Skip to content

Commit

Permalink
fix: typedata address bypass (#2238)
Browse files Browse the repository at this point in the history
  • Loading branch information
vvvvvv1vvvvvv authored Apr 26, 2024
1 parent 38e0070 commit c9deee4
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
21 changes: 21 additions & 0 deletions src/ui/utils/address.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,24 @@ export const enum AddressType {
CONTRACT = 'CONTRACT',
UNKNOWN = 'UNKNOWN',
}

export type Hex = `0x${string}`;

export function add0x(hexadecimal: string): Hex {
if (hexadecimal.startsWith('0x')) {
return hexadecimal as Hex;
}

if (hexadecimal.startsWith('0X')) {
return `0x${hexadecimal.substring(2)}`;
}

return `0x${hexadecimal}`;
}

export function isStrictHexString(value: unknown): value is Hex {
if (typeof value === 'string') {
return /^0x[0-9a-f]+$/iu.test(value);
}
return false;
}
7 changes: 5 additions & 2 deletions src/ui/views/Approval/components/TypedDataActions/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import { ContextActionData } from '@rabby-wallet/rabby-security-engine/dist/rule
import BigNumber from 'bignumber.js';
import { getArrayType, isArrayType } from '@metamask/abi-utils/dist/parsers';
import { BigNumber as EthersBigNumber } from 'ethers';
import { isStrictHexString, add0x } from 'ui/utils/address';
import i18n from '@/i18n';
import { WalletControllerType, getTimeSpan } from '@/ui/utils';
import {
Expand All @@ -38,7 +39,7 @@ import {
ApproveNFTRequireData,
fetchNFTApproveRequiredData,
} from '../Actions/utils';
import { CHAINS, ALIAS_ADDRESS } from 'consts';
import { ALIAS_ADDRESS } from 'consts';
import { Chain } from 'background/service/openapi';
import {
findChain,
Expand Down Expand Up @@ -1171,8 +1172,10 @@ export function normalizeValue(type: string, value: unknown): any {
}

if (type === 'address') {
if (typeof value === 'string' && !value.startsWith('0x')) {
if (typeof value === 'string' && !/^(0x|0X)/.test(value)) {
return EthersBigNumber.from(value).toHexString();
} else if (isStrictHexString(value)) {
return add0x(value);
}
}

Expand Down

0 comments on commit c9deee4

Please sign in to comment.