@avalabs/evm-module 0.0.16 → 0.0.17

package/package.json

@@ -1,18 +1,19 @@
 {
   "name": "@avalabs/evm-module",
-  "version": "0.0.16",
+  "version": "0.0.17",
   "main": "dist/index.cjs",
   "module": "dist/index.js",
   "typings": "dist/index.d.ts",
   "type": "module",
   "dependencies": {
-    "@avalabs/vm-module-types": "0.0.16",
+    "@avalabs/vm-module-types": "0.0.17",
     "@zodios/core": "10.9.6",
     "@avalabs/coingecko-sdk": "v2.8.0-alpha.193",
     "@avalabs/utils-sdk": "2.8.0-alpha.193",
     "@avalabs/etherscan-sdk": "v2.8.0-alpha.193",
     "@avalabs/glacier-sdk": "v2.8.0-alpha.193",
     "@avalabs/wallets-sdk": "v2.8.0-alpha.193",
+    "@blockaid/client": "0.11.0",
     "bn.js": "5.2.1",
     "lodash.startcase": "4.4.0",
     "@metamask/rpc-errors": "6.3.0",
@@ -31,7 +32,7 @@
     "ethers": "6.8.1",
     "@internal/tsup-config": "0.0.1",
     "eslint-config-custom": "0.0.1",
-    "@internal/utils": "0.0.2"
+    "@internal/utils": "0.0.3"
   },
   "peerDependencies": {
     "ethers": "^6.8.1"

package/src/constants.ts

@@ -0,0 +1 @@
+export const DEFAULT_DECIMALS = 18;

package/src/handlers/eth-send-transaction/eth-send-transaction.test.ts

@@ -3,16 +3,33 @@ import { parseRequestParams } from './schema';
 import { estimateGasLimit } from '../../utils/estimate-gas-limit';
 import { getNonce } from '../../utils/get-nonce';
 import { rpcErrors } from '@metamask/rpc-errors';
-import { RpcMethod, type ApprovalController, type Network } from '@avalabs/vm-module-types';
+import { AlertType, RpcMethod, TokenType, type ApprovalController, type Network } from '@avalabs/vm-module-types';
 import { ZodError } from 'zod';
 import { getProvider } from '../../utils/get-provider';
+import Blockaid from '@blockaid/client';
 
 const mockGetProvider = getProvider as jest.MockedFunction<typeof getProvider>;
 
+const PROXY_API_URL = 'https://proxy-api.avax.network';
+
 jest.mock('./schema');
 jest.mock('../../utils/estimate-gas-limit');
 jest.mock('../../utils/get-nonce');
 jest.mock('../../utils/get-provider');
+jest.mock('@blockaid/client', () => {
+  return jest.fn().mockImplementation(() => {
+    return {
+      evm: {
+        transaction: {
+          scan: jest.fn().mockResolvedValue({ validation: { result_type: 'Benign' } }),
+        },
+        jsonRpc: {
+          scan: jest.fn(),
+        },
+      },
+    };
+  });
+});
 
 const mockOnTransactionConfirmed = jest.fn();
 const mockOnTransactionReverted = jest.fn();
@@ -64,6 +81,7 @@ const testRequestParams = () => ({
   },
   network: testNetwork,
   approvalController: mockApprovalController,
+  proxyApiUrl: PROXY_API_URL,
 });
 
 const displayData = {
@@ -80,6 +98,9 @@ const displayData = {
     data: '0xdata',
   },
   networkFeeSelector: true,
+  alert: undefined,
+  tokenApprovals: undefined,
+  balanceChange: undefined,
 };
 
 const signingData = {
@@ -221,6 +242,149 @@ describe('eth_sendTransaction handler', () => {
     });
   });
 
+  it('should add alert object with Warning type to displayData when validation result is Warning', async () => {
+    testWithValidationResultType('Warning');
+  });
+
+  it('should add alert object with Warning type to displayData when validation result is Error', async () => {
+    testWithValidationResultType('Error');
+  });
+
+  it('should add alert object with Danger type to displayData when validation result is Malicious', async () => {
+    testWithValidationResultType('Malicious');
+  });
+
+  it('should process transaction and add token approvals and balance changes to displayData', async () => {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    (Blockaid as any).mockImplementation(() => ({
+      evm: {
+        transaction: {
+          scan: jest.fn().mockResolvedValue({
+            validation: { result_type: 'Benign' },
+            simulation: {
+              status: 'Success',
+              account_summary: {
+                exposures: [
+                  {
+                    asset: {
+                      type: TokenType.ERC20,
+                      address: '0xTokenAddress',
+                      name: 'TokenName',
+                      symbol: 'TKN',
+                      decimals: 18,
+                      logo_url: 'logo_url',
+                    },
+                    spenders: {
+                      '0xSpenderAddress': {
+                        exposure: [{ raw_value: '1', usd_price: '1' }],
+                      },
+                    },
+                  },
+                ],
+                assets_diffs: [
+                  {
+                    asset: {
+                      name: 'TokenName',
+                      symbol: 'TKN',
+                      decimals: 18,
+                      logo_url: 'logo_url',
+                      type: TokenType.ERC20,
+                      address: '0xTokenAddress',
+                    },
+                    in: [{ value: '1', usd_price: '1' }],
+                    out: [{ value: '1', usd_price: '1' }],
+                  },
+                ],
+              },
+            },
+          }),
+        },
+      },
+    }));
+
+    mockParseRequestParams.mockReturnValue({
+      success: true,
+      data: [{ from: '0xfrom', to: '0xto', data: '0xdata', value: '0xvalue', nonce: '12', gas: '0x5208' }],
+    });
+
+    const requestParams = testRequestParams();
+
+    await ethSendTransaction(requestParams);
+
+    expect(mockGetProvider).toHaveBeenCalledWith({
+      chainId: 1,
+      chainName: 'chainName',
+      rpcUrl: 'rpcUrl',
+      multiContractAddress: 'multiContractAddress',
+      pollingInterval: 1000,
+    });
+
+    expect(mockApprovalController.requestApproval).toHaveBeenCalledWith({
+      request: requestParams.request,
+      displayData: {
+        ...displayData,
+        tokenApprovals: {
+          isEditable: true,
+          approvals: [
+            {
+              token: {
+                type: TokenType.ERC20,
+                address: '0xTokenAddress',
+                name: 'TokenName',
+                symbol: 'TKN',
+                decimals: 18,
+                logoUri: 'logo_url',
+              },
+              spenderAddress: '0xSpenderAddress',
+              value: '1',
+              usdPrice: '1',
+              logoUri: 'logo_url',
+            },
+          ],
+        },
+        balanceChange: {
+          ins: [
+            {
+              token: {
+                type: TokenType.ERC20,
+                address: '0xTokenAddress',
+                name: 'TokenName',
+                symbol: 'TKN',
+                decimals: 18,
+                logoUri: 'logo_url',
+              },
+              items: [
+                {
+                  displayValue: '1',
+                  usdPrice: '1',
+                },
+              ],
+            },
+          ],
+          outs: [
+            {
+              token: {
+                type: TokenType.ERC20,
+                address: '0xTokenAddress',
+                name: 'TokenName',
+                symbol: 'TKN',
+                decimals: 18,
+                logoUri: 'logo_url',
+              },
+              items: [
+                {
+                  displayValue: '1',
+                  usdPrice: '1',
+                },
+              ],
+            },
+          ],
+        },
+      },
+      signingData,
+    });
+  });
+
   it('should return error if gas limit calculation fails', async () => {
     mockParseRequestParams.mockReturnValue({
       success: true,
@@ -331,3 +495,70 @@ describe('eth_sendTransaction handler', () => {
     });
   });
 });
+
+const testWithValidationResultType = async (resultType: 'Warning' | 'Error' | 'Malicious') => {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  (Blockaid as any).mockImplementation(() => ({
+    evm: {
+      transaction: {
+        scan: jest.fn().mockResolvedValue({
+          validation: { result_type: resultType },
+          simulation: { status: 'Success', account_summary: { exposures: [], assets_diffs: [] } },
+        }),
+      },
+    },
+  }));
+
+  mockParseRequestParams.mockReturnValue({
+    success: true,
+    data: [{ from: '0xfrom', to: '0xto', data: '0xdata', value: '0xvalue', nonce: '12', gas: '0x5208' }],
+  });
+
+  const requestParams = testRequestParams();
+
+  await ethSendTransaction(requestParams);
+
+  expect(mockGetProvider).toHaveBeenCalledWith({
+    chainId: 1,
+    chainName: 'chainName',
+    rpcUrl: 'rpcUrl',
+    multiContractAddress: 'multiContractAddress',
+    pollingInterval: 1000,
+  });
+
+  if (resultType === 'Malicious') {
+    expect(mockApprovalController.requestApproval).toHaveBeenCalledWith({
+      request: requestParams.request,
+      displayData: {
+        ...displayData,
+        alert: {
+          type: AlertType.DANGER,
+          details: {
+            title: 'Scam Transaction',
+            description: 'This transaction is malicious, do not proceed.',
+            actionTitles: {
+              reject: 'Reject Transaction',
+              proceed: 'Proceed Anyway',
+            },
+          },
+        },
+      },
+      signingData,
+    });
+  } else {
+    expect(mockApprovalController.requestApproval).toHaveBeenCalledWith({
+      request: requestParams.request,
+      displayData: {
+        ...displayData,
+        alert: {
+          type: AlertType.WARNING,
+          details: {
+            title: 'Suspicious Transaction',
+            description: 'Use caution, this transaction may be malicious.',
+          },
+        },
+      },
+      signingData,
+    });
+  }
+};

package/src/handlers/eth-send-transaction/eth-send-transaction.ts

@@ -13,15 +13,20 @@ import { getNonce } from '../../utils/get-nonce';
 import { rpcErrors } from '@metamask/rpc-errors';
 import { getProvider } from '../../utils/get-provider';
 import type { JsonRpcBatchInternal } from '@avalabs/wallets-sdk';
+import { processTransactionSimulation } from '../../utils/process-transaction-simulation';
+import { parseERC20TransactionType } from '../../utils/parse-erc20-transaction-type';
+import { ERC20TransactionType } from '../../types';
 
 export const ethSendTransaction = async ({
   request,
   network,
   approvalController,
+  proxyApiUrl,
 }: {
   request: RpcRequest;
   network: Network;
   approvalController: ApprovalController;
+  proxyApiUrl: string;
 }) => {
   const { dappInfo, params } = request;
 
@@ -87,14 +92,24 @@ export const ethSendTransaction = async ({
     }
   }
 
-  // TODO: validate + simulate transaction
-  // https://ava-labs.atlassian.net/browse/CP-8870
+  const transactionType = parseERC20TransactionType(transaction);
+
+  const { alert, balanceChange, tokenApprovals } = await processTransactionSimulation({
+    request,
+    proxyApiUrl,
+    chainId: network.chainId,
+    params: transaction,
+    dAppUrl: request.dappInfo.url,
+  });
 
   // generate display and signing data
-  // TODO adjust title for different transaction types
-  // https://ava-labs.atlassian.net/browse/CP-8870
+  let title = 'Approve Transaction';
+  if (transactionType === ERC20TransactionType.APPROVE) {
+    title = 'Token Spend Approval';
+  }
+
   const displayData: DisplayData = {
-    title: 'Approve Transaction',
+    title,
     network: {
       chainId: network.chainId,
       name: network.chainName,
@@ -105,8 +120,12 @@ export const ethSendTransaction = async ({
       from: transaction.from,
       to: transaction.to,
       data: transaction.data,
+      type: transactionType,
     },
     networkFeeSelector: true,
+    alert,
+    balanceChange,
+    tokenApprovals,
   };
 
   const signingData: SigningData = {

package/src/handlers/eth-sign/eth-sign.test.ts

@@ -1,6 +1,24 @@
 import { ethSign } from './eth-sign';
-import { RpcMethod, BannerType } from '@avalabs/vm-module-types';
+import { AlertType, RpcMethod } from '@avalabs/vm-module-types';
 import { rpcErrors } from '@metamask/rpc-errors';
+import Blockaid from '@blockaid/client';
+
+const PROXY_API_URL = 'https://proxy-api.avax.network';
+
+jest.mock('@blockaid/client', () => {
+  return jest.fn().mockImplementation(() => {
+    return {
+      evm: {
+        transaction: {
+          scan: jest.fn().mockResolvedValue({ validation: { result_type: 'Benign' } }),
+        },
+        jsonRpc: {
+          scan: jest.fn().mockResolvedValue({ validation: { result_type: 'Benign' } }),
+        },
+      },
+    };
+  });
+});
 
 jest.mock('./schemas/parse-request-params/parse-request-params', () => ({
   parseRequestParams: jest.fn(),
@@ -31,37 +49,38 @@ const mockBeautifySimpleMessage = require('./utils/beautify-message/beautify-mes
 const mockBeautifyComplexMessage = require('./utils/beautify-message/beautify-message').beautifyComplexMessage;
 const mockIsTypedDataV1 = require('./utils/typeguards').isTypedDataV1;
 
-describe('ethSign', () => {
-  const mockRequest = {
-    method: RpcMethod.ETH_SIGN,
-    params: ['0x123'],
-    dappInfo: {
-      name: 'Test DApp',
-      url: 'test-url',
-      icon: 'test-icon-uri',
-    },
-    requestId: 'requestId',
-    sessionId: 'sessionId',
-    chainId: 'eip155:1',
-  };
-  const mockNetwork = {
-    chainId: 1,
-    chainName: 'Ethereum',
-    logoUri: 'test-logo-uri',
-    rpcUrl: 'rpcUrl',
-    networkToken: {
-      name: 'ethereum',
-      symbol: 'ETH',
-      decimals: 18,
-    },
-  };
+const mockRequest = {
+  method: RpcMethod.ETH_SIGN,
+  params: ['0x123'],
+  dappInfo: {
+    name: 'Test DApp',
+    url: 'test-url',
+    icon: 'test-icon-uri',
+  },
+  requestId: 'requestId',
+  sessionId: 'sessionId',
+  chainId: 'eip155:1',
+};
+
+const mockNetwork = {
+  chainId: 1,
+  chainName: 'Ethereum',
+  logoUri: 'test-logo-uri',
+  rpcUrl: 'rpcUrl',
+  networkToken: {
+    name: 'ethereum',
+    symbol: 'ETH',
+    decimals: 18,
+  },
+};
 
-  const mockApprovalController = {
-    requestApproval: jest.fn(),
-    onTransactionConfirmed: jest.fn(),
-    onTransactionReverted: jest.fn(),
-  };
+const mockApprovalController = {
+  requestApproval: jest.fn(),
+  onTransactionConfirmed: jest.fn(),
+  onTransactionReverted: jest.fn(),
+};
 
+describe('ethSign', () => {
   beforeEach(() => {
     mockApprovalController.requestApproval.mockResolvedValue({ result: '0x1234' });
     mockBeautifySimpleMessage.mockReturnValue('beautified simple message');
@@ -75,6 +94,7 @@ describe('ethSign', () => {
       request: mockRequest,
       network: mockNetwork,
       approvalController: mockApprovalController,
+      proxyApiUrl: PROXY_API_URL,
     });
 
     expect(result).toEqual({
@@ -96,16 +116,19 @@ describe('ethSign', () => {
         request: { ...mockRequest, method },
         network: mockNetwork,
         approvalController: mockApprovalController,
+        proxyApiUrl: PROXY_API_URL,
       });
 
       expect(mockApprovalController.requestApproval).toHaveBeenCalledWith(
         expect.objectContaining({
           displayData: expect.objectContaining({
-            banner: {
-              type: BannerType.WARNING,
-              title: 'Warning: Verify Message Content',
-              description: 'This message contains non-standard elements.',
-              detailedDescription: 'Invalid typed data',
+            alert: {
+              type: AlertType.INFO,
+              details: {
+                title: 'Warning: Verify Message Content',
+                description: 'This message contains non-standard elements.',
+                detailedDescription: 'Invalid typed data',
+              },
             },
           }),
         }),
@@ -153,6 +176,7 @@ describe('ethSign', () => {
         request: { ...mockRequest, method },
         network: mockNetwork,
         approvalController: mockApprovalController,
+        proxyApiUrl: PROXY_API_URL,
       });
 
       expect(mockApprovalController.requestApproval).toHaveBeenCalledWith({
@@ -172,6 +196,9 @@ describe('ethSign', () => {
             logoUri: 'test-logo-uri',
             name: 'Ethereum',
           },
+          alert: undefined,
+          balanceChange: undefined,
+          tokenApprovals: undefined,
         },
         request: { ...mockRequest, method },
         signingData: {
@@ -184,6 +211,18 @@ describe('ethSign', () => {
     },
   );
 
+  it('should add alert object with Warning type to displayData when validation result is Warning', async () => {
+    testWithValidationResultType('Warning');
+  });
+
+  it('should add alert object with Warning type to displayData when validation result is Error', async () => {
+    testWithValidationResultType('Error');
+  });
+
+  it('should add alert object with Danger type to displayData when validation result is Malicious', async () => {
+    testWithValidationResultType('Malicious');
+  });
+
   it('should handle success case for approvalController.requestApproval', async () => {
     mockParseRequestParams.mockReturnValueOnce({
       success: true,
@@ -194,6 +233,7 @@ describe('ethSign', () => {
       request: mockRequest,
       network: mockNetwork,
       approvalController: mockApprovalController,
+      proxyApiUrl: PROXY_API_URL,
     });
 
     expect(result).toEqual({ result: '0x1234' });
@@ -210,8 +250,71 @@ describe('ethSign', () => {
       request: mockRequest,
       network: mockNetwork,
       approvalController: mockApprovalController,
+      proxyApiUrl: PROXY_API_URL,
     });
 
     expect(result).toEqual({ error: 'User denied message signature' });
   });
 });
+
+const testWithValidationResultType = async (resultType: 'Warning' | 'Error' | 'Malicious') => {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  (Blockaid as any).mockImplementation(() => ({
+    evm: {
+      jsonRpc: {
+        scan: jest.fn().mockResolvedValue({
+          validation: { result_type: resultType },
+          simulation: { status: 'Success', account_summary: { exposures: [], assets_diffs: [] } },
+        }),
+      },
+    },
+  }));
+
+  mockParseRequestParams.mockReturnValueOnce({
+    success: true,
+    data: { method: RpcMethod.ETH_SIGN, data: 'data', address: '0xabc' },
+  });
+
+  const result = await ethSign({
+    request: mockRequest,
+    network: mockNetwork,
+    approvalController: mockApprovalController,
+    proxyApiUrl: PROXY_API_URL,
+  });
+
+  expect(result).toEqual({ result: '0x1234' });
+
+  if (resultType === 'Malicious') {
+    expect(mockApprovalController.requestApproval).toHaveBeenCalledWith(
+      expect.objectContaining({
+        displayData: expect.objectContaining({
+          alert: {
+            type: AlertType.DANGER,
+            details: {
+              title: 'Scam Transaction',
+              description: 'This transaction is malicious, do not proceed.',
+              actionTitles: {
+                reject: 'Reject Transaction',
+                proceed: 'Proceed Anyway',
+              },
+            },
+          },
+        }),
+      }),
+    );
+  } else {
+    expect(mockApprovalController.requestApproval).toHaveBeenCalledWith(
+      expect.objectContaining({
+        displayData: expect.objectContaining({
+          alert: {
+            type: AlertType.WARNING,
+            details: {
+              title: 'Suspicious Transaction',
+              description: 'Use caution, this transaction may be malicious.',
+            },
+          },
+        }),
+      }),
+    );
+  }
+};

package/src/handlers/eth-sign/eth-sign.ts

@@ -5,7 +5,8 @@ import {
   type DisplayData,
   type RpcRequest,
   RpcMethod,
-  BannerType,
+  type Alert,
+  AlertType,
 } from '@avalabs/vm-module-types';
 import { rpcErrors } from '@metamask/rpc-errors';
 import { toUtf8String } from 'ethers';
@@ -13,15 +14,18 @@ import { beautifySimpleMessage, beautifyComplexMessage } from './utils/beautify-
 import { parseRequestParams } from './schemas/parse-request-params/parse-request-params';
 import { isTypedDataV1 } from './utils/typeguards';
 import { isTypedDataValid } from './utils/is-typed-data-valid';
+import { processJsonRpcSimulation } from '../../utils/process-transaction-simulation';
 
 export const ethSign = async ({
   request,
   network,
   approvalController,
+  proxyApiUrl,
 }: {
   request: RpcRequest;
   network: Network;
   approvalController: ApprovalController;
+  proxyApiUrl: string;
 }) => {
   const result = parseRequestParams({ method: request.method, params: request.params });
 
@@ -46,14 +50,16 @@ export const ethSign = async ({
   let signingData: SigningData | undefined;
   let messageDetails: string | undefined;
   let disclaimer: string | undefined;
-  let banner: DisplayData['banner'] | undefined;
+  let alert: Alert | undefined;
 
   if (typedDataValidationResult && !typedDataValidationResult.isValid) {
-    banner = {
-      type: BannerType.WARNING,
-      title: 'Warning: Verify Message Content',
-      description: 'This message contains non-standard elements.',
-      detailedDescription: (typedDataValidationResult.error as Error).toString(),
+    alert = {
+      type: AlertType.INFO,
+      details: {
+        title: 'Warning: Verify Message Content',
+        description: 'This message contains non-standard elements.',
+        detailedDescription: (typedDataValidationResult.error as Error).toString(),
+      },
     };
   }
 
@@ -106,8 +112,20 @@ export const ethSign = async ({
     };
   }
 
+  const {
+    alert: prioritizedAlert,
+    balanceChange,
+    tokenApprovals,
+  } = await processJsonRpcSimulation({
+    request,
+    proxyApiUrl,
+    accountAddress: address,
+    chainId: network.chainId,
+    data: { method, params: request.params },
+    dAppUrl: request.dappInfo.url,
+  });
+
   const displayData: DisplayData = {
-    banner,
     title: 'Sign Message',
     dAppInfo: {
       name: request.dappInfo.name,
@@ -122,6 +140,9 @@ export const ethSign = async ({
     account: address,
     messageDetails,
     disclaimer,
+    alert: prioritizedAlert ?? alert,
+    balanceChange,
+    tokenApprovals,
   };
 
   // prompt user for approval