-
Notifications
You must be signed in to change notification settings - Fork 570
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unblock wallet_switchEthereumChain
#2634
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2634 +/- ##
=======================================
Coverage 94.76% 94.77%
=======================================
Files 499 500 +1
Lines 10906 10919 +13
Branches 1674 1675 +1
=======================================
+ Hits 10335 10348 +13
Misses 571 571 ☔ View full report in Codecov by Sentry. |
2a66d50
to
fd11f16
Compare
@metamaskbot update-pr |
New and updated dependencies detected. Learn more about Socket for GitHub ↗︎
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. Ignoring: Next stepsTake a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with |
@SocketSecurity ignore npm/@metamask/[email protected] This is ours. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the future we could consider full support for wallet_switchEthereumChain
, and actually updating the provider configuration etc., but for now this simply makes the wallet_switchEthereumChain
method always return null
.
f2aa83e
to
1dcbeda
Compare
@SocketSecurity ignore npm/[email protected] Only used for development / testing, and pending update in another PR. @SocketSecurity ignore npm/@metamask/[email protected] This is ours. |
* @param newPermissions - The new permissions to be granted. | ||
* @returns The permissions to grant to the Snap. | ||
*/ | ||
#getPermissionsToGrant(snapId: SnapId, newPermissions: RequestedPermissions) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we still need this? I thought we were making changes elsewhere for the auto granting?
In addition, this endowment has been removed in favor of the CAIP-25 endowment AFAIK
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We grant permission when calling wallet_switchEthereumChain
, but still need to grant permission for some network when first installing or updating the Snap.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense! Can we document this?
@@ -207,6 +223,9 @@ async function signTypedData(message: string, from: string) { | |||
* @see https://docs.metamask.io/snaps/reference/rpc-api/#wallet_invokesnap | |||
*/ | |||
export const onRpcRequest: OnRpcRequestHandler = async ({ request }) => { | |||
const { chainId = '0x1' } = (request.params as BaseParams) ?? {}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't know a lot about snaps, but I'm assuming that this type cast has to happen here and can't be moved into the function params type
[PERMITTED_CHAINS_ENDOWMENT]: { | ||
caveats: [ | ||
{ | ||
type: 'restrictNetworkSwitching', | ||
value: ['0x1'], | ||
}, | ||
], | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should now be the CAIP-25 permission type, something like this:
'endowment:caip25': {
caveats: [
{
type: 'authorizedScopes',
value: {
requiredScopes: {},
optionalScopes: {
'eip155:1': {
accounts: ['...']
}
}
}
}
]
}
[PERMITTED_CHAINS_ENDOWMENT]: { | ||
caveats: [ | ||
{ | ||
type: 'restrictNetworkSwitching', | ||
value: ['0x5'], | ||
}, | ||
], | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same
[PERMITTED_CHAINS_ENDOWMENT]: { | ||
caveats: [ | ||
{ | ||
type: 'restrictNetworkSwitching', | ||
value: ['0x1'], | ||
}, | ||
], | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same re: which permission is now used
@@ -207,6 +223,9 @@ async function signTypedData(message: string, from: string) { | |||
* @see https://docs.metamask.io/snaps/reference/rpc-api/#wallet_invokesnap | |||
*/ | |||
export const onRpcRequest: OnRpcRequestHandler = async ({ request }) => { | |||
const { chainId = '0x1' } = (request.params as BaseParams) ?? {}; | |||
await switchChain(chainId); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably not a problem, but i think always using mainnet makes it possible in the extension e2e tests that use this snap to try to hit the mainnet infura endpoint, but I think that's probably only the case if something triggers getGasPrice
and i'm not certain there is an extension e2e test that does that. Just pointing this out in case I am wrong
response: PendingJsonRpcResponse<Json>, | ||
_next: JsonRpcEngineNextCallback, | ||
end: JsonRpcEngineEndCallback, | ||
// hooks: GetAccountsHandlerHooks, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// hooks: GetAccountsHandlerHooks, |
sorry, I realize this PR is still marked as draft, so sorry for the early nit comments |
This removes
wallet_switchEthereumChain
from theBLOCKED_RPC_METHODS
list.Closes MetaMask/MetaMask-planning#2938.
Closes #2654.
Blocked by: