aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.md1
-rw-r--r--test/unit/tx-helper-test.js17
-rw-r--r--ui/lib/tx-helper.js6
3 files changed, 23 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d7b6316db..c9149287f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
- Now redirects from known malicious sites faster.
- Added a link to our new support page to the help screen.
+- Fixed bug where a new transaction would be shown over the current transaction, creating a possible timing attack against user confirmation.
## 3.9.0 2017-7-12
diff --git a/test/unit/tx-helper-test.js b/test/unit/tx-helper-test.js
new file mode 100644
index 000000000..cc6543c30
--- /dev/null
+++ b/test/unit/tx-helper-test.js
@@ -0,0 +1,17 @@
+const assert = require('assert')
+const txHelper = require('../../ui/lib/tx-helper')
+
+describe('txHelper', function () {
+ it('always shows the oldest tx first', function () {
+ const metamaskNetworkId = 1
+ const txs = {
+ a: { metamaskNetworkId, time: 3 },
+ b: { metamaskNetworkId, time: 1 },
+ c: { metamaskNetworkId, time: 2 },
+ }
+
+ const sorted = txHelper(txs, null, null, metamaskNetworkId)
+ assert.equal(sorted[0].time, 1, 'oldest tx first')
+ assert.equal(sorted[2].time, 3, 'newest tx last')
+ })
+})
diff --git a/ui/lib/tx-helper.js b/ui/lib/tx-helper.js
index ec19daf64..afc62e7b6 100644
--- a/ui/lib/tx-helper.js
+++ b/ui/lib/tx-helper.js
@@ -12,6 +12,10 @@ module.exports = function (unapprovedTxs, unapprovedMsgs, personalMsgs, network)
const personalValues = valuesFor(personalMsgs)
log.debug(`tx helper found ${personalValues.length} unsigned personal messages`)
allValues = allValues.concat(personalValues)
+ allValues = allValues.sort((a, b) => {
+ return a.time > b.time
+ })
- return allValues.sort(txMeta => txMeta.time)
+ return allValues
}
+