented Jun 23, 2020
edited
Loading

Nit: normalizeTxParams is still doing a redundant lower-case of the address. It should probably be updated to validate that the address is already lower-cased, instead of calling toLowerCase

@metamaskbot
Copy link
Collaborator

Builds ready [f80a3a6]
Page Load Metrics (839 ± 95 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint39139743115
domContentLoaded363148983719895
load364149083919895
domInteractive362148883619895

@metamaskbot
Copy link
Collaborator

Builds ready [4063984]
Page Load Metrics (691 ± 37 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint3310746209
domContentLoaded4268106897737
load4278126917837
domInteractive4258096897737

@Gudahtt
Copy link
Member

Gudahtt commented Jun 23, 2020

Nit: normalizeTxParams is still doing a redundant lower-case of the address. It should probably be updated to validate that the address is already lower-cased, instead of calling toLowerCase

Actually, after looking at this further, it would probably make more sense for this validation to be in validateTxParams. It's only called in one place - immediately after the parameters are normalized. That would still ensure it blew up.

@metamaskbot
Copy link
Collaborator

Builds ready [00d7807]
Page Load Metrics (1201 ± 86 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaintNaNNaNNaNNaNNaN
domContentLoaded6121577119817986
load6151578120117986
domInteractive6121576119717986

@rekmarks rekmarks force-pushed the sign-typed-message-fix branch from 00d7807 to 3635190 Compare June 23, 2020 15:43
@rekmarks rekmarks force-pushed the sign-typed-message-fix branch from 3635190 to a194919 Compare June 23, 2020 15:43
Gudahtt
Gudahtt approved these changes Jun 23, 2020
View reviewed changes
Copy link
Member

@Gudahtt Gudahtt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@rekmarks rekmarks removed the DO-NOT-MERGE Pull requests that should not be merged label Jun 23, 2020
@metamaskbot
Copy link
Collaborator

Builds ready [a194919]
Page Load Metrics (671 ± 42 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint308642157
domContentLoaded3748456708742
load3768476718742
domInteractive3748446708742

@rekmarks rekmarks merged commit 04de9a9 into develop Jun 23, 2020
@rekmarks rekmarks deleted the sign-typed-message-fix branch June 23, 2020 16:12
Gudahtt added a commit that referenced this pull request Jun 23, 2020
@Gudahtt
Merge remote-tracking branch 'origin/develop' into Version-v8.0.0
cee773e 
* origin/develop:
  Fix signing method bugs (#8833)
  replace icons with Checkbox component (#8830)
  Use [email protected] (#8845)
  Use [email protected] (#8844)
  Call getMethodDataAsync when knownMethodData[fourBytePrefix] object is empty (#8836)
  Update connected status popover content (#8834)
  Use @metamask/[email protected] (#8832)
  ParseInt nextworkNextNonce correction (#8827)
  Fix first time onboarding popup position (#8829)
  fix overflowing contract names and origins (#8823)
  Hide 'Expand view' button in fullscreen (#8826)
@Gudahtt Gudahtt mentioned this pull request Jun 25, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gudahtt Gudahtt Gudahtt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rekmarks @metamaskbot @Gudahtt