Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security provider check (OpenSea) #16584

Merged
merged 19 commits into from
Jan 23, 2023
Merged

Security provider check (OpenSea) #16584

merged 19 commits into from
Jan 23, 2023

Conversation

filipsekulic
Copy link
Contributor

@filipsekulic filipsekulic commented Nov 18, 2022
edited
Loading

Explanation

The security provider is an optional feature for users, similar to an RPC provider for a new chain. The security provider will be called before the wallet action is presented to the user, and can flag possible malicious transactions that the wallet provider can raise to the user.
More information: https://www.notion.so/opensea/Wallet-Tx-Security-PoC-b6a926e1cb6448638d147696cd8f5937

In order to use the security provider check, Transaction security check should be enabled from the Experimental tab.

This functionality will be fully implemented in the following PR (#16258) where the warning message will be shown.

Manual testing steps

  1. Go to Experimental tab and enable the Transaction security check.
  2. Go to test dapp.
  3. Send a transaction or sign a message and the security provider check will be called.

@filipsekulic filipsekulic self-assigned this Nov 18, 2022
@github-actions
Copy link
Contributor

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@metamaskbot
Copy link
Collaborator

Builds ready [1f5db07]
Page Load Metrics (2265 ± 126 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint1042285336591284
domContentLoaded175826812246275132
load175826812265262126
domInteractive175826812246275132
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2562 bytes
  • ui: 20 bytes
  • common: 18 bytes

highlights:

storybook

@filipsekulic filipsekulic marked this pull request as ready for review November 22, 2022 11:43
@filipsekulic filipsekulic requested a review from a team as a code owner November 22, 2022 11:43
@filipsekulic filipsekulic mentioned this pull request Dec 7, 2022
Merged
@metamaskbot
Copy link
Collaborator

Builds ready [df954ff]
Page Load Metrics (3246 ± 225 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint12239937051141548
domContentLoaded257441173221471226
load257541173246469225
domInteractive257441173221471226
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2554 bytes
  • ui: 20 bytes
  • common: 18 bytes

highlights:

storybook

@filipsekulic filipsekulic force-pushed the send-tx-or-signature-request-to-security-provider branch from df954ff to 504ce81 Compare December 8, 2022 13:12
@filipsekulic filipsekulic requested a review from jpuri December 8, 2022 13:34
@metamaskbot
Copy link
Collaborator

Builds ready [504ce81]
Page Load Metrics (2019 ± 98 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint102167120168
domContentLoaded15712365199720398
load15712365201920398
domInteractive15712365199720398
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2554 bytes
  • ui: 20 bytes
  • common: 18 bytes

highlights:

storybook

@metamaskbot
Copy link
Collaborator

Builds ready [06e642f]
Page Load Metrics (2159 ± 213 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint951255169250120
domContentLoaded163738692137447215
load164538692159443213
domInteractive163738692137447215
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2578 bytes
  • ui: 20 bytes
  • common: 18 bytes

highlights:

storybook

@filipsekulic filipsekulic force-pushed the send-tx-or-signature-request-to-security-provider branch from 06e642f to 352f1d9 Compare December 12, 2022 13:10
@filipsekulic filipsekulic requested a review from jpuri December 12, 2022 13:32
@metamaskbot
Copy link
Collaborator

Builds ready [352f1d9]
Page Load Metrics (2270 ± 170 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint1101385196273131
domContentLoaded175334402256359172
load175334402270355170
domInteractive175334402256359172
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2578 bytes
  • ui: 20 bytes
  • common: 18 bytes

highlights:

storybook

jpuri
jpuri reviewed Dec 14, 2022
View reviewed changes
Copy link
Contributor

@jpuri jpuri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code changes look good, but will be nice to have some more test coverage as it touches important functionality.

@filipsekulic filipsekulic requested a review from jpuri December 19, 2022 14:47
@filipsekulic filipsekulic force-pushed the send-tx-or-signature-request-to-security-provider branch from c082a3c to d93b98c Compare December 20, 2022 13:44
@metamaskbot
Copy link
Collaborator

Builds ready [d93b98c]
Page Load Metrics (2357 ± 111 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint972211453015
domContentLoaded170028032334242116
load171228032357231111
domInteractive170028032334242116
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2587 bytes
  • ui: 38 bytes
  • common: 0 bytes

highlights:

storybook

jpuri
jpuri reviewed Jan 5, 2023
View reviewed changes
app/scripts/lib/security-provider-helpers.js
);

return await response.json();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test cases can be added for above new file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we ever add test cases?

jpuri
jpuri previously approved these changes Jan 5, 2023
View reviewed changes
Copy link
Contributor

@jpuri jpuri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code changes look good, some small non-blocking feedback there.

@seaona
Copy link
Contributor

seaona commented Jan 9, 2023

The toggle looks good when I tested using the feature flag.

There are 2 problems related to the Search Function that might/might not be related to this PR:

  • There is no matching when we use the description words for the search. On the other cases it does match with text description, so this might be something related with this PR?
search-security.mp4
  • The transaction and security words are matched but not the check word from the feature title. This seems related to an existing issue, but we should verify it, to make sure

image

@filipsekulic filipsekulic force-pushed the send-tx-or-signature-request-to-security-provider branch from d93b98c to b9fe62f Compare January 10, 2023 08:30
@filipsekulic filipsekulic force-pushed the send-tx-or-signature-request-to-security-provider branch from b9fe62f to 1ba6012 Compare January 10, 2023 08:34
@filipsekulic
Copy link
Contributor Author

The toggle looks good when I tested using the feature flag.

There are 2 problems related to the Search Function that might/might not be related to this PR:

  • There is no matching when we use the description words for the search. On the other cases it does match with text description, so this might be something related with this PR?

search-security.mp4

  • The transaction and security words are matched but not the check word from the feature title. This seems related to an existing issue, but we should verify it, to make sure

image

Hey @seaona!
I rebased this PR. You can check the new design in the Experimental tab. I think the problem with description search was not introduced in this PR. I tried to reproduce the issue you mentioned from both the develop and this PR's branch. If I am right, there is a problem with all the the settings descriptions when searching it, not just the ones from the Experimental tab.

jpuri
jpuri approved these changes Jan 13, 2023
View reviewed changes
Copy link
Contributor

@jpuri jpuri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@seaona
Copy link
Contributor

seaona commented Jan 19, 2023

@filipsekulic thank you! It looks indeed a separate issue with the Search, not related to these changes

blackdevelopa
blackdevelopa approved these changes Jan 23, 2023
View reviewed changes
Copy link
Contributor

@blackdevelopa blackdevelopa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. However, just noticed we have a failing CI.

@filipsekulic
Copy link
Contributor Author

LGTM. However, just noticed we have a failing CI.

@blackdevelopa
Thanks! I've just updated the branch.

@metamaskbot
Copy link
Collaborator

Builds ready [ed0cf96]
Page Load Metrics (1314 ± 112 ms)
PlatformPageMetricMin (ms)Max (ms)Average (ms)StandardDeviation (ms)MarginOfError (ms)
ChromeHomefirstPaint982591384019
domContentLoaded99917511293219105
load106118301314233112
domInteractive99917511293219105
Bundle size diffs [🚨 Warning! Bundle size has increased!]
  • background: 2676 bytes
  • ui: 38 bytes
  • common: 0 bytes

@jpuri jpuri merged commit 27d3416 into develop Jan 23, 2023
@jpuri jpuri deleted the send-tx-or-signature-request-to-security-provider branch January 23, 2023 14:32
@github-actions github-actions bot locked and limited conversation to collaborators Jan 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blackdevelopa blackdevelopa blackdevelopa approved these changes

@jpuri jpuri jpuri approved these changes

@brad-decker brad-decker Awaiting requested review from brad-decker brad-decker is a code owner automatically assigned from MetaMask/extension-devs

Assignees

@filipsekulic filipsekulic

Labels
None yet
Projects
None yet
Milestone
No milestone
6 participants
@filipsekulic @metamaskbot @seaona @jpuri @brad-decker @blackdevelopa