fix: skip blockaid validations for users internal accounts (#10264)

MetaMask · Jul 12, 2024 · 4867f0b · 4867f0b
1 parent dcce5a8
commit 4867f0b
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/app/core/RPCMethods/eth_sendTransaction.test.ts b/app/core/RPCMethods/eth_sendTransaction.test.ts
@@ -24,6 +24,12 @@ jest.mock('../../core/Engine', () => ({
         providerConfig: { chainId: '0x1' },
       },
     },
+    AccountsController: {
+      state: {
+        internalAccounts: { accounts: [] },
+      },
+      listAccounts: () => [],
+    },
   },
 }));
 

diff --git a/app/lib/ppom/ppom-util.test.ts b/app/lib/ppom/ppom-util.test.ts
@@ -34,6 +34,12 @@ jest.mock('../../core/Engine', () => ({
         providerConfig: { chainId: CHAIN_ID_MOCK },
       },
     },
+    AccountsController: {
+      state: {
+        internalAccounts: { accounts: [] },
+      },
+      listAccounts: jest.fn().mockReturnValue([]),
+    },
   },
   backgroundState: {
     NetworkController: {
@@ -118,6 +124,28 @@ describe('PPOM Utils', () => {
       expect(spyTransactionAction).toBeCalledTimes(0);
     });
 
+    it('should not validate if request is send to users own account ', async () => {
+      const spyTransactionAction = jest.spyOn(
+        TransactionActions,
+        'setTransactionSecurityAlertResponse',
+      );
+      MockEngine.context.AccountsController.listAccounts = jest
+        .fn()
+        .mockReturnValue([
+          {
+            address: '0x0c54FcCd2e384b4BB6f2E405Bf5Cbc15a017AaFb',
+          },
+        ]);
+      await PPOMUtil.validateRequest(mockRequest, CHAIN_ID_MOCK);
+      expect(MockEngine.context.PPOMController?.usePPOM).toHaveBeenCalledTimes(
+        0,
+      );
+      expect(spyTransactionAction).toHaveBeenCalledTimes(0);
+      MockEngine.context.AccountsController.listAccounts = jest
+        .fn()
+        .mockReturnValue([]);
+    });
+
     it('should not validate user if on a non supporting blockaid network', async () => {
       const spyTransactionAction = jest.spyOn(
         TransactionActions,

diff --git a/app/lib/ppom/ppom-util.ts b/app/lib/ppom/ppom-util.ts
@@ -56,7 +56,11 @@ const SECURITY_ALERT_RESPONSE_IN_PROGRESS = {
 };
 
 async function validateRequest(req: PPOMRequest, transactionId?: string) {
-  const { PPOMController: ppomController, NetworkController } = Engine.context;
+  const {
+    AccountsController,
+    NetworkController,
+    PPOMController: ppomController,
+  } = Engine.context;
 
   const chainId = NetworkController.state.providerConfig.chainId;
   const isConfirmationMethod = CONFIRMATION_METHODS.includes(req.method);
@@ -65,6 +69,22 @@ async function validateRequest(req: PPOMRequest, transactionId?: string) {
     return;
   }
 
+  if (req.method === 'eth_sendTransaction') {
+    const internalAccounts = AccountsController.listAccounts();
+    const toAddress: string | undefined = (
+      req?.params?.[0] as Record<string, string>
+    ).to;
+
+    if (
+      internalAccounts.some(
+        ({ address }: { address: string }) =>
+          address?.toLowerCase() === toAddress?.toLowerCase(),
+      )
+    ) {
+      return;
+    }
+  }
+
   const isTransaction = isTransactionRequest(req);
   let securityAlertResponse: SecurityAlertResponse | undefined;