Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Warning appears when a Dapp sets a really high Fees for a tx, potentially loosing all user funds #6358

Merged
merged 15 commits into from
Jun 15, 2023
Merged

No Warning appears when a Dapp sets a really high Fees for a tx, potentially loosing all user funds #6358

merged 15 commits into from
Jun 15, 2023

Conversation

segun
Copy link
Contributor

@segun segun commented May 9, 2023
edited

Description

When a Dapp triggers a transaction/contract interaction, it sets the proposed fees maxFeePerGas maxPriorityFeePerGas and gasLimit. MetaMask takes the values from the Dapp as they are and displayes Site suggested meaning that it's the Dapp who suggested the fees. Despite of that, if the Dapp sets a high value, user can loose all its money and there is no warning on MM side.

Screenshots/Recordings

Before

After

Screenshot 2023-05-10 at 12 50 31

Issue

Fixes #6361

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@segun segun self-assigned this May 9, 2023
@segun segun requested a review from a team as a code owner May 9, 2023 22:35
@github-actions
Copy link
Contributor

github-actions bot commented May 9, 2023

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

@segun segun marked this pull request as draft May 9, 2023 22:36
@segun segun changed the title When the dapp suggested gas fees is too high, change the color of gas… No Warning appears when a Dapp sets a really high Fees for a tx, potentially loosing all user funds May 10, 2023
@segun segun added needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) team-confirmations-secure-ux-PR PR from the confirmations team labels May 10, 2023
@segun segun marked this pull request as ready for review May 10, 2023 11:57
@segun segun force-pushed the show-warning-when-high-gas-fee-estimates branch from db3a873 to ceb25d1 Compare May 12, 2023 00:42
jpuri
jpuri previously approved these changes May 12, 2023
View reviewed changes
@jpuri
Copy link
Contributor

jpuri commented May 12, 2023

PR looks good. @segun please add label unit test coverage confirmed for all mobile PRs that have unit test coverage.

@segun segun force-pushed the show-warning-when-high-gas-fee-estimates branch from 3e1a1ef to 44ae3db Compare May 15, 2023 17:20
@segun segun requested a review from jpuri May 15, 2023 17:20
jpuri
jpuri previously approved these changes May 16, 2023
View reviewed changes
blackdevelopa
blackdevelopa previously approved these changes May 16, 2023
View reviewed changes
@blackdevelopa blackdevelopa added needs-qa Any New Features that needs a full manual QA prior to being added to a release. and removed needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) labels May 16, 2023
@seaona
Copy link
Contributor

seaona commented May 23, 2023

hi @segun I'm seeing the following error when I build this branch, could you take a look? 🙏

image

@seaona seaona removed the needs-qa Any New Features that needs a full manual QA prior to being added to a release. label May 23, 2023
@segun segun force-pushed the show-warning-when-high-gas-fee-estimates branch from 44ae3db to ce99c98 Compare May 23, 2023 14:04
@seaona
Copy link
Contributor

seaona commented May 24, 2023

Empty popover

Whenever I click on the red Warning symbol, I see an empty pop-over. Should we add any text here? cc @bschorchit

This warning symbol is displayed in 2 cases:

  • Whenever the suggested dapp value is very high
  • Whenever we select Agressive option on the Edit gas

In both cases, when I click it the popover is empty

image

Warning not displayed on Legacy networks

Whenever I am on a Legacy network (i.e. Optimism) I can see how no warning is displayed there,

image

@bschorchit
Copy link

This should be the popover content: MetaMask/metamask-extension#17313 (comment)

@bschorchit
Copy link

I believe the warning tooltip should also be next to Max fee instead of next to the time estimation similar to how it's on extension cc: @holantonela

@segun segun dismissed stale reviews from blackdevelopa and jpuri via d28f3cc May 26, 2023 12:56
@holantonela
Copy link

holantonela commented May 29, 2023
edited

I believe the warning tooltip should also be next to Max fee instead of next to the time estimation similar to how it's on extension

Agreed.

blackdevelopa
blackdevelopa reviewed Jun 14, 2023
View reviewed changes
ios/Podfile.lock Outdated Show resolved Hide resolved
blackdevelopa
blackdevelopa previously approved these changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@blackdevelopa blackdevelopa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Just small changes

segun added 15 commits June 15, 2023 11:00
@segun
When the dapp suggested gas fees is too high, change the color of gas…
b05a130 
… estimate times to orange and show an icon

Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Lint fixes
a3153d0 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Use Number instead of +Use Number instead of +Use Number instead of +…
6b6ee8e 
…Use Number instead of +Use Number instead of +Use Number instead of +Use Number instead of +Use Number instead of +Use Number instead of +

Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
updated snapshot
29ce382 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
updated test
affafb0 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
lint fix
0bcb1c3 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Fix lint issues
41d7825 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Show Icon beside Max fee
9c59cbe 
When icon is clicked, show message

Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Lint fix
3a9e29c 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Show green for Aggresive market value.
d83988d 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Lint fixes.
752f4f8 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
move icon information
2dc274f 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
For normal send, show the icons and colors too
488095d 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
revert Podfile
df5d509 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun
Fix PR comments
df65bf4 
Signed-off-by: Olusegun Akintayo <akintayo.segun@gmail.com>
@segun segun dismissed stale reviews from blackdevelopa and jpuri via df65bf4 June 15, 2023 08:01
@segun segun force-pushed the show-warning-when-high-gas-fee-estimates branch from 409891f to df65bf4 Compare June 15, 2023 08:01
@sonarcloud
Copy link

sonarcloud bot commented Jun 15, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

54.2% 54.2% Coverage
70.7% 70.7% Duplication

@segun segun merged commit 7f988ea into main Jun 15, 2023
11 checks passed
@segun segun deleted the show-warning-when-high-gas-fee-estimates branch June 15, 2023 09:30
@github-actions github-actions bot locked and limited conversation to collaborators Jun 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jpuri jpuri jpuri approved these changes

@blackdevelopa blackdevelopa blackdevelopa approved these changes

@bschorchit bschorchit Awaiting requested review from bschorchit

Assignees

@segun segun

Labels
QA Passed A successful QA run through has been done team-confirmations-secure-ux-PR PR from the confirmations team unit test coverage confirmed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] No Warning appears when a Dapp sets a really high Fees for a tx, potentially loosing all user funds
6 participants
@segun @jpuri @seaona @bschorchit @holantonela @blackdevelopa