[RPCRequest] Replay protection

Example/DApp/Sign/SelectChain/SelectChainViewController.swift

@@ -38,32 +38,13 @@ class SelectChainViewController: UIViewController, UITableViewDataSource {
         let namespaces: [String: ProposalNamespace] = [
             "eip155": ProposalNamespace(
                 chains: [
-                    Blockchain("eip155:137")!
+                    Blockchain("eip155:1")!
                 ],
                 methods: [
                     "eth_sendTransaction",
                     "personal_sign",
                     "eth_signTypedData"
                 ], events: []
-            ),
-            "eip155:1": ProposalNamespace(
-                methods: [
-                    "eth_sendTransaction",
-                    "personal_sign",
-                    "eth_signTypedData"
-                ],
-                events: []
-            )
-        ]
-        let optionalNamespaces: [String: ProposalNamespace] = [
-            "solana": ProposalNamespace(
-                chains: [
-                    Blockchain("solana:4sGjMW1sUnHzSxGspuhpqLDx6wiyjNtZ")!
-                ],
-                methods: [
-                    "solana_signMessage",
-                    "solana_signTransaction"
-                ], events: []
             )
         ]
         let sessionProperties: [String: String] = [
@@ -73,7 +54,7 @@ class SelectChainViewController: UIViewController, UITableViewDataSource {
         Task {
             WalletConnectModal.set(sessionParams: .init(
                 requiredNamespaces: namespaces,
-                optionalNamespaces: optionalNamespaces,
+                optionalNamespaces: [:],
                 sessionProperties: sessionProperties
             ))
         }

Sources/Auth/Services/App/AppRequestService.swift

@@ -25,7 +25,7 @@ actor AppRequestService {
         let requester = AuthRequestParams.Requester(publicKey: pubKey.hexRepresentation, metadata: appMetadata)
         let payload = AuthPayload(requestParams: params, iat: iatProvader.iat)
         let params = AuthRequestParams(requester: requester, payloadParams: payload)
-        let request = RPCRequest(method: "wc_authRequest", params: params)
+        let request = RPCRequest(method: "wc_authRequest", params: params, topic: topic)
         try kms.setPublicKey(publicKey: pubKey, for: responseTopic)
         logger.debug("AppRequestService: Subscribibg for response topic: \(responseTopic)")
         try await networkingInteractor.request(request, topic: topic, protocolMethod: AuthRequestProtocolMethod())

Sources/Chat/ChatClient.swift

@@ -182,6 +182,7 @@ public class ChatClient {
     /// Ping its peer to evaluate if it's currently online
     /// - Parameter topic: chat thread topic
     public func ping(topic: String) {
+        // Pass 'topic' value to the RPCRequest when implemented
         fatalError("not implemented")
     }
 

Sources/Chat/ProtocolServices/Common/LeaveService.swift

@@ -2,6 +2,7 @@ import Foundation
 
 class LeaveService {
     func leave(topic: String) async throws {
+        // Pass 'topic' value to the RPCRequest when implemented
         fatalError("not implemented")
     }
 }

Sources/Chat/ProtocolServices/Common/MessagingService.swift

@@ -38,7 +38,7 @@ class MessagingService {
         )
 
         let protocolMethod = ChatMessageProtocolMethod()
-        let request = RPCRequest(method: protocolMethod.method, params: wrapper)
+        let request = RPCRequest(method: protocolMethod.method, params: wrapper, topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
 
         logger.debug("Message sent on topic: \(topic)")

Sources/Chat/ProtocolServices/Inviter/InviteService.swift

@@ -60,7 +60,7 @@ class InviteService {
         )
 
         let inviteId = RPCID()
-        let request = RPCRequest(method: protocolMethod.method, params: wrapper, rpcid: inviteId)
+        let request = RPCRequest(method: protocolMethod.method, params: wrapper, rpcid: inviteId, topic: inviteTopic)
 
         try await networkingInteractor.subscribe(topic: responseTopic)
         try await networkingInteractor.request(request, topic: inviteTopic, protocolMethod: protocolMethod, envelopeType: .type1(pubKey: selfPubKeyY.rawRepresentation))

Sources/JSONRPC/RPCRequest.swift

@@ -16,59 +16,62 @@ public struct RPCRequest: Equatable {
     public let params: AnyCodable?
 
     public let id: RPCID?
+
+    public let topic: String?
 
-    internal init(method: String, params: AnyCodable?, id: RPCID?) {
+    internal init(method: String, params: AnyCodable?, id: RPCID?, topic: String? = nil) {
         self.jsonrpc = "2.0"
         self.method = method
         self.params = params
         self.id = id
+        self.topic = topic
     }
 
-    internal init<C>(method: String, checkedParams params: C, id: RPCID) throws where C: Codable {
+    internal init<C>(method: String, checkedParams params: C, id: RPCID, topic: String?) throws where C: Codable {
         if params is Int || params is Double || params is String || params is Bool {
             throw Error.invalidPrimitiveParameter
         }
-        self.init(method: method, params: AnyCodable(params), id: id)
+        self.init(method: method, params: AnyCodable(params), id: id, topic: topic)
     }
 
-    public init<C>(method: String, checkedParams params: C, idGenerator: IdentifierGenerator = defaultIdentifierGenerator) throws where C: Codable {
-        try self.init(method: method, checkedParams: params, id: idGenerator.next())
+    public init<C>(method: String, checkedParams params: C, idGenerator: IdentifierGenerator = defaultIdentifierGenerator, topic: String?) throws where C: Codable {
+        try self.init(method: method, checkedParams: params, id: idGenerator.next(), topic: topic)
     }
 
-    public init<C>(method: String, checkedParams params: C, id: Int64) throws where C: Codable {
-        try self.init(method: method, checkedParams: params, id: .right(id))
+    public init<C>(method: String, checkedParams params: C, id: Int64, topic: String?) throws where C: Codable {
+        try self.init(method: method, checkedParams: params, id: .right(id), topic: topic)
     }
 
-    public init<C>(method: String, checkedParams params: C, id: String) throws where C: Codable {
-        try self.init(method: method, checkedParams: params, id: .left(id))
+    public init<C>(method: String, checkedParams params: C, id: String, topic: String?) throws where C: Codable {
+        try self.init(method: method, checkedParams: params, id: .left(id), topic: topic)
     }
 
-    public init<C>(method: String, params: C, idGenerator: IdentifierGenerator = defaultIdentifierGenerator) where C: Codable {
-        self.init(method: method, params: AnyCodable(params), id: idGenerator.next())
+    public init<C>(method: String, params: C, idGenerator: IdentifierGenerator = defaultIdentifierGenerator, topic: String?) where C: Codable {
+        self.init(method: method, params: AnyCodable(params), id: idGenerator.next(), topic: topic)
     }
 
-    public init<C>(method: String, params: C, id: Int64) where C: Codable {
-        self.init(method: method, params: AnyCodable(params), id: .right(id))
+    public init<C>(method: String, params: C, id: Int64, topic: String?) where C: Codable {
+        self.init(method: method, params: AnyCodable(params), id: .right(id), topic: topic)
     }
 
-    public init<C>(method: String, params: C, rpcid: RPCID) where C: Codable {
-        self.init(method: method, params: AnyCodable(params), id: rpcid)
+    public init<C>(method: String, params: C, rpcid: RPCID, topic: String?) where C: Codable {
+        self.init(method: method, params: AnyCodable(params), id: rpcid, topic: topic)
     }
 
-    public init<C>(method: String, params: C, id: String) where C: Codable {
-        self.init(method: method, params: AnyCodable(params), id: .left(id))
+    public init<C>(method: String, params: C, id: String, topic: String?) where C: Codable {
+        self.init(method: method, params: AnyCodable(params), id: .left(id), topic: topic)
     }
 
-    public init(method: String, idGenerator: IdentifierGenerator = defaultIdentifierGenerator) {
-        self.init(method: method, params: nil, id: idGenerator.next())
+    public init(method: String, idGenerator: IdentifierGenerator = defaultIdentifierGenerator, topic: String?) {
+        self.init(method: method, params: nil, id: idGenerator.next(), topic: topic)
     }
 
-    public init(method: String, id: Int64) {
-        self.init(method: method, params: nil, id: .right(id))
+    public init(method: String, id: Int64, topic: String?) {
+        self.init(method: method, params: nil, id: .right(id), topic: topic)
     }
 
-    public init(method: String, id: String) {
-        self.init(method: method, params: nil, id: .left(id))
+    public init(method: String, id: String, topic: String?) {
+        self.init(method: method, params: nil, id: .left(id), topic: topic)
     }
 }
 
@@ -101,6 +104,7 @@ extension RPCRequest: Codable {
         id = try container.decodeIfPresent(RPCID.self, forKey: .id)
         method = try container.decode(String.self, forKey: .method)
         params = try container.decodeIfPresent(AnyCodable.self, forKey: .params)
+        topic = try container.decodeIfPresent(String.self, forKey: .topic)
         if let decodedParams = params {
             if decodedParams.value is Int || decodedParams.value is Double || decodedParams.value is String || decodedParams.value is Bool {
                 throw DecodingError.dataCorruptedError(

Sources/WalletConnectNetworking/NetworkingInteractor.swift

@@ -193,7 +193,15 @@ public class NetworkingInteractor: NetworkInteracting {
 
     private func manageSubscription(_ topic: String, _ encodedEnvelope: String, _ publishedAt: Date) {
         if let (deserializedJsonRpcRequest, derivedTopic, decryptedPayload): (RPCRequest, String?, Data) = serializer.tryDeserialize(topic: topic, encodedEnvelope: encodedEnvelope) {
-            handleRequest(topic: topic, request: deserializedJsonRpcRequest, decryptedPayload: decryptedPayload, publishedAt: publishedAt, derivedTopic: derivedTopic)
+            if let rpcRequestTopic = deserializedJsonRpcRequest.topic {
+                if rpcRequestTopic == topic {
+                    handleRequest(topic: topic, request: deserializedJsonRpcRequest, decryptedPayload: decryptedPayload, publishedAt: publishedAt, derivedTopic: derivedTopic)
+                } else {
+                    logger.debug("Networking Interactor - Mismatched topic decoded from message")
+                }
+            } else {
+                handleRequest(topic: topic, request: deserializedJsonRpcRequest, decryptedPayload: decryptedPayload, publishedAt: publishedAt, derivedTopic: derivedTopic)
+            }
         } else if let (response, derivedTopic, _): (RPCResponse, String?, Data) = serializer.tryDeserialize(topic: topic, encodedEnvelope: encodedEnvelope) {
             handleResponse(topic: topic, response: response, publishedAt: publishedAt, derivedTopic: derivedTopic)
         } else {

Sources/WalletConnectNotify/Client/Wallet/ProtocolEngine/wc_notifyDelete/DeleteNotifySubscriptionRequester.swift

@@ -46,7 +46,7 @@ class DeleteNotifySubscriptionRequester {
             account: subscription.account
         )
 
-        let request = RPCRequest(method: protocolMethod.method, params: wrapper)
+        let request = RPCRequest(method: protocolMethod.method, params: wrapper, topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
 
         try notifyStorage.deleteSubscription(topic: topic)

Sources/WalletConnectNotify/Client/Wallet/ProtocolEngine/wc_notifyUpdate/NotifyUpdateRequester.swift

@@ -45,15 +45,16 @@ class NotifyUpdateRequester: NotifyUpdateRequesting {
         let request = try createJWTRequest(
             dappPubKey: DIDKey(rawData: dappAuthenticationKey),
             subscriptionAccount: subscription.account,
-            appDomain: subscription.metadata.url, scope: scope
+            appDomain: subscription.metadata.url, scope: scope,
+            topic: topic
         )
 
         let protocolMethod = NotifyUpdateProtocolMethod()
 
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
     }
 
-    private func createJWTRequest(dappPubKey: DIDKey, subscriptionAccount: Account, appDomain: String, scope: Set<String>) throws -> RPCRequest {
+    private func createJWTRequest(dappPubKey: DIDKey, subscriptionAccount: Account, appDomain: String, scope: Set<String>, topic: String) throws -> RPCRequest {
         let protocolMethod = NotifyUpdateProtocolMethod().method
         let scopeClaim = scope.joined(separator: " ")
         let app = DIDWeb(host: appDomain)
@@ -62,6 +63,6 @@ class NotifyUpdateRequester: NotifyUpdateRequesting {
             payload: jwtPayload,
             account: subscriptionAccount
         )
-        return RPCRequest(method: protocolMethod, params: wrapper)
+        return RPCRequest(method: protocolMethod, params: wrapper, topic: topic)
     }
 }

Sources/WalletConnectNotify/Client/Wallet/ProtocolEngine/wc_notifyWatchSubscriptions/NotifyWatchSubscriptionsRequester.swift

@@ -70,7 +70,7 @@ class NotifyWatchSubscriptionsRequester {
             subscriptionAccount: account)
 
 
-        let request = RPCRequest(method: protocolMethod.method, params: watchSubscriptionsAuthWrapper)
+        let request = RPCRequest(method: protocolMethod.method, params: watchSubscriptionsAuthWrapper, topic: responseTopic)
 
         logger.debug("Subscribing to response topic: \(responseTopic)")
 

Sources/WalletConnectNotify/Client/Wallet/ProtocolEngine/wc_pushSubscribe/NotifySubscribeRequester.swift

@@ -62,7 +62,7 @@ class NotifySubscribeRequester {
             subscriptionAccount: account,
             appDomain: appDomain
         )
-        let request = RPCRequest(method: protocolMethod.method, params: subscriptionAuthWrapper)
+        let request = RPCRequest(method: protocolMethod.method, params: subscriptionAuthWrapper, topic: responseTopic)
 
         logger.debug("Subscribing to response topic: \(responseTopic)")
 

Sources/WalletConnectPairing/Services/Common/DeletePairingService.swift

@@ -20,7 +20,7 @@ class DeletePairingService {
         let reason = PairingReasonCode.userDisconnected
         let protocolMethod = PairingProtocolMethod.delete
         logger.debug("Will delete pairing for reason: message: \(reason.message) code: \(reason.code)")
-        let request = RPCRequest(method: protocolMethod.method, params: reason)
+        let request = RPCRequest(method: protocolMethod.method, params: reason, topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
         pairingStorage.delete(topic: topic)
         kms.deleteSymmetricKey(for: topic)

Sources/WalletConnectPairing/Services/Common/Ping/PingRequester.swift

@@ -10,7 +10,7 @@ public class PingRequester {
     }
 
     public func ping(topic: String) async throws {
-        let request = RPCRequest(method: method.method, params: PairingPingParams())
+        let request = RPCRequest(method: method.method, params: PairingPingParams(), topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: method)
     }
 }

Sources/WalletConnectRelay/RPC/RelayRPC.swift

@@ -7,7 +7,7 @@ extension RelayRPC where Parameters: Codable {
     }
 
     func asRPCRequest() -> RPCRequest {
-        RPCRequest(method: self.method, params: self.params, idGenerator: self.idGenerator)
+        RPCRequest(method: self.method, params: self.params, idGenerator: self.idGenerator, topic: nil)
     }
 }
 

Sources/WalletConnectSign/Engine/Common/ApproveEngine.swift

@@ -169,7 +169,7 @@ final class ApproveEngine {
         sessionStore.setSession(session)
 
         let protocolMethod = SessionSettleProtocolMethod()
-        let request = RPCRequest(method: protocolMethod.method, params: settleParams)
+        let request = RPCRequest(method: protocolMethod.method, params: settleParams, topic: topic)
 
         async let subscription: () = networkingInteractor.subscribe(topic: topic)
         async let settleRequest: () = networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)

Sources/WalletConnectSign/Engine/Common/DeleteSessionService.swift

@@ -21,7 +21,7 @@ class DeleteSessionService {
         let protocolMethod = SessionDeleteProtocolMethod()
         let reason = SessionType.Reason(code: reasonCode.code, message: reasonCode.message)
         logger.debug("Will delete session for reason: message: \(reason.message) code: \(reason.code)")
-        let request = RPCRequest(method: protocolMethod.method, params: reason)
+        let request = RPCRequest(method: protocolMethod.method, params: reason, topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
         sessionStore.delete(topic: topic)
         logger.debug("Session disconnected")

Sources/WalletConnectSign/Engine/Common/SessionEngine.swift

@@ -67,7 +67,7 @@ final class SessionEngine {
         let chainRequest = SessionType.RequestParams.Request(method: request.method, params: request.params, expiry: request.expiry)
         let sessionRequestParams = SessionType.RequestParams(request: chainRequest, chainId: request.chainId)
         let protocolMethod = SessionRequestProtocolMethod(ttl: request.calculateTtl())
-        let rpcRequest = RPCRequest(method: protocolMethod.method, params: sessionRequestParams, rpcid: request.id)
+        let rpcRequest = RPCRequest(method: protocolMethod.method, params: sessionRequestParams, rpcid: request.id, topic: request.topic)
         try await networkingInteractor.request(rpcRequest, topic: request.topic, protocolMethod: SessionRequestProtocolMethod())
     }
 
@@ -106,7 +106,7 @@ final class SessionEngine {
         guard session.hasPermission(forEvent: event.name, onChain: chainId) else {
             throw WalletConnectError.invalidEvent
         }
-        let rpcRequest = RPCRequest(method: protocolMethod.method, params: SessionType.EventParams(event: event, chainId: chainId))
+        let rpcRequest = RPCRequest(method: protocolMethod.method, params: SessionType.EventParams(event: event, chainId: chainId), topic: topic)
         try await networkingInteractor.request(rpcRequest, topic: topic, protocolMethod: protocolMethod)
     }
 }

Sources/WalletConnectSign/Engine/Controller/ControllerSessionStateMachine.swift

@@ -31,7 +31,7 @@ final class ControllerSessionStateMachine {
         try Namespace.validate(namespaces)
         logger.debug("Controller will update methods")
         sessionStore.setSession(session)
-        let request = RPCRequest(method: protocolMethod.method, params: SessionType.UpdateParams(namespaces: namespaces))
+        let request = RPCRequest(method: protocolMethod.method, params: SessionType.UpdateParams(namespaces: namespaces), topic: topic)
         try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
     }
 
@@ -42,7 +42,7 @@ final class ControllerSessionStateMachine {
        try session.updateExpiry(by: ttl)
        let newExpiry = Int64(session.expiryDate.timeIntervalSince1970 )
        sessionStore.setSession(session)
-       let request = RPCRequest(method: protocolMethod.method, params: SessionType.UpdateExpiryParams(expiry: newExpiry))
+       let request = RPCRequest(method: protocolMethod.method, params: SessionType.UpdateExpiryParams(expiry: newExpiry), topic: topic)
        try await networkingInteractor.request(request, topic: topic, protocolMethod: protocolMethod)
    }
 

Sources/WalletConnectSign/Services/App/AppProposeService.swift

@@ -47,7 +47,7 @@ final class AppProposeService {
             sessionProperties: sessionProperties
         )
 
-        let request = RPCRequest(method: protocolMethod.method, params: proposal)
+        let request = RPCRequest(method: protocolMethod.method, params: proposal, topic: pairingTopic)
         try await networkingInteractor.request(request, topic: pairingTopic, protocolMethod: protocolMethod)
     }
 }

Sources/WalletConnectSigner/Ethereum/EIP1271/EIP1271Verifier.swift

@@ -16,7 +16,7 @@ actor EIP1271Verifier {
         let encoder = ValidSignatureMethod(signature: signature, messageHash: messageHash)
         let call = EthCall(to: address, data: encoder.encode())
         let params = AnyCodable([AnyCodable(call), AnyCodable("latest")])
-        let request = RPCRequest(method: "eth_call", params: params)
+        let request = RPCRequest(method: "eth_call", params: params, topic: nil)
         let data = try JSONEncoder().encode(request)
         let httpService = RPCService(data: data, projectId: projectId, chainId: chainId)
         let response = try await httpClient.request(RPCResponse.self, at: httpService)

Sources/WalletConnectSigner/Ethereum/ENS/ENSRegistryContract.swift

@@ -16,7 +16,7 @@ actor ENSRegistryContract {
         let encoder = ENSResolverMethod(namehash: namehash)
         let call = EthCall(to: address, data: encoder.encode())
         let params = AnyCodable([AnyCodable(call), AnyCodable("latest")])
-        let request = RPCRequest(method: "eth_call", params: params)
+        let request = RPCRequest(method: "eth_call", params: params, topic: nil)
         let data = try JSONEncoder().encode(request)
         let httpService = RPCService(data: data, projectId: projectId, chainId: chainId)
         let response = try await httpClient.request(RPCResponse.self, at: httpService)