Skip to content

Commit

Permalink
fix: filte out unsafe data in typedData message (#2725)
Browse files Browse the repository at this point in the history
  • Loading branch information
heisenberg-2077 authored Jan 14, 2025
1 parent 52be420 commit 95f621d
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@ export const parseSignTypedDataMessage = (raw: string) => {
}

const { primaryType, message, types } = data;
return filterPrimaryType({ primaryType, types, message });
};

export const filterPrimaryType = ({
primaryType,
types,
message,
}: {
primaryType: string;
types: Record<string, any>;
message: Record<string, any>;
}) => {
const keys = types[primaryType];
const filteredMessage: Record<string, string> = {};

Expand Down
8 changes: 8 additions & 0 deletions src/ui/views/Approval/components/TypedDataActions/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { encodeSingle } from '@metamask/eth-sig-util';
import { bufferToHex } from 'ethereumjs-util';
import { hexToString } from 'web3-utils';
import BigNumber from 'bignumber.js';
import { filterPrimaryType } from '../SignTypedDataExplain/parseSignTypedDataMessage';

export const getActionTypeText = (data: ParsedTypedDataActionData | null) => {
const { t } = i18n;
Expand Down Expand Up @@ -149,5 +150,12 @@ function parseSignTypedData(typedData: {

typedData.message = parseAndDecode(message, primaryType);

// Filter out the fields that are not part of the primary type
typedData.message = filterPrimaryType({
primaryType,
types,
message: typedData.message,
});

return typedData;
}

0 comments on commit 95f621d

Please sign in to comment.