Blockaid validation should be done on ethereum mainnet only (#20709)

app/scripts/lib/ppom/ppom-middleware.test.ts

@@ -1,3 +1,4 @@
+import { CHAIN_IDS } from '../../../../shared/constants/network';
 import {
   BlockaidReason,
   BlockaidResultType,
@@ -14,38 +15,48 @@ Object.defineProperty(globalThis, 'performance', {
   value: () => undefined,
 });
 
+const createMiddleWare = (
+  usePPOM?: any,
+  securityAlertsEnabled?: boolean,
+  chainId?: string,
+) => {
+  const usePPOMMock = jest.fn();
+  const ppomController = {
+    usePPOM: usePPOM || usePPOMMock,
+  };
+  const preferenceController = {
+    store: {
+      getState: () => ({
+        securityAlertsEnabled:
+          securityAlertsEnabled === undefined ?? securityAlertsEnabled,
+      }),
+    },
+  };
+  const networkController = {
+    state: { providerConfig: { chainId: chainId || CHAIN_IDS.MAINNET } },
+  };
+  return createPPOMMiddleware(
+    ppomController as any,
+    preferenceController as any,
+    networkController as any,
+  );
+};
+
 describe('PPOMMiddleware', () => {
   it('should call ppomController.usePPOM for requests of type confirmation', async () => {
-    const useMock = jest.fn();
+    const usePPOMMock = jest.fn();
-    const ppomController = {
+    const middlewareFunction = createMiddleWare(usePPOMMock);
-      usePPOM: useMock,
-    };
-    const preferenceController = {
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     await middlewareFunction(
       { method: 'eth_sendTransaction' },
       undefined,
       () => undefined,
     );
-    expect(useMock).toHaveBeenCalledTimes(1);
+    expect(usePPOMMock).toHaveBeenCalledTimes(1);
   });
 
   it('should add validation response on confirmation requests', async () => {
-    const ppomController = {
+    const usePPOM = async () => Promise.resolve('VALIDATION_RESULT');
-      usePPOM: async () => Promise.resolve('VALIDATION_RESULT'),
+    const middlewareFunction = createMiddleWare(usePPOM);
-    };
-    const preferenceController = {
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     const req = {
       method: 'eth_sendTransaction',
       securityAlertResponse: undefined,
@@ -55,16 +66,19 @@ describe('PPOMMiddleware', () => {
   });
 
   it('should not do validation if user has not enabled preference', async () => {
-    const ppomController = {
+    const usePPOM = async () => Promise.resolve('VALIDATION_RESULT');
-      usePPOM: async () => Promise.resolve('VALIDATION_RESULT'),
+    const middlewareFunction = createMiddleWare(usePPOM, false);
+    const req = {
+      method: 'eth_sendTransaction',
+      securityAlertResponse: undefined,
     };
-    const preferenceController = {
+    await middlewareFunction(req, undefined, () => undefined);
-      store: { getState: () => ({ securityAlertsEnabled: false }) },
+    expect(req.securityAlertResponse).toBeUndefined();
-    };
+  });
-    const middlewareFunction = createPPOMMiddleware(
+
-      ppomController as any,
+  it('should not do validation if user is not on mainnet', async () => {
-      preferenceController as any,
+    const usePPOM = async () => Promise.resolve('VALIDATION_RESULT');
-    );
+    const middlewareFunction = createMiddleWare(usePPOM, false, '0x2');
     const req = {
       method: 'eth_sendTransaction',
       securityAlertResponse: undefined,
@@ -74,18 +88,10 @@ describe('PPOMMiddleware', () => {
   });
 
   it('should set Failed type in response if usePPOM throw error', async () => {
-    const ppomController = {
+    const usePPOM = async () => {
-      usePPOM: async () => {
+      throw new Error('some error');
-        throw new Error('some error');
-      },
     };
-    const preferenceController = {
+    const middlewareFunction = createMiddleWare(usePPOM);
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     const req = {
       method: 'eth_sendTransaction',
       securityAlertResponse: undefined,
@@ -103,18 +109,10 @@ describe('PPOMMiddleware', () => {
     const ppom = {
       validateJsonRpc: () => undefined,
     };
-    const ppomController = {
+    const usePPOM = async (callback: any) => {
-      usePPOM: async (callback: any) => {
+      callback(ppom);
-        callback(ppom);
-      },
     };
-    const preferenceController = {
+    const middlewareFunction = createMiddleWare(usePPOM);
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     const nextMock = jest.fn();
     await middlewareFunction(
       { method: 'eth_sendTransaction' },
@@ -125,18 +123,10 @@ describe('PPOMMiddleware', () => {
   });
 
   it('should call next method when ppomController.usePPOM throws error', async () => {
-    const ppomController = {
+    const usePPOM = async (_callback: any) => {
-      usePPOM: async (_callback: any) => {
+      throw Error('Some error');
-        throw Error('Some error');
-      },
     };
-    const preferenceController = {
+    const middlewareFunction = createMiddleWare(usePPOM);
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     const nextMock = jest.fn();
     await middlewareFunction(
       { method: 'eth_sendTransaction' },
@@ -151,18 +141,10 @@ describe('PPOMMiddleware', () => {
     const ppom = {
       validateJsonRpc: validateMock,
     };
-    const ppomController = {
+    const usePPOM = async (callback: any) => {
-      usePPOM: async (callback: any) => {
+      callback(ppom);
-        callback(ppom);
-      },
     };
-    const preferenceController = {
+    const middlewareFunction = createMiddleWare(usePPOM);
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     await middlewareFunction(
       { method: 'eth_sendTransaction' },
       undefined,
@@ -176,18 +158,10 @@ describe('PPOMMiddleware', () => {
     const ppom = {
       validateJsonRpc: validateMock,
     };
-    const ppomController = {
+    const usePPOM = async (callback: any) => {
-      usePPOM: async (callback: any) => {
+      callback(ppom);
-        callback(ppom);
-      },
     };
-    const preferenceController = {
+    const middlewareFunction = createMiddleWare(usePPOM);
-      store: { getState: () => ({ securityAlertsEnabled: true }) },
-    };
-    const middlewareFunction = createPPOMMiddleware(
-      ppomController as any,
-      preferenceController as any,
-    );
     await middlewareFunction(
       { method: 'eth_someRequest' },
       undefined,

app/scripts/lib/ppom/ppom-middleware.ts

@@ -1,10 +1,12 @@
 import { PPOM } from '@blockaid/ppom_release';
 import { PPOMController } from '@metamask/ppom-validator';
+import { NetworkController } from '@metamask/network-controller';
 
 import {
   BlockaidReason,
   BlockaidResultType,
 } from '../../../../shared/constants/security-provider';
+import { CHAIN_IDS } from '../../../../shared/constants/network';
 import PreferencesController from '../../controllers/preferences';
 
 const { sentry } = global as any;
@@ -31,17 +33,24 @@ const ConfirmationMethods = Object.freeze([
  *
  * @param ppomController - Instance of PPOMController.
  * @param preferencesController - Instance of PreferenceController.
+ * @param networkController - Instance of NetworkController.
  * @returns PPOMMiddleware function.
  */
 export function createPPOMMiddleware(
   ppomController: PPOMController,
   preferencesController: PreferencesController,
+  networkController: NetworkController,
 ) {
   return async (req: any, _res: any, next: () => void) => {
     try {
       const securityAlertsEnabled =
         preferencesController.store.getState()?.securityAlertsEnabled;
-      if (securityAlertsEnabled && ConfirmationMethods.includes(req.method)) {
+      const { chainId } = networkController.state.providerConfig;
+      if (
+        securityAlertsEnabled &&
+        ConfirmationMethods.includes(req.method) &&
+        chainId === CHAIN_IDS.MAINNET
+      ) {
         // eslint-disable-next-line require-atomic-updates
         req.securityAlertResponse = await ppomController.usePPOM(
           async (ppom: PPOM) => {

app/scripts/metamask-controller.js

@@ -4076,7 +4076,11 @@ export default class MetamaskController extends EventEmitter {
 
     ///: BEGIN:ONLY_INCLUDE_IN(blockaid)
     engine.push(
-      createPPOMMiddleware(this.ppomController, this.preferencesController),
+      createPPOMMiddleware(
+        this.ppomController,
+        this.preferencesController,
+        this.networkController,
+      ),
     );
     ///: END:ONLY_INCLUDE_IN