fix: Prevent invalid gas limit #5093
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@metamaskbot publish-preview |
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
pedronfigueiredo
force-pushed
the
pnf/3826
branch
from
2983d87 to
a1d8cd6
Compare
pedronfigueiredo
force-pushed
the
pnf/3826
branch
from
a1d8cd6 to
00a13df
Compare
OGPoyraz
reviewed
Dec 20, 2024
Comment on lines
+373
to
+375
| // TODO: Replace `any` with type | ||
| // eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
| } as any), |
There was a problem hiding this comment.
I know these anys all over this file but does it make sense to remove all these todo's and mark them as TransactionParams
Suggested change
| // TODO: Replace `any` with type | |
| // eslint-disable-next-line @typescript-eslint/no-explicit-any | |
| } as any), | |
| } as unknown as TransactionParams), |
OGPoyraz
previously approved these changes
Dec 20, 2024
matthewwalsh0
previously approved these changes
Dec 20, 2024
| @@ -281,6 +286,14 @@ function validateGasFeeParams(txParams: TransactionParams) { | |||
| ); | |||
| ensureFieldIsValidHex(txParams, 'maxPriorityFeePerGas'); | |||
| } | |||
|
|
|||
| if (txParams.gasLimit) { | |||
There was a problem hiding this comment.
Probably a future ticket, but we should make sure we also normalize these together to a single property so we can rely on a single value in the rest of the logic.
There was a problem hiding this comment.
It would be a huge relief, these optional picks are all over the client code
There was a problem hiding this comment.
We could even make that a caller problem and only define gas for example in TransactionParams.
There was a problem hiding this comment.
This is a great idea and I agree with normalizing these. Shouldn't we leave gasLimit in the transaction params since the incoming payload from the dApps still might include it?
There was a problem hiding this comment.
I meant "caller" as in the client rather than the dApp. So the client middleware could merge the properties and give us just one.
| @@ -281,6 +286,14 @@ function validateGasFeeParams(txParams: TransactionParams) { | |||
| ); | |||
| ensureFieldIsValidHex(txParams, 'maxPriorityFeePerGas'); | |||
| } | |||
|
|
|||
| if (txParams.gasLimit) { | |||
| ensureFieldIsValidHex(txParams, 'gasLimit'); | |||
There was a problem hiding this comment.
Is there implications of this for existing dApps, do any rely on being able to provide decimals directly? I recall discussing this in the past.
There was a problem hiding this comment.
Maybe there are some but shouldn't we take this current API as base?
https://docs.metamask.io/wallet/reference/json-rpc-methods/eth_sendtransaction/
There was a problem hiding this comment.
Yes, this is a good question, I don't want to break dApps with this update...
There was a problem hiding this comment.
Well, if I pass gas limit as a decimal number it isn't currently picked up by the UI. A different gas limit is shown. So I think it's safe to validate this as an hexadecimal.
| @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
|
|
|||
| ## [Unreleased] | |||
|
|
|||
| ### Added | |||
|
|
|||
| - Add hex validation for gas and gasLimit ([#5093](https://github.com/MetaMask/core/pull/5093)) | |||
There was a problem hiding this comment.
Suggested change
| - Add hex validation for gas and gasLimit ([#5093](https://github.com/MetaMask/core/pull/5093)) | |
| - Validate `gas` and `gasLimit` are hexadecimal strings ([#5093](https://github.com/MetaMask/core/pull/5093)) |
pedronfigueiredo
dismissed stale reviews from matthewwalsh0 and OGPoyraz
via
29c35e3
matthewwalsh0
approved these changes
Dec 20, 2024
7 tasks
github-merge-queue bot
pushed a commit
to MetaMask/metamask-extension
that referenced
this pull request
Dec 20, 2024
<!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Updates from v42 to v42.1 in order to get the validation of the gas limit hexadecimal string properties. See MetaMask/core#5093 for more details. <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/29395?quickstart=1) ## **Related issues** Fixes: MetaMask/MetaMask-planning#3826 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: MetaMask Bot <[email protected]>
](https://codespaces.new/MetaMask/metamask-extension/pull/29395?quickstart=1){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explanation
Add hex validation to the
gasandgasLimitproperties ontxParams.References
Fixes: https://github.com/MetaMask/MetaMask-planning/issues/3826
Changelog
@metamask/transaction-controllergasandgasLimitChecklist