aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkumavis <kumavis@users.noreply.github.com>2018-06-07 02:54:01 +0800
committerGitHub <noreply@github.com>2018-06-07 02:54:01 +0800
commitd30f03dcbf33c38cf33fc191fbe7d301a8594021 (patch)
treef4b9f8ea7aee27ed099be5cd8cc578d9dde5e9f5
parent72f7a4e1d057d712f20a3178c258f3b52873825d (diff)
parent1dda0c646940179bec6e886117a8ecf3f0f7ab48 (diff)
downloadtangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar.gz
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar.bz2
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar.lz
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar.xz
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.tar.zst
tangerine-wallet-browser-d30f03dcbf33c38cf33fc191fbe7d301a8594021.zip
Merge pull request #4414 from scsaba/recipient-blacklist
Disallow sending to ganache default accounts on main net
-rw-r--r--app/scripts/controllers/transactions/index.js6
-rw-r--r--app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js24
-rw-r--r--app/scripts/controllers/transactions/lib/recipient-blacklist-config.json14
-rw-r--r--test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js77
-rw-r--r--test/unit/app/controllers/transactions/tx-controller-test.js17
5 files changed, 137 insertions, 1 deletions
diff --git a/app/scripts/controllers/transactions/index.js b/app/scripts/controllers/transactions/index.js
index aff5db984..b53947e27 100644
--- a/app/scripts/controllers/transactions/index.js
+++ b/app/scripts/controllers/transactions/index.js
@@ -10,6 +10,7 @@ const NonceTracker = require('./nonce-tracker')
const txUtils = require('./lib/util')
const cleanErrorStack = require('../../lib/cleanErrorStack')
const log = require('loglevel')
+const recipientBlacklistChecker = require('./lib/recipient-blacklist-checker')
/**
Transaction Controller is an aggregate of sub-controllers and trackers
@@ -157,8 +158,11 @@ class TransactionController extends EventEmitter {
let txMeta = this.txStateManager.generateTxMeta({ txParams: normalizedTxParams })
this.addTx(txMeta)
this.emit('newUnapprovedTx', txMeta)
- // add default tx params
+
try {
+ // check whether recipient account is blacklisted
+ recipientBlacklistChecker.checkAccount(txMeta.metamaskNetworkId, normalizedTxParams.to)
+ // add default tx params
txMeta = await this.addTxGasDefaults(txMeta)
} catch (error) {
console.log(error)
diff --git a/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js b/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js
new file mode 100644
index 000000000..84c6df1f0
--- /dev/null
+++ b/app/scripts/controllers/transactions/lib/recipient-blacklist-checker.js
@@ -0,0 +1,24 @@
+const Config = require('./recipient-blacklist-config.json')
+
+/** @module*/
+module.exports = {
+ checkAccount,
+}
+
+/**
+ * Checks if a specified account on a specified network is blacklisted.
+ @param networkId {number}
+ @param account {string}
+*/
+function checkAccount (networkId, account) {
+
+ const mainnetId = 1
+ if (networkId !== mainnetId) {
+ return
+ }
+
+ const accountToCheck = account.toLowerCase()
+ if (Config.blacklist.includes(accountToCheck)) {
+ throw new Error('Recipient is a public account')
+ }
+}
diff --git a/app/scripts/controllers/transactions/lib/recipient-blacklist-config.json b/app/scripts/controllers/transactions/lib/recipient-blacklist-config.json
new file mode 100644
index 000000000..b348eb72e
--- /dev/null
+++ b/app/scripts/controllers/transactions/lib/recipient-blacklist-config.json
@@ -0,0 +1,14 @@
+{
+ "blacklist": [
+ "0x627306090abab3a6e1400e9345bc60c78a8bef57",
+ "0xf17f52151ebef6c7334fad080c5704d77216b732",
+ "0xc5fdf4076b8f3a5357c5e395ab970b5b54098fef",
+ "0x821aea9a577a9b44299b9c15c88cf3087f3b5544",
+ "0x0d1d4e623d10f9fba5db95830f7d3839406c6af2",
+ "0x2932b7a2355d6fecc4b5c0b6bd44cc31df247a2e",
+ "0x2191ef87e392377ec08e7c08eb105ef5448eced5",
+ "0x0f4f2ac550a1b4e2280d04c21cea7ebd822934b5",
+ "0x6330a553fc93768f612722bb8c2ec78ac90b3bbc",
+ "0x5aeda56215b167893e80b4fe645ba6d5bab767de"
+ ]
+}
diff --git a/test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js b/test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js
new file mode 100644
index 000000000..56e8d50db
--- /dev/null
+++ b/test/unit/app/controllers/transactions/recipient-blacklist-checker-test.js
@@ -0,0 +1,77 @@
+const assert = require('assert')
+const recipientBlackListChecker = require('../../../../../app/scripts/controllers/transactions/lib/recipient-blacklist-checker')
+const {
+ ROPSTEN_CODE,
+ RINKEYBY_CODE,
+ KOVAN_CODE,
+} = require('../../../../../app/scripts/controllers/network/enums')
+
+const KeyringController = require('eth-keyring-controller')
+
+describe('Recipient Blacklist Checker', function () {
+
+ let publicAccounts
+
+ before(async function () {
+ const damnedMnemonic = 'candy maple cake sugar pudding cream honey rich smooth crumble sweet treat'
+ const keyringController = new KeyringController({})
+ const Keyring = keyringController.getKeyringClassForType('HD Key Tree')
+ const opts = {
+ mnemonic: damnedMnemonic,
+ numberOfAccounts: 10,
+ }
+ const keyring = new Keyring(opts)
+ publicAccounts = await keyring.getAccounts()
+ })
+
+ describe('#checkAccount', function () {
+ it('does not fail on test networks', function () {
+ let callCount = 0
+ const networks = [ROPSTEN_CODE, RINKEYBY_CODE, KOVAN_CODE]
+ for (let networkId in networks) {
+ publicAccounts.forEach((account) => {
+ recipientBlackListChecker.checkAccount(networkId, account)
+ callCount++
+ })
+ }
+ assert.equal(callCount, 30)
+ })
+
+ it('fails on mainnet', function () {
+ const mainnetId = 1
+ let callCount = 0
+ publicAccounts.forEach((account) => {
+ try {
+ recipientBlackListChecker.checkAccount(mainnetId, account)
+ assert.fail('function should have thrown an error')
+ } catch (err) {
+ assert.equal(err.message, 'Recipient is a public account')
+ }
+ callCount++
+ })
+ assert.equal(callCount, 10)
+ })
+
+ it('fails for public account - uppercase', function () {
+ const mainnetId = 1
+ const publicAccount = '0X0D1D4E623D10F9FBA5DB95830F7D3839406C6AF2'
+ try {
+ recipientBlackListChecker.checkAccount(mainnetId, publicAccount)
+ assert.fail('function should have thrown an error')
+ } catch (err) {
+ assert.equal(err.message, 'Recipient is a public account')
+ }
+ })
+
+ it('fails for public account - lowercase', async function () {
+ const mainnetId = 1
+ const publicAccount = '0x0d1d4e623d10f9fba5db95830f7d3839406c6af2'
+ try {
+ await recipientBlackListChecker.checkAccount(mainnetId, publicAccount)
+ assert.fail('function should have thrown an error')
+ } catch (err) {
+ assert.equal(err.message, 'Recipient is a public account')
+ }
+ })
+ })
+})
diff --git a/test/unit/app/controllers/transactions/tx-controller-test.js b/test/unit/app/controllers/transactions/tx-controller-test.js
index 1f32a0f37..9bdfe7c1a 100644
--- a/test/unit/app/controllers/transactions/tx-controller-test.js
+++ b/test/unit/app/controllers/transactions/tx-controller-test.js
@@ -185,6 +185,23 @@ describe('Transaction Controller', function () {
.catch(done)
})
+ it('should fail if recipient is public', function (done) {
+ txController.networkStore = new ObservableStore(1)
+ txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
+ .catch((err) => {
+ if (err.message === 'Recipient is a public account') done()
+ else done(err)
+ })
+ })
+
+ it('should not fail if recipient is public but not on mainnet', function (done) {
+ txController.once('newUnapprovedTx', (txMetaFromEmit) => {
+ assert(txMetaFromEmit, 'txMeta is falsey')
+ done()
+ })
+ txController.addUnapprovedTransaction({ from: '0x1678a085c290ebd122dc42cba69373b5953b831d', to: '0x0d1d4e623D10F9FBA5Db95830F7d3839406C6AF2' })
+ .catch(done)
+ })
})
describe('#addTxGasDefaults', function () {