MetaMask
[Bug]: Certain PPOM signatures are not functioning as expected.
Describe the bug
Malicious ERC 20 Approval (BUSD), Malicious Set Approval for All, and Malicious ERC20 Approval with Odd Hex Data are not being identified by PPOM.
Not sure if that's expected but the token name on BNB is displayed as anyUSDC and in RC 12.5.0 Malicious ERC 20 Approval (BUSD) is not flagged (account has enough USDC).
Expected behavior
Screenshots/Recordings
Steps to reproduce
- Connect to test dapp
- Click
Malicious ERC 20 Approval (BUSD),Malicious Set Approval for All,orMalicious ERC20 Approval with Odd Hex Data
Error messages or log output
No response
Detection stage
In production (default)
Version
develop
Build type
None
Browser
Chrome
Operating system
MacOS
Hardware wallet
No response
Additional context
No response
Severity
No response
Latest develop build
Malicious ERC 20 Transfer(USDC) is not flagged on - Ethereum, Linea, BNB
Malicious ERC 20 Approval (BUSD) is not flagged on - Ethereum, Linea
Malicious Set Approval for All is not flagged on - Ethereum, Linea, Avalanche
Malicious Permit is not flagged on - zkSync
Malicious Seaport is not flagged on - zkSync
Set ETH Malicious x10 Batch is not flagged on - zkSync
Set ETH Malicious x10 Queue is not flagged on - zkSync
Malicious Approval with Odd Hex Data is not flagged on - Linea
Malicious Permit with Padded ChainID is not flagged on - zkSync
Sign Permit is not flagged on - Linea, Avalanche, zkSync
ERC20 transfer on BNB (header):
On the latest develop build, getting the same above results, except for Ethereum Mainnet and zkSync:
- Ethereum Mainnet:
Console error Error validating JSON RPC using PPOM: Error: simulation: fallback: (code: -32000, message: , data: None) for all the below:
Send EIP 1559 Transaction
Send EIP 1559 without gas
Malicious ERC20 transfer (USDC)
Malicious ERC20 Approval (BUSD)
Malicious Set Approval for All
Malicious ERC 20 Approval with Odd Hex Data
2. zkSync:
No console error and only the following are not flagged:
Malicious Permit
Malicious Seaport
Malicious Permit with Padded ChainID
https://github.com/user-attachments/assets/fb6e075c-f294-42c8-9ee4-96474ce04d46
https://github.com/user-attachments/assets/07561b3c-9fe5-42df-b346-8acc6c49312e
The errors should recently have been fixed with this PR: https://github.com/MetaMask/metamask-extension/pull/27939. As @Unik0rnMaggie reported they are not, we should investigate what might be causing failures on Ethereum cc: @jpuri .
It not behaving correctly on other networks is likely because the current address used on those request is not a valid token/nft on those networks.
@Unik0rnMaggie
Latest develop.
Ethereum:
EIP 1559 and Legacy - same error in the console Error validating JSON RPC using PPOM: Error: simulation: fallback: (code: -32000, message: , data: None), yellow warning:
Not flagged:
Malicious ERC20 transfer (USDC)
Malicious ERC20 Approval (BUSD)
Malicious Set Approval for All
Malicious ERC 20 Approval with Odd Hex Data
I checked with latest code in develop branch today and all malicious transactions except Malicious ERC20 Transfer (USDC) is working on mainnet. This one I think was not working even before.
Hi Team,
As per chat with @jpuri it seems the errors might occur due to missing access on provider for my Infura Key.
With the production Infura key I do not experience any errors.
@bschorchit would it be possible to receive the access on my Infura key to verify if the error persists?
Thank you
Closing as this is not an issue with the production Infura key! We can re-open if we encounter this again.
@Unik0rnMaggie I'll follow up with you re: permissions for Infura key on slack