-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: PPOM - Malicious transactions triggered from Deeplinks are not flagged #8326
Conversation
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
E2E test started on Bitrise: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/9825bcf4-6087-4afb-8db5-540831e9d45c |
a93ce26
to
fa640f4
Compare
|
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #8326 +/- ##
=======================================
Coverage 40.34% 40.34%
=======================================
Files 1235 1236 +1
Lines 29957 29993 +36
Branches 2877 2881 +4
=======================================
+ Hits 12087 12102 +15
- Misses 17175 17195 +20
- Partials 695 696 +1 ☔ View full report in Codecov by Sentry. |
Description
When a malicious transaction is triggered from a dapplink, the blockaid banner alert is not shown. This is because the transaction is shown in the confirm screen after evaluation without calling PPOM.
The approach taken here is to add ppom validation to send flow.
Related issues
Fixes: #7543
Manual testing steps
Screenshots/Recordings
Before
WhatsApp.Video.2024-01-18.at.09.40.43.mp4
After
Pre-merge author checklist
Pre-merge reviewer checklist