Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security alerts - We should run a new validation when transaction is edited on mobile #8382

Open
seaona opened this issue Jan 24, 2024 · 2 comments
Open

Security alerts - We should run a new validation when transaction is edited on mobile #8382

seaona opened this issue Jan 24, 2024 · 2 comments
Labels
team-confirmations Push issues to confirmations team type-enhancement New feature or request

Comments

@seaona
Copy link
Contributor

seaona commented Jan 24, 2024

Describe the bug

Problem: same as in Extension, whenever we edit a transaction, the PPOM validation is not updated. A benign transaction could be malicious, if we change the amount of Approve/Send. However this won't be captured by the Blockaid warning, as it does not re-run the validation on Edit.

Expected behavior

  • Should we re-validate on edit? in all cases ,in some cases (i.e. if gas is changed no, but if recipient/ amounts are changed yes?)

Screenshots/Recordings

blockaid-malicious-validation-update.mp4

Steps to reproduce

  1. Enable Blockaid from Settings
  2. Trigger a malicious Approve ERC20
  3. See malicious warning is displayed
  4. Change the approve value to 0
  5. See malicious warning is still displayed / validation is not re-run

Error messages or log output

No response

Version

7.15.0

Build type

None

Device

Pixel 6

Operating system

Android

Additional context

No response

Severity

No response
@seaona seaona added type-bug Something isn't working team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead Sev2-normal An issue that may lead to users misunderstanding some limited risks they are taking labels Jan 24, 2024
@metamaskbot metamaskbot added the regression-prod-7.15.0 Regression bug that was found in production in release 7.15.0 label Jan 24, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

@github-actions github-actions bot added the stale Issues that have not had activity in the last 90 days label Apr 23, 2024
@cryptotavares cryptotavares added the team-confirmations Push issues to confirmations team label Apr 24, 2024
@github-actions github-actions bot removed the stale Issues that have not had activity in the last 90 days label Apr 24, 2024
@seaona seaona mentioned this issue Apr 29, 2024
Closed
@bschorchit bschorchit removed the team-confirmations-secure-ux DEPRECATED: please use "team-confirmations" label instead label Jun 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 5, 2024

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

@github-actions github-actions bot added the stale Issues that have not had activity in the last 90 days label Sep 5, 2024
@bschorchit bschorchit changed the title [Bug]: PPOM - Validation result is not updated when transaction is edited Security alerts - Validation result is not updated when transaction is edited Sep 5, 2024
@bschorchit bschorchit changed the title Security alerts - Validation result is not updated when transaction is edited Security alerts - We should run a new validation when transaction is edited on mobile Sep 5, 2024
@bschorchit bschorchit added type-enhancement New feature or request and removed type-bug Something isn't working Sev2-normal An issue that may lead to users misunderstanding some limited risks they are taking regression-prod-7.15.0 Regression bug that was found in production in release 7.15.0 stale Issues that have not had activity in the last 90 days labels Sep 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
team-confirmations Push issues to confirmations team type-enhancement New feature or request
Projects
Bugs by severity
Status: To be fixed
Bugs by team
Status: To be fixed
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cryptotavares @bschorchit @metamaskbot @seaona