[Bug]: Incorrect gas balance validation at ERC20 approval #20770
Assignees
Labels
area-tokens
release-11.5.0
Issue or pull request that will be included in release 11.5.0
Sev2-normal
Normal severity; minor loss of service or inconvenience.
team-assets
type-bug
Comments
anaamolnar
added
the
Sev2-normal
14 tasks
bergeron
added a commit
that referenced
this issue
Oct 13, 2023
## **Description** Dapps can connect to / prompt transactions from a different account than the one currently selected within the wallet itself. When this occurs, `useGasFeeErrors` was doing a balance check against the wrong account. It was using the current account within the wallet, instead of the account issuing the transaction. This can cause balance errors even when the account has sufficient funds. This shows in 2 places in the UI, which are the only places checking `balanceError`: - Token approvals - Customizing gas popup Solution: Check balance of the account issuing the transaction. ## **Manual testing steps** 1. Within the wallet, select an empty account. 2. On the E2E Test Dapp, connect to a funded account. 3. Send ETH 4. Click "🌐 Site suggested" to customize gas 5. A balance error used to appear, but no longer should. ## **Screenshots/Recordings** ### **Before** https://github.com/MetaMask/metamask-extension/assets/3500406/f48eff21-f2ff-4d96-ba4a-ab15427092ec ## **Related issues** Fixes: #20770 ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md). - [x] I've clearly explained: - [x] What problem this PR is solving. - [x] How this problem was solved. - [x] How reviewers can test my changes. - [x] I’ve indicated what issue this PR is linked to: Fixes #??? - [x] I’ve included tests if applicable. - [ ] I’ve documented any added code. - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)). - [x] I’ve properly set the pull request status: - [x] In case it's not yet "ready for review", I've set it to "draft". - [x] In case it's "ready for review", I've changed it from "draft" to "non-draft". ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
metamaskbot
added
the
release-11.5.0
k-g-j
pushed a commit
that referenced
this issue
Nov 1, 2023
## **Description** Dapps can connect to / prompt transactions from a different account than the one currently selected within the wallet itself. When this occurs, `useGasFeeErrors` was doing a balance check against the wrong account. It was using the current account within the wallet, instead of the account issuing the transaction. This can cause balance errors even when the account has sufficient funds. This shows in 2 places in the UI, which are the only places checking `balanceError`: - Token approvals - Customizing gas popup Solution: Check balance of the account issuing the transaction. ## **Manual testing steps** 1. Within the wallet, select an empty account. 2. On the E2E Test Dapp, connect to a funded account. 3. Send ETH 4. Click "🌐 Site suggested" to customize gas 5. A balance error used to appear, but no longer should. ## **Screenshots/Recordings** ### **Before** https://github.com/MetaMask/metamask-extension/assets/3500406/f48eff21-f2ff-4d96-ba4a-ab15427092ec ## **Related issues** Fixes: #20770 ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Coding Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md). - [x] I've clearly explained: - [x] What problem this PR is solving. - [x] How this problem was solved. - [x] How reviewers can test my changes. - [x] I’ve indicated what issue this PR is linked to: Fixes #??? - [x] I’ve included tests if applicable. - [ ] I’ve documented any added code. - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)). - [x] I’ve properly set the pull request status: - [x] In case it's not yet "ready for review", I've set it to "draft". - [x] In case it's "ready for review", I've changed it from "draft" to "non-draft". ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
What happened?
When initiating an ERC20 approval transaction in Metamask, the gas estimation and validation incorrectly verify the balance of an account that should not be involved in the transaction process. This leads to an "Insufficient funds for gas" error, even though the account intended for gas payment has an adequate balance.
What did you expect to happen?
I expected Metamask to accurately check the balance of the account designated for gas payment when initiating an ERC20 approval transaction, just as it correctly does for other types of transactions. Consequently, it should not display an error when this account possesses enough tokens for gas.
Screen recording:
https://github.com/MetaMask/metamask-extension/assets/101199888/6344db56-544b-4fb4-99d1-64cd54c4c912
Bonus Weird Behavior:
In instances where the account, initially not meant for gas payment, has a balance exceeding the gas estimation requirements, no error is presented, and the transaction can proceed successfully. Nevertheless, the transaction is processed correctly using the designated account for gas, which aligns with the expected behavior.
Steps to reproduce
Go to any website that will generate an approval transaction for ERC20 tokens. The bug happens on all websites and in my demo, I've used: Metamask Test Dap
In the Metamask extension, all my accounts are disconnected from the website.
Make sure the selected account in Metamask has 0 native tokens for gas, I will call this an "empty account" going forward.
Connect the empty account to the Dapp.
Fire a request permissions request and connect a different account that has native tokes to pay gas, I will call this a "funded account" going forward.
Initiate any contract deployment or contract interaction transaction and you will notice on the top left next to the account a yellow (?) "Is this the correct account? It's different from the currently selected account in your wallet". This signals that Metamask correctly handles the situation.
Initiate an ERC20 approval transaction and notice the bug:
Bonus weird behavior:
If the "empty wallet" had enough tokens to pass the gas estimation, no error is displayed and you can send the transaction.
When you send it, the funded wallet will be used for the transaction which is the correct behavior.
Error messages or log output
No response
Version
10.35.1
Build type
None
Browser
Chrome
Operating system
Windows, MacOS
Hardware wallet
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: