[Bug]: Certain PPOM signatures are not functioning as expected.

[sleepytanya]

Describe the bug

Malicious ERC 20 Approval (BUSD), Malicious Set Approval for All, and Malicious ERC20 Approval with Odd Hex Data are not being identified by PPOM.
Not sure if that's expected but the token name on BNB is displayed as anyUSDC and in RC 12.5.0 Malicious ERC 20 Approval (BUSD) is not flagged (account has enough USDC).

Expected behavior

Screenshots/Recordings

Steps to reproduce

1. Connect to test dapp
2. Click Malicious ERC 20 Approval (BUSD), Malicious Set Approval for All, or Malicious ERC20 Approval with Odd Hex Data

Error messages or log output

No response

Detection stage

In production (default)

Version

develop

Build type

None

Browser

Chrome

Operating system

MacOS

Hardware wallet

No response

Additional context

No response

Severity

No response

[sleepytanya]

Latest develop build

Malicious ERC 20 Transfer(USDC) is not flagged on - Ethereum, Linea, BNB
Malicious ERC 20 Approval (BUSD) is not flagged on - Ethereum, Linea
Malicious Set Approval for All is not flagged on - Ethereum, Linea, Avalanche
Malicious Permit is not flagged on - zkSync
Malicious Seaport is not flagged on - zkSync
Set ETH Malicious x10 Batch is not flagged on - zkSync
Set ETH Malicious x10 Queue is not flagged on - zkSync
Malicious Approval with Odd Hex Data is not flagged on - Linea
Malicious Permit with Padded ChainID is not flagged on - zkSync
Sign Permit is not flagged on - Linea, Avalanche, zkSync

ERC20 transfer on BNB (header):

[Unik0rnMaggie]

On the latest develop build, getting the same above results, except for Ethereum Mainnet and zkSync:

1. Ethereum Mainnet:

Console error Error validating JSON RPC using PPOM: Error: simulation: fallback: (code: -32000, message: , data: None) for all the below:

      Send EIP 1559 Transaction
      Send EIP 1559 without gas
      Malicious ERC20 transfer (USDC) 
      Malicious ERC20 Approval (BUSD)
      Malicious Set Approval for All 
      Malicious ERC 20 Approval with Odd Hex Data 

2. zkSync:

No console error and only the following are not flagged:

Malicious Permit 
Malicious Seaport
Malicious Permit with Padded ChainID 

Ethereum.Mainnet.Chrome.mov

zksyn.chrome.mov

[bschorchit]

The errors should recently have been fixed with this PR: #27939. As @Unik0rnMaggie reported they are not, we should investigate what might be causing failures on Ethereum cc: @jpuri .

It not behaving correctly on other networks is likely because the current address used on those request is not a valid token/nft on those networks.

[sleepytanya]

@Unik0rnMaggie
Latest develop.
Ethereum:

EIP 1559 and Legacy - same error in the console Error validating JSON RPC using PPOM: Error: simulation: fallback: (code: -32000, message: , data: None), yellow warning:

Not flagged:

 Malicious ERC20 transfer (USDC) 
 Malicious ERC20 Approval (BUSD)
 Malicious Set Approval for All 
 Malicious ERC 20 Approval with Odd Hex Data

[jpuri]

I checked with latest code in develop branch today and all malicious transactions except Malicious ERC20 Transfer (USDC) is working on mainnet. This one I think was not working even before.

[Unik0rnMaggie]

Hi Team,

As per chat with @jpuri it seems the errors might occur due to missing access on provider for my Infura Key.

With the production Infura key I do not experience any errors.

@bschorchit would it be possible to receive the access on my Infura key to verify if the error persists?

Thank you

[bschorchit]

Closing as this is not an issue with the production Infura key! We can re-open if we encounter this again.

@Unik0rnMaggie I'll follow up with you re: permissions for Infura key on slack