Skip to content

feat: shield-controller: check signature coverage #6501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 15, 2025
Merged

feat: shield-controller: check signature coverage #6501

merged 7 commits into from
Sep 15, 2025

Conversation

matthiasgeihs
Copy link
Contributor

@matthiasgeihs matthiasgeihs commented Sep 9, 2025
edited
Loading

Explanation

This PR adds support for validating signature coverage to the ShieldController.

References

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed, highlighting breaking changes as necessary
  • I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes

@socket-security Socket Security
Copy link

socket-security bot commented Sep 9, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​metamask/​signature-controller@​33.0.0971007698100

View full report

@socket-security Socket Security
Copy link

socket-security bot commented Sep 9, 2025
edited
Loading

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring alerts on:

  • @metamask/signature-controller@33.0.0

View full report

@matthiasgeihs
Copy link
Contributor Author

@SocketSecurity ignore npm/@metamask/signature-controller@33.0.0

@matthiasgeihs matthiasgeihs marked this pull request as ready for review September 11, 2025 10:01
@matthiasgeihs matthiasgeihs requested review from a team as code owners September 11, 2025 10:01
lwin-kyaw
lwin-kyaw reviewed Sep 11, 2025
View reviewed changes
lwin-kyaw
lwin-kyaw reviewed Sep 11, 2025
View reviewed changes
packages/shield-controller/src/backend.ts
origin: signatureRequest.messageParams.origin,
};

const { coverageId } = await this.#initCoverageCheck(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please note that we can't always except coverageId to be in the response, with the 200 status.

Please check the swagger, as it has updated recently. (please select schema tab under the 200 response, not the example value)

Screenshot 2025-09-11 at 6 56 50 PM

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sample cases of 200 responses without coverageId ~

  • where origin is localhost or empty string (requests directly from metamask wallet)
  • when providing invalid chain id values

In such cases, we don't proceed to process the rulesets, we straight away return the Unknown result from the server.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This case also applies to transaction-coverage

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we throw an error in that case?
So basically now the init endpoint can also return a result? Kind of confusing. This creates unnecessary edge cases I believe.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please change the API backend. I do see several issues with this change. The expectation so far is that if we have a coverage result, either for signatures, or for transactions, it always has the same format. If we don't have that, a lot of complexity is added to the whole system. (Currently we can just treat the results within the same data structure. Then we might need separate data structure. Also, missing the coverageId might be problematic because it means we can't look up the corresponding backend calls.)

cursor[bot]

This comment was marked as outdated.

Sign in to view

@matthiasgeihs matthiasgeihs enabled auto-merge (squash) September 15, 2025 07:36
@matthiasgeihs matthiasgeihs merged commit 2f41e88 into main Sep 15, 2025
239 checks passed
@matthiasgeihs matthiasgeihs deleted the mg/shield/handle-sign branch September 15, 2025 07:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@lwin-kyaw lwin-kyaw Awaiting requested review from lwin-kyaw

Assignees
No one assigned
Labels
area-shield Transaction Shield team-web3auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@matthiasgeihs @lwin-kyaw