-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: signTypedData_v4 fails when verifyingContract isn't a evm address #26980
Comments
Second to this! All cosmos chain using eip712 for metamask tx signing are not working because of this validation. Can someone from the team fix it? |
Hi @foker Thank you for bringing this to our attention. We will review the issue and get back to you. |
greetings @foker, Thanks for raising this issue! The working and broken examples look the same and work. That said, I think I see what you mean by the provided code you shared, and it appears to be a regression. We are investigating this further. Are you able to provide the address you used for the broken verifyingContract example as it might help with the investigation? |
@foker @randy75828 please do share a broken example once you have a chance. We're investigating how we can revert this regression for cosmos without reverting the changes for evm addresses. |
Can you please try like that
My address is 0xcB4dd4C1605117aBc9bBcf1834377d7988d8E03b |
@foker @randy75828 @mtsitrin Is there any documentation anywhere on why cosmos dapps use the |
https://github.com/evmos/ethermint/blob/main/ethereum/eip712/domain.go#L29 we integrate this library when we want to extend evm capability for cosmos chains. Even though this repo is read-only now, i believe most cosmos chains still uses this. As far as I know, there is no documentation as to why it is cosmos. I presume it is just to satisfy the interface and therefore the library provided a dummy string for verifyingContract |
I've created a PR that supposed to fix this issue (untested in prod) |
… verifyContract field validation for cosmos (#27065) Cherry-picks #27021 (4ee09fc) ## **Description** Adding patch on eth-json-rpc-middleware to disable verifyContract field validation for cosmos ## **Related issues** Fixes: #26980 ## **Manual testing steps** 1. Submit a types signature request with verifyingContract set to `cosmos` 2. Ensure that you are able to sign it ## **Screenshots/Recordings** <img width="360" alt="Screenshot 2024-09-10 at 4 08 00 PM" src="https://github.com/user-attachments/assets/a56bb8bd-abed-4fae-9c50-a3a25addd5b5"> ## **Pre-merge author checklist** - [X] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md). - [X] I've completed the PR template to the best of my ability - [X] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [X] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
@randy75828 @mtsitrin @foker We are preparing a release that should fix this issue. It applies a very similar solution to @mtsitrin's proposed PR Would one of you be able to download a release candidate build and test that it fixes your dapp? We would like to be certain that it fixes the problem. To do so:
Alternatively, if you are unable to do that, could one of you give us step by step instructions on how we can test this on a live dapp? |
Hi @danjm Thx for the quick response |
thank-you @mtsitrin! |
we tested on our side too, works like a charm |
Missing release label release-12.5.0 on issue. Adding release label release-12.5.0 on issue, as issue is linked to PR #27021 which has this release label. |
Describe the bug
We work with cosmos blockchain and some transactions in it need to be formed with signTypedData_v4
And now we can't for transaction if 'verifyingContract' field is not evm-like address (which is a common and valid situation for cosmos blockchain, with which Metamask works)
Problem with it appeared yesterday, after users got '12.1.3' update for metamask-extension
We checked the same behavior in
12.0.4
and it works correctlyI did a short investigation and it looks like it happened after updating version of
@metamask/eth-json-rpc-middleware
dependency to^14.0.1
.Which, in turn, has broken functionality with next validation:
`
/**
*/
function validateVerifyingContract(data: string) {
const { domain: { verifyingContract } = {} } = parseTypedMessage(data);
if (verifyingContract && !isValidHexAddress(verifyingContract)) {
throw rpcErrors.invalidInput();
}
}
`
Expected behavior
eth_signTypedData_v4 method doesn't throw if
verifyingContract
isn't a evm-valid addressScreenshots/Recordings
Steps to reproduce
Working example :
(I took it from here ) :
await window.ethereum.request({ "method": "eth_signTypedData_v4", "params": [ "0xcb4dd4c1605117abc9bbcf1834377d7988d8e03b", { types: { EIP712Domain: [ { name: "name", type: "string" }, { name: "version", type: "string" }, { name: "chainId", type: "uint256" }, { name: "verifyingContract", type: "address" } ], Person: [ { name: "name", type: "string" }, { name: "wallet", type: "address" } ], Mail: [ { name: "from", type: "Person" }, { name: "to", type: "Person" }, { name: "contents", type: "string" } ] }, primaryType: "Mail", domain: { name: "Ether Mail", version: "1", chainId: 1, verifyingContract: "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826" }, message: { from: { name: "Cow", wallet: "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826" }, to: { name: "Bob", wallet: "0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB" }, contents: "Hello, Bob!" } } ], });
broken example
I changed
verifyContract
tocosmos
:await window.ethereum.request({ "method": "eth_signTypedData_v4", "params": [ "0xcb4dd4c1605117abc9bbcf1834377d7988d8e03b", { types: { EIP712Domain: [ { name: "name", type: "string" }, { name: "version", type: "string" }, { name: "chainId", type: "uint256" }, { name: "verifyingContract", type: "address" } ], Person: [ { name: "name", type: "string" }, { name: "wallet", type: "address" } ], Mail: [ { name: "from", type: "Person" }, { name: "to", type: "Person" }, { name: "contents", type: "string" } ] }, primaryType: "Mail", domain: { name: "Ether Mail", version: "1", chainId: 1, verifyingContract: "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826" }, message: { from: { name: "Cow", wallet: "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826" }, to: { name: "Bob", wallet: "0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB" }, contents: "Hello, Bob!" } } ], });
Error messages or log output
Detection stage
In production (default)
Version
12.1.3
Build type
None
Browser
Chrome
Operating system
MacOS
Hardware wallet
No response
Additional context
No response
Severity
Critical
The text was updated successfully, but these errors were encountered: