Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect origin is shown when a spend approval is pending #19557

Closed
srirambv opened this issue Nov 18, 2021 · 3 comments
Closed

Incorrect origin is shown when a spend approval is pending #19557

srirambv opened this issue Nov 18, 2021 · 3 comments
Assignees
@supermassive
Labels
bug feature/web3/wallet/core feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Milestone
1.39.x - Release

Comments

@srirambv
Copy link
Contributor

srirambv commented Nov 18, 2021
edited
Loading

Description

Incorrect origin is shown when an spend approval is pending

Steps to Reproduce

  1. Initiate a send approval on https://app.uniswap.org
  2. Do not approve or reject the request via panel
  3. Open a new site in a new tab and open wallet panel, shows spend approval from the new site rather than initiator

Actual result:

Expected result:

Reproduces how often:

easy

Brave version (brave://version info)

Brave 1.34.22 Chromium: 96.0.4664.45 (Official Build) nightly (x86_64)
Revision 76e4c1bb2ab4671b8beba3444e61c0f17584b2fc-refs/branch-heads/4664@{#947}
OS All

Version/Channel Information:

  • Can you reproduce this issue with the current release? No
  • Can you reproduce this issue with the beta channel? No
  • Can you reproduce this issue with the nightly channel? Yes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? NA
  • Does the issue resolve itself when disabling Brave Rewards? NA
  • Is the issue reproducible on the latest version of Chrome? NA

Miscellaneous Information:

Side effect of brave/brave-core#11132
cc: @Douglashdaniel
@srirambv srirambv changed the title Incorrect origin is shown when an spend approval is pending Incorrect origin is shown when a spend approval is pending Nov 18, 2021
@bbondy bbondy added the priority/P2 A bad problem. We might uplift this to the next planned release. label Nov 18, 2021
@bbondy bbondy added priority/P1 A very extremely bad problem. We might push a hotfix for it. and removed priority/P2 A bad problem. We might uplift this to the next planned release. labels Nov 18, 2021
@bbondy bbondy added priority/P2 A bad problem. We might uplift this to the next planned release. and removed priority/P1 A very extremely bad problem. We might push a hotfix for it. labels Nov 26, 2021
@onyb
Copy link
Member

onyb commented Jan 21, 2022

Moved this to Backlog (backend). We need an origin field in the TransactionInfo struct, which should contain the site url and the favicon url.

@supermassive
Copy link

Should've been fixed by #21915

@supermassive supermassive added this to the 1.39.x - Beta milestone May 13, 2022
@srirambv
Copy link
Contributor Author

Brave 1.39.96 Chromium: 101.0.4951.54 (Official Build) beta (64-bit)
Revision 67da1aeb32cedd27634ca6634fb79cbd85d3f0ab-refs/branch-heads/4951@{#1126}
OS ☑️ Linux ☑️ Windows 11 Version Dev
(Build 22616.1) 		☑️ macOS Version 12.0.1
(Build 21C52)
  • Verified steps from issue
Same domain
Different domain

@LaurenWags LaurenWags mentioned this issue May 23, 2022
Closed
avinassh pushed a commit to avinassh/brave-browser-hardening that referenced this issue May 29, 2022
Brave Browser 1.39.111
6b60f4b 
 - Added Solana support for account creation, sending SOL and sending SPL tokens with Brave Wallet. ([#22348](brave/brave-browser#22348))
 - Added the ability to buy with Ramp using Brave Wallet. ([#21639](brave/brave-browser#21639))
 - Added JSONSanitizer to API helper requests for Brave Wallet. ([#21831](brave/brave-browser#21831))
 - Added Dapp UI for requesting a public key and for decrypting ciphers using Brave Wallet. ([#21177](brave/brave-browser#21177))
 - Added web3_clientVersion support for Brave Wallet. ([#19278](brave/brave-browser#19278))
 - Added the ability to allow users to search sites for RSS feeds for Brave News. ([#21768](brave/brave-browser#21768))
 - Added support for blob partitioning. ([#21746](brave/brave-browser#21746))
 - Added minimum macOS version for Sparkle update process. ([#22918](brave/brave-browser#22918))
 - [Security] Blocked "window.ethereum" completely in third party iframes. ([#22686](brave/brave-browser#22686))
 - [Security] Updated Brave Wallet panel to prominently display eTLD+1 as reported on HackerOne by renekroka. ([#21787](brave/brave-browser#21787))
 - [Security] Fixed incorrect origin being displayed in Brave Wallet when a spend approval is pending. ([#19557](brave/brave-browser#19557))
 - Implemented eth_getEncryptionPublicKey for Brave Wallet. ([#19276](brave/brave-browser#19276))
 - Implemented account discovery when restoring Brave Wallet. ([#18104](brave/brave-browser#18104))
 - Updated Omaha installer version for Windows to v1.3.36.113. ([#22060](brave/brave-browser#22060))
 - Updated default IPFS configuration values. ([#22068](brave/brave-browser#22068))
 - Updated Gas Limit validation and error messaging for unapproved transactions with Brave Wallet. ([#21714](brave/brave-browser#21714))
 - Updated Brave Wallet to automatically add swap taker asset to the visible asset list. ([#21428](brave/brave-browser#21428))
 - Updated Brave Wallet portfolio network filter for multichain support. ([#20780](brave/brave-browser#20780))
 - Reduced adblock filter memory usage by optimizing unused regex rules. ([#21970](brave/brave-browser#21970))
 - Removed known Dialog Insight user tracking parameters from URLs. ([#22082](brave/brave-browser#22082))
 - Removed ability to swap ERC721 tokens with Brave Wallet. ([#21550](brave/brave-browser#21550))
 - Fixed crash which occurred when opening Brave Shields while using Google Meet. ([#22814](brave/brave-browser#22814))
 - Fixed inability to rename Solana account in Brave Wallet after it has been created. ([#22958](brave/brave-browser#22958))
 - Fixed incorrectly computed insufficient funds errors in Brave Wallet. ([#22877](brave/brave-browser#22877))
 - Fixed ERC20 and ERC721 transfers being incorrectly displayed as ETH transfers in the Brave Wallet transactions panel. ([#22044](brave/brave-browser#22044))
 - Fixed text alignment issues under the Brave Wallet "Recent transactions" panel when using long account names. ([#21216](brave/brave-browser#21216))
 - Fixed breakage in webpack build caused by OpenSSL 3.0. ([#22305](brave/brave-browser#22305))
 - Fixed two windows being opened on launch when the browser was installed without administrator privileges on Windows. ([#22179](brave/brave-browser#22179))
 - Upgraded Chromium to 102.0.5005.61. ([#22923](brave/brave-browser#22923)) ([Changelog for 102.0.5005.61](https://chromium.googlesource.com/chromium/src/+log/101.0.4951.67..102.0.5005.61?pretty=fuller&n=1000))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@supermassive supermassive

Labels
bug feature/web3/wallet/core feature/web3/wallet Integrating Ethereum+ wallet support OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/include security
Projects
Web3
Archived in project
Milestone
1.39.x - Release
Development

No branches or pull requests
5 participants
@supermassive @diracdeltas @bbondy @onyb @srirambv