Merge pull request #4414 from scsaba/recipient-blacklist

Disallow sending to ganache default accounts on main net
feature/default_network_editable
kumavis 7 years ago committed by GitHub
commit d30f03dcbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 6
      app/scripts/controllers/transactions/index.js
  2. 24
      app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js
  3. 14
      app/scripts/controllers/transactions/lib/recipient-blacklist-config.json
  4. 77
      test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js
  5. 17
      test/unit/app/controllers/transactions/tx-controller-test.js

@ -10,6 +10,7 @@ const NonceTracker = require('./nonce-tracker')
const txUtils = require('./lib/util')
const cleanErrorStack = require('../../lib/cleanErrorStack')
const log = require('loglevel')
const recipientBlacklistChecker = require('./lib/recipient-blacklist-checker')
/**
Transaction Controller is an aggregate of sub-controllers and trackers
@ -157,8 +158,11 @@ class TransactionController extends EventEmitter {
let txMeta = this.txStateManager.generateTxMeta({ txParams: normalizedTxParams })
this.addTx(txMeta)
this.emit('newUnapprovedTx', txMeta)
// add default tx params
try {
// check whether recipient account is blacklisted
recipientBlacklistChecker.checkAccount(txMeta.metamaskNetworkId, normalizedTxParams.to)
// add default tx params
txMeta = await this.addTxGasDefaults(txMeta)
} catch (error) {
console.log(error)

@ -0,0 +1,24 @@
const Config = require('./recipient-blacklist-config.json')
/** @module*/
module.exports = {
checkAccount,
}
/**
* Checks if a specified account on a specified network is blacklisted.
@param networkId {number}
@param account {string}
*/
function checkAccount (networkId, account) {
const mainnetId = 1
if (networkId !== mainnetId) {
return
}
const accountToCheck = account.toLowerCase()
if (Config.blacklist.includes(accountToCheck)) {
throw new Error('Recipient is a public account')
}
}

@ -0,0 +1,14 @@
{
"blacklist": [
"0x627306090abab3a6e1400e9345bc60c78a8bef57",
"0xf17f52151ebef6c7334fad080c5704d77216b732",
"0xc5fdf4076b8f3a5357c5e395ab970b5b54098fef",
"0x821aea9a577a9b44299b9c15c88cf3087f3b5544",
"0x0d1d4e623d10f9fba5db95830f7d3839406c6af2",
"0x2932b7a2355d6fecc4b5c0b6bd44cc31df247a2e",
"0x2191ef87e392377ec08e7c08eb105ef5448eced5",
"0x0f4f2ac550a1b4e2280d04c21cea7ebd822934b5",
"0x6330a553fc93768f612722bb8c2ec78ac90b3bbc",
"0x5aeda56215b167893e80b4fe645ba6d5bab767de"
]
}

@ -0,0 +1,77 @@
const assert = require('assert')
const recipientBlackListChecker = require('../../../../../app/scripts/controllers/transactions/lib/recipient-blacklist-checker')
const {
ROPSTEN_CODE,
RINKEYBY_CODE,
KOVAN_CODE,
} = require('../../../../../app/scripts/controllers/network/enums')
const KeyringController = require('eth-keyring-controller')
describe('Recipient Blacklist Checker', function () {
let publicAccounts
before(async function () {
const damnedMnemonic = 'candy maple cake sugar pudding cream honey rich smooth crumble sweet treat'
const keyringController = new KeyringController({})
const Keyring = keyringController.getKeyringClassForType('HD Key Tree')
const opts = {
mnemonic: damnedMnemonic,
numberOfAccounts: 10,
}
const keyring = new Keyring(opts)
publicAccounts = await keyring.getAccounts()
})
describe('#checkAccount', function () {
it('does not fail on test networks', function () {
let callCount = 0
const networks = [ROPSTEN_CODE, RINKEYBY_CODE, KOVAN_CODE]
for (let networkId in networks) {
publicAccounts.forEach((account) => {
recipientBlackListChecker.checkAccount(networkId, account)
callCount++
})
}
assert.equal(callCount, 30)
})
it('fails on mainnet', function () {
const mainnetId = 1
let callCount = 0
publicAccounts.forEach((account) => {
try {
recipientBlackListChecker.checkAccount(mainnetId, account)
assert.fail('function should have thrown an error')
} catch (err) {
assert.equal(err.message, 'Recipient is a public account')
}
callCount++
})
assert.equal(callCount, 10)
})
it('fails for public account - uppercase', function () {
const mainnetId = 1
const publicAccount = '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'
try {
recipientBlackListChecker.checkAccount(mainnetId, publicAccount)
assert.fail('function should have thrown an error')
} catch (err) {
assert.equal(err.message, 'Recipient is a public account')
}
})
it('fails for public account - lowercase', async function () {
const mainnetId = 1
const publicAccount = '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'
try {
await recipientBlackListChecker.checkAccount(mainnetId, publicAccount)
assert.fail('function should have thrown an error')
} catch (err) {
assert.equal(err.message, 'Recipient is a public account')
}
})
})
})

@ -185,6 +185,23 @@ describe('Transaction Controller', function () {
.catch(done)
})
it('should fail if recipient is public', function (done) {
txController.networkStore = new ObservableStore(1)
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
.catch((err) => {
if (err.message === 'Recipient is a public account') done()
else done(err)
})
})
it('should not fail if recipient is public but not on mainnet', function (done) {
txController.once('newUnapprovedTx', (txMetaFromEmit) => {
assert(txMetaFromEmit, 'txMeta is falsey')
done()
})
txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
.catch(done)
})
})
describe('#addTxGasDefaults', function () {

Loading…
Cancel
Save