fix: Set correct origin for gator permissions in signing so Blockaid can correctly validate

[MoMannn]

Description

This PR fixes a critical security vulnerability in the Blockaid integration for permission requests. Previously, when validating permission requests through the Gator snap, Blockaid was checking the Gator snap's origin instead of the actual requesting domain found in decodedPermission.origin. This allowed malicious domains to bypass security checks by routing their permission requests through the Gator snap.

The Problem:

• Permission requests were validated against the Gator snap origin instead of the actual DApp origin
• Malicious domains could bypass Blockaid security checks by using the Gator snap as a proxy
• The normalizePPOMRequest function was not extracting the correct origin from decodedPermission.origin

The Solution:

• Modified normalizePPOMRequest to check for decodedPermission.origin when present
• Permission requests now use the actual DApp origin for Blockaid validation
• Maintained backward compatibility for non-permission requests
• Added comprehensive tests to ensure the fix works correctly

Changelog

CHANGELOG entry: null

Manual testing steps

1. Set up a test environment with Gator permissions enabled
2. Create a permission request with a malicious domain in decodedPermission.origin
3. Verify that Blockaid now correctly validates against the malicious domain instead of the Gator snap origin
4. Confirm that regular (non-permission) signature requests continue to work as before
5. Run the new test suite to verify all scenarios are covered

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Validates typed-sign requests using the permission’s origin when initiated by preinstalled snaps, with tests covering snap/non-snap and fallback cases.

• PPOM Utils:
  • Use decodedPermission.origin as origin for eth_signTypedData_* when the request comes from a preinstalled snap (isSnapId + isSnapPreinstalled).
  • Pass controllerObject into normalizeSignatureRequest to enable origin override logic; keep typed data sanitization and transaction normalization.
• Tests:
  • Add mocks for isSnapId and isSnapPreinstalled and new cases validating origin handling:
    • Preinstalled snap uses permission origin.
    • Non-preinstalled snap and non-snap requests do not override origin.
    • Fallback to request origin when no permission present; covers malicious domain scenario.

^{Written by Cursor Bugbot for commit eca215b. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbot]

✨ Files requiring CODEOWNER review ✨

✅ @MetaMask/confirmations (2 files, +389 -2)

• 📁 app/
  • 📁 scripts/
    • 📁 lib/
      • 📁 ppom/
        • 📄 ppom-util.test.ts +360 -0
        • 📄 ppom-util.ts +29 -2

[metamaskbot]

📊 Page Load Benchmark Results

Current Commit: d42040c | Date: 10/16/2025

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.05s (±70ms) 🟡 | historical mean value: 1.05s ⬆️ (historical data)
• domContentLoaded-> current mean value: 736ms (±68ms) 🟢 | historical mean value: 735ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 80ms (±30ms) 🟢 | historical mean value: 80ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.05s	70ms	1.01s	1.32s	1.26s	1.32s
domContentLoaded	736ms	68ms	696ms	1.01s	939ms	1.01s
firstPaint	80ms	30ms	60ms	348ms	88ms	348ms
firstContentfulPaint	80ms	30ms	60ms	348ms	88ms	348ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

---

Results generated automatically by MetaMask CI

[metamaskbot]

Builds ready [d42040c]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• bundle size: Bundle Size Stats
• user-actions-benchmark: User Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  • content-script: 0
  • offscreen: 0

UI Startup Metrics (1237 ± 66 ms)

Platform	BuildType	Page	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P 75 (ms)	P 95 (ms)
Chrome	Browserify	Home	uiStartup	1237	1090	1445	66	1277	1328
			load	1066	958	1236	58	1107	1157
			domContentLoaded	1061	955	1231	57	1101	1142
			domInteractive	19	14	137	14	16	41
			firstPaint	633	112	1159	422	1071	1137
			backgroundConnect	250	237	285	8	254	260
			firstReactRender	26	18	56	8	28	45
			getState	16	5	66	10	20	36
			initialActions	6	0	77	10	5	17
			loadScripts	816	706	990	57	852	903
			setupStore	9	6	26	3	10	19
	Webpack	Home	uiStartup	825	708	1085	69	850	1004
			load	625	575	935	68	628	818
			domContentLoaded	616	568	918	67	621	811
			domInteractive	15	11	75	10	14	35
			firstPaint	225	55	946	213	246	608
			backgroundConnect	21	10	43	7	25	33
			firstReactRender	27	16	59	9	31	36
			getState	9	3	16	3	11	13
			initialActions	3	0	11	2	4	6
			loadScripts	613	566	907	65	620	800
			setupStore	9	5	23	3	11	13
Firefox	Browserify	Home	uiStartup	1463	1259	1838	123	1535	1726
			load	1230	1080	1405	84	1300	1373
			domContentLoaded	1230	1080	1404	84	1300	1373
			domInteractive	102	34	294	53	102	244
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	38	21	195	24	39	101
			firstReactRender	30	25	42	3	31	35
			getState	9	4	51	6	9	19
			initialActions	6	1	63	8	4	24
			loadScripts	1205	1065	1382	82	1283	1343
			setupStore	14	6	104	16	11	61
	Webpack	Home	uiStartup	1599	1421	2064	124	1638	1871
			load	1359	1210	1646	92	1390	1567
			domContentLoaded	1358	1209	1646	92	1390	1567
			domInteractive	107	33	427	75	103	367
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	38	22	91	14	43	70
			firstReactRender	34	26	81	8	37	44
			getState	16	4	169	28	10	74
			initialActions	4	2	28	4	4	13
			loadScripts	1335	1194	1617	90	1367	1541
			setupStore	13	6	144	19	11	35

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 182 Bytes (0%)
• ui: 0 Bytes (0%)
• common: 10 Bytes (0%)

[metamaskbot]

📊 Page Load Benchmark Results

Current Commit: 2b9e33c | Date: 10/16/2025

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.07s (±74ms) 🟡 | historical mean value: 1.05s ⬆️ (historical data)
• domContentLoaded-> current mean value: 750ms (±70ms) 🟢 | historical mean value: 735ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 79ms (±15ms) 🟢 | historical mean value: 79ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.07s	74ms	1.03s	1.36s	1.29s	1.36s
domContentLoaded	750ms	70ms	712ms	1.02s	951ms	1.02s
firstPaint	79ms	15ms	60ms	208ms	88ms	208ms
firstContentfulPaint	79ms	15ms	60ms	208ms	88ms	208ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

---

Results generated automatically by MetaMask CI

[metamaskbot]

Builds ready [2b9e33c]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• bundle size: Bundle Size Stats
• user-actions-benchmark: User Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  • content-script: 0
  • offscreen: 0

UI Startup Metrics (1295 ± 66 ms)

Platform	BuildType	Page	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P 75 (ms)	P 95 (ms)
Chrome	Browserify	Home	uiStartup	1295	1167	1550	66	1324	1430
			load	1107	989	1336	57	1139	1215
			domContentLoaded	1098	955	1330	57	1126	1208
			domInteractive	19	14	46	5	18	31
			firstPaint	633	152	1337	446	1114	1201
			backgroundConnect	264	247	341	12	269	286
			firstReactRender	31	18	110	13	35	49
			getState	17	6	91	10	19	36
			initialActions	6	1	53	7	7	14
			loadScripts	842	701	1065	56	871	937
			setupStore	11	5	34	4	12	19
	Webpack	Home	uiStartup	823	705	1279	83	829	1009
			load	634	572	1100	90	637	853
			domContentLoaded	626	568	1080	89	628	842
			domInteractive	15	11	36	7	13	36
			firstPaint	183	56	1088	191	169	584
			backgroundConnect	20	10	35	6	25	31
			firstReactRender	25	16	40	7	31	32
			getState	9	4	22	3	11	13
			initialActions	3	0	15	2	3	6
			loadScripts	624	566	1069	86	627	828
			setupStore	9	5	22	3	11	14
Firefox	Browserify	Home	uiStartup	1430	1254	1898	127	1496	1661
			load	1208	1079	1512	88	1277	1351
			domContentLoaded	1208	1079	1512	88	1276	1351
			domInteractive	106	32	438	67	103	287
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	34	22	92	12	38	59
			firstReactRender	29	25	50	4	30	38
			getState	9	4	41	6	8	18
			initialActions	6	1	124	14	4	15
			loadScripts	1186	1060	1427	83	1245	1328
			setupStore	13	6	154	18	10	35
	Webpack	Home	uiStartup	1534	1371	1972	110	1575	1775
			load	1312	1188	1592	80	1361	1475
			domContentLoaded	1312	1187	1592	80	1360	1474
			domInteractive	93	29	356	54	95	239
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	35	19	125	15	41	66
			firstReactRender	32	26	78	8	33	38
			getState	8	5	59	6	8	15
			initialActions	7	1	190	20	3	26
			loadScripts	1291	1172	1568	79	1338	1446
			setupStore	13	5	134	17	11	48

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 488 Bytes (0.01%)
• ui: -523 Bytes (-0.01%)
• common: 10 Bytes (0%)

[metamaskbot]

📊 Page Load Benchmark Results

Current Commit: eca215b | Date: 10/17/2025

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.04s (±72ms) 🟡 | historical mean value: 1.05s ⬇️ (historical data)
• domContentLoaded-> current mean value: 730ms (±69ms) 🟢 | historical mean value: 741ms ⬇️ (historical data)
• firstContentfulPaint-> current mean value: 77ms (±12ms) 🟢 | historical mean value: 79ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.04s	72ms	999ms	1.30s	1.27s	1.30s
domContentLoaded	730ms	69ms	697ms	994ms	956ms	994ms
firstPaint	77ms	12ms	60ms	180ms	92ms	180ms
firstContentfulPaint	77ms	12ms	60ms	180ms	92ms	180ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

---

Results generated automatically by MetaMask CI

[metamaskbot]

Builds ready [eca215b]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• bundle size: Bundle Size Stats
• user-actions-benchmark: User Actions Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  • content-script: 0
  • offscreen: 0

UI Startup Metrics (1238 ± 55 ms)

Platform	BuildType	Page	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P 75 (ms)	P 95 (ms)
Chrome	Browserify	Home	uiStartup	1238	1136	1467	55	1273	1332
			load	1063	978	1211	49	1094	1148
			domContentLoaded	1057	971	1206	48	1090	1145
			domInteractive	18	14	51	7	17	37
			firstPaint	711	74	1215	424	1074	1126
			backgroundConnect	253	239	279	7	257	265
			firstReactRender	25	19	63	6	26	34
			getState	16	5	45	8	20	31
			initialActions	6	0	69	10	6	17
			loadScripts	810	734	950	47	843	905
			setupStore	9	6	28	3	10	13
	Webpack	Home	uiStartup	833	717	1076	63	852	968
			load	628	583	911	63	637	811
			domContentLoaded	620	576	899	61	630	806
			domInteractive	15	11	50	8	13	37
			firstPaint	188	55	877	184	192	662
			backgroundConnect	21	10	38	6	26	32
			firstReactRender	27	17	57	8	32	35
			getState	9	3	17	3	11	14
			initialActions	3	0	9	2	4	7
			loadScripts	617	574	889	59	628	795
			setupStore	10	6	15	2	12	13
Firefox	Browserify	Home	uiStartup	1477	1250	1867	109	1529	1664
			load	1249	1084	1479	75	1307	1375
			domContentLoaded	1249	1083	1479	75	1307	1374
			domInteractive	116	34	343	55	123	249
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	38	23	139	19	40	65
			firstReactRender	27	21	58	7	27	44
			getState	10	4	88	10	9	15
			initialActions	5	2	167	16	4	11
			loadScripts	1223	1065	1455	76	1283	1355
			setupStore	14	6	207	23	11	34
	Webpack	Home	uiStartup	1561	1393	2227	139	1600	1874
			load	1342	1194	1731	95	1396	1519
			domContentLoaded	1342	1193	1731	95	1395	1519
			domInteractive	113	31	378	77	109	344
			firstPaint	NaN	NaN	NaN	NaN	NaN	NaN
			backgroundConnect	36	20	84	14	40	71
			firstReactRender	27	22	75	7	28	37
			getState	8	3	37	4	8	14
			initialActions	4	0	71	9	3	13
			loadScripts	1319	1175	1683	92	1376	1494
			setupStore	12	5	139	19	10	33

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 26.05 KiB (0.58%)
• ui: 11.5 KiB (0.18%)
• common: 4.78 KiB (0.06%)