Merge branch 'main' into bump-braces

MetaMask · Sep 11, 2024 · 9ff7663 · 9ff7663
2 parents e739571 + 1d17a1d
commit 9ff7663
Show file tree

Hide file tree

Showing 14 changed files with 486 additions and 409 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [14.0.1]
+### Fixed
+- Request validation should not throw if verifyingContract is not defined in typed signature ([#328](https://github.com/MetaMask/eth-json-rpc-middleware/pull/328))
+
+## [14.0.0]
+### Changed
+- **BREAKING:** Adapt to EIP-1193 provider changes by replacing the deprecated `sendAsync` method with the `request` method ([#317](https://github.com/MetaMask/eth-json-rpc-middleware/pull/317))
+  - **BREAKING:** Refactor `providerAsMiddleware` and middleware functions `retryOnEmpty`, `block-ref` to use the `request` method.
+- Bump `@metamask/eth-block-tracker` from `^10.0.0` to `^11.0.1` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
+- Bump `@metamask/eth-json-rpc-provider` from `^4.0.0` to `^4.1.1` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323), [#317](https://github.com/MetaMask/eth-json-rpc-middleware/pull/317))
+- Bump `@metamask/eth-sig-util` from `^7.0.0` to `^7.0.3` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
+- Bump `@metamask/json-rpc-engine` from `^9.0.0` to `^9.0.2` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
+- Bump `@metamask/rpc-errors` from `^6.0.0` to `^6.3.1` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
+- Bump `@metamask/utils` from `^8.1.0` to `^9.1.0` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
+
+### Security
+- **BREAKING:** Typed signature validation only replaces `0X` prefix with `0x`, and contract address normalization is removed for decimal and octal values ([#318](https://github.com/MetaMask/eth-json-rpc-middleware/pull/318))
+  - Threat actors have been manipulating `eth_signTypedData_v4` fields to cause failures in blockaid's detectors.
+  - Extension crashes with an error when performing Malicious permit with a non-0x prefixed integer address.
+  - This fixes an issue where the key value row or petname component disappears if a signed address is prefixed by "0X" instead of "0x".
+
 ## [13.0.0]
 ### Changed
 - **BREAKING**: Drop support for Node.js v16; add support for Node.js v20, v22 ([#312](https://github.com/MetaMask/eth-json-rpc-middleware/pull/312))
@@ -185,7 +206,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `[email protected]` ([#53](https://github.com/MetaMask/eth-json-rpc-middleware/pull/53))
 - `[email protected]` ([#55](https://github.com/MetaMask/eth-json-rpc-middleware/pull/55))
 
-[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v13.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.1...HEAD
+[14.0.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v14.0.0...v14.0.1
+[14.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v13.0.0...v14.0.0
 [13.0.0]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.2...v13.0.0
 [12.1.2]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.1...v12.1.2
 [12.1.1]: https://github.com/MetaMask/eth-json-rpc-middleware/compare/v12.1.0...v12.1.1

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@metamask/eth-json-rpc-middleware",
-  "version": "13.0.0",
+  "version": "14.0.1",
   "description": "Ethereum-related json-rpc-engine middleware.",
   "repository": {
     "type": "git",
@@ -28,12 +28,12 @@
     "test:watch": "jest --watch"
   },
   "dependencies": {
-    "@metamask/eth-block-tracker": "^10.0.0",
-    "@metamask/eth-json-rpc-provider": "^4.0.0",
-    "@metamask/eth-sig-util": "^7.0.0",
-    "@metamask/json-rpc-engine": "^9.0.0",
-    "@metamask/rpc-errors": "^6.0.0",
-    "@metamask/utils": "^8.1.0",
+    "@metamask/eth-block-tracker": "^11.0.1",
+    "@metamask/eth-json-rpc-provider": "^4.1.1",
+    "@metamask/eth-sig-util": "^7.0.3",
+    "@metamask/json-rpc-engine": "^9.0.2",
+    "@metamask/rpc-errors": "^6.3.1",
+    "@metamask/utils": "^9.1.0",
     "@types/bn.js": "^5.1.5",
     "bn.js": "^5.2.1",
     "klona": "^2.0.6",

diff --git a/src/block-cache.test.ts b/src/block-cache.test.ts
@@ -23,11 +23,7 @@ function createTestSetup() {
 describe('block cache', () => {
   it('should cache a request and only hit the provider once', async () => {
     const { engine, provider, blockTracker } = createTestSetup();
-    const spy = jest
-      .spyOn(provider, 'sendAsync')
-      .mockImplementation((req, cb) => {
-        cb(undefined, { id: req.id, result: '0x0', jsonrpc: '2.0' });
-      });
+    const requestSpy = jest.spyOn(provider, 'request').mockResolvedValue('0x0');
     let hitCount = 0;
 
     const hitCountMiddleware = createHitTrackerMiddleware();
@@ -56,6 +52,6 @@ describe('block cache', () => {
     expect(hitCount).toBe(1);
     expect(response.result).toBe('0x0');
     expect(response2.result).toBe('0x0');
-    expect(spy).toHaveBeenCalled();
+    expect(requestSpy).toHaveBeenCalled();
   });
 });
diff --git a/src/block-ref.test.ts b/src/block-ref.test.ts
@@ -10,7 +10,7 @@ import {
   stubProviderRequests,
   buildStubForBlockNumberRequest,
   buildStubForGenericRequest,
-  buildFinalMiddlewareWithDefaultResponse,
+  buildFinalMiddlewareWithDefaultResult,
   buildMockParamsWithoutBlockParamAt,
   expectProviderRequestNotToHaveBeenMade,
 } from '../test/util/helpers';
@@ -106,11 +106,7 @@ describe('createBlockRefMiddleware', () => {
                         '0x100',
                       ),
                     },
-                    response: (req) => ({
-                      id: req.id,
-                      jsonrpc: '2.0' as const,
-                      result: 'something',
-                    }),
+                    result: async () => 'something',
                   }),
                 ]);
 
@@ -120,14 +116,13 @@ describe('createBlockRefMiddleware', () => {
                   id: 1,
                   jsonrpc: '2.0',
                   result: 'something',
-                  error: undefined,
                 });
               },
             );
           });
 
           it('does not proceed to the next middleware after making a request through the provider', async () => {
-            const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+            const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
             await withTestSetup(
               {
@@ -161,11 +156,7 @@ describe('createBlockRefMiddleware', () => {
                         '0x100',
                       ),
                     },
-                    response: (req) => ({
-                      id: req.id,
-                      jsonrpc: '2.0' as const,
-                      result: 'something',
-                    }),
+                    result: async () => 'something',
                   }),
                 ]);
 
@@ -207,11 +198,7 @@ describe('createBlockRefMiddleware', () => {
                         '0x100',
                       ),
                     },
-                    response: (req) => ({
-                      id: req.id,
-                      jsonrpc: '2.0' as const,
-                      result: 'something',
-                    }),
+                    result: async () => 'something',
                   }),
                 ]);
 
@@ -221,14 +208,13 @@ describe('createBlockRefMiddleware', () => {
                   id: 1,
                   jsonrpc: '2.0',
                   result: 'something',
-                  error: undefined,
                 });
               },
             );
           });
 
           it('does not proceed to the next middleware after making a request through the provider', async () => {
-            const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+            const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
             await withTestSetup(
               {
@@ -259,11 +245,7 @@ describe('createBlockRefMiddleware', () => {
                         '0x100',
                       ),
                     },
-                    response: (req) => ({
-                      id: req.id,
-                      jsonrpc: '2.0' as const,
-                      result: 'something',
-                    }),
+                    result: async () => 'something',
                   }),
                 ]);
 
@@ -279,7 +261,7 @@ describe('createBlockRefMiddleware', () => {
           'if the block param is something other than "latest", like %o',
           (blockParam) => {
             it('does not make a direct request through the provider', async () => {
-              const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+              const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
               await withTestSetup(
                 {
@@ -303,19 +285,19 @@ describe('createBlockRefMiddleware', () => {
                       blockParam,
                     ),
                   };
-                  const sendAsyncSpy = stubProviderRequests(provider, [
+                  const requestSpy = stubProviderRequests(provider, [
                     buildStubForBlockNumberRequest('0x100'),
                   ]);
 
                   await engine.handle(request);
 
-                  expectProviderRequestNotToHaveBeenMade(sendAsyncSpy, request);
+                  expectProviderRequestNotToHaveBeenMade(requestSpy, request);
                 },
               );
             });
 
             it('proceeds to the next middleware', async () => {
-              const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+              const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
               await withTestSetup(
                 {
@@ -366,7 +348,7 @@ describe('createBlockRefMiddleware', () => {
 
   describe('when the RPC method does not take a block parameter', () => {
     it('does not make a direct request through the provider', async () => {
-      const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+      const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
       await withTestSetup(
         {
@@ -387,19 +369,19 @@ describe('createBlockRefMiddleware', () => {
             method: 'a_non_block_param_method',
             params: ['some value', '0x200'],
           };
-          const sendAsyncSpy = stubProviderRequests(provider, [
+          const requestSpy = stubProviderRequests(provider, [
             buildStubForBlockNumberRequest('0x100'),
           ]);
 
           await engine.handle(request);
 
-          expectProviderRequestNotToHaveBeenMade(sendAsyncSpy, request);
+          expectProviderRequestNotToHaveBeenMade(requestSpy, request);
         },
       );
     });
 
     it('proceeds to the next middleware', async () => {
-      const finalMiddleware = buildFinalMiddlewareWithDefaultResponse();
+      const finalMiddleware = buildFinalMiddlewareWithDefaultResult();
 
       await withTestSetup(
         {
@@ -465,7 +447,7 @@ async function withTestSetup<T>(
 
   const {
     middlewareUnderTest,
-    otherMiddleware = [buildFinalMiddlewareWithDefaultResponse()],
+    otherMiddleware = [buildFinalMiddlewareWithDefaultResult()],
   } = configureMiddleware({ engine, provider, blockTracker });
 
   for (const middleware of [middlewareUnderTest, ...otherMiddleware]) {

diff --git a/src/block-ref.ts b/src/block-ref.ts
@@ -2,13 +2,8 @@ import type { PollingBlockTracker } from '@metamask/eth-block-tracker';
 import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider';
 import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine';
 import { createAsyncMiddleware } from '@metamask/json-rpc-engine';
-import type {
-  Json,
-  JsonRpcParams,
-  PendingJsonRpcResponse,
-} from '@metamask/utils';
+import type { Json, JsonRpcParams } from '@metamask/utils';
 import { klona } from 'klona/full';
-import pify from 'pify';
 
 import { projectLogger, createModuleLogger } from './logging-utils';
 import type { Block } from './types';
@@ -68,12 +63,8 @@ export function createBlockRefMiddleware({
 
     // perform child request
     log('Performing another request %o', childRequest);
-    const childRes: PendingJsonRpcResponse<Block> = await pify(
-      provider.sendAsync,
-    ).call(provider, childRequest);
-    // copy child response onto original response
-    res.result = childRes.result;
-    res.error = childRes.error;
+    // copy child result onto original response
+    res.result = await provider.request<JsonRpcParams, Block>(childRequest);
 
     return undefined;
   });

diff --git a/src/providerAsMiddleware.ts b/src/providerAsMiddleware.ts
@@ -1,5 +1,8 @@
 import type { SafeEventEmitterProvider } from '@metamask/eth-json-rpc-provider';
-import type { JsonRpcMiddleware } from '@metamask/json-rpc-engine';
+import {
+  createAsyncMiddleware,
+  type JsonRpcMiddleware,
+} from '@metamask/json-rpc-engine';
 import type {
   Json,
   JsonRpcParams,
@@ -9,21 +12,9 @@ import type {
 export function providerAsMiddleware(
   provider: SafeEventEmitterProvider,
 ): JsonRpcMiddleware<JsonRpcParams, Json> {
-  return (req, res, _next, end) => {
-    // send request to provider
-    provider.sendAsync(
-      req,
-      (err: unknown, providerRes: PendingJsonRpcResponse<any>) => {
-        // forward any error
-        if (err instanceof Error) {
-          return end(err);
-        }
-        // copy provider response onto original response
-        Object.assign(res, providerRes);
-        return end();
-      },
-    );
-  };
+  return createAsyncMiddleware(async (req, res) => {
+    res.result = await provider.request(req);
+  });
 }
 
 export function ethersProviderAsMiddleware(