diff options
author | Dan Finlay <dan@danfinlay.com> | 2017-07-18 05:16:39 +0800 |
---|---|---|
committer | Dan Finlay <dan@danfinlay.com> | 2017-07-18 05:18:00 +0800 |
commit | 614501e743a0c1584062c78a25e6b9a3ddf10aab (patch) | |
tree | aba81e5cf7b3ca9f0ef79605345d9406ac7a26e3 | |
parent | 919f3c46015bcf39be7efd13d84cb24c8be5c939 (diff) | |
download | tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar.gz tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar.bz2 tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar.lz tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar.xz tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.tar.zst tangerine-wallet-browser-614501e743a0c1584062c78a25e6b9a3ddf10aab.zip |
Fix transaction confirmation ordering
Newest tx or message will now always appear last, and a new tx proposed after the user has a confirmation box open will never change the confirmation to a different tx proposed.
Fixes #1637
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | test/unit/tx-helper-test.js | 17 | ||||
-rw-r--r-- | ui/lib/tx-helper.js | 6 |
3 files changed, 23 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d7b6316db..c9149287f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Now redirects from known malicious sites faster. - Added a link to our new support page to the help screen. +- Fixed bug where a new transaction would be shown over the current transaction, creating a possible timing attack against user confirmation. ## 3.9.0 2017-7-12 diff --git a/test/unit/tx-helper-test.js b/test/unit/tx-helper-test.js new file mode 100644 index 000000000..cc6543c30 --- /dev/null +++ b/test/unit/tx-helper-test.js @@ -0,0 +1,17 @@ +const assert = require('assert') +const txHelper = require('../../ui/lib/tx-helper') + +describe('txHelper', function () { + it('always shows the oldest tx first', function () { + const metamaskNetworkId = 1 + const txs = { + a: { metamaskNetworkId, time: 3 }, + b: { metamaskNetworkId, time: 1 }, + c: { metamaskNetworkId, time: 2 }, + } + + const sorted = txHelper(txs, null, null, metamaskNetworkId) + assert.equal(sorted[0].time, 1, 'oldest tx first') + assert.equal(sorted[2].time, 3, 'newest tx last') + }) +}) diff --git a/ui/lib/tx-helper.js b/ui/lib/tx-helper.js index ec19daf64..afc62e7b6 100644 --- a/ui/lib/tx-helper.js +++ b/ui/lib/tx-helper.js @@ -12,6 +12,10 @@ module.exports = function (unapprovedTxs, unapprovedMsgs, personalMsgs, network) const personalValues = valuesFor(personalMsgs) log.debug(`tx helper found ${personalValues.length} unsigned personal messages`) allValues = allValues.concat(personalValues) + allValues = allValues.sort((a, b) => { + return a.time > b.time + }) - return allValues.sort(txMeta => txMeta.time) + return allValues } + |