Warn on EIP2612 Permit

RevokeCash · Aug 19, 2022 · 3a38ba9 · 3a38ba9
1 parent 56d8a53
commit 3a38ba9
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 7 deletions.
diff --git a/src/background.ts b/src/background.ts
@@ -1,7 +1,7 @@
 import { providers } from 'ethers';
 import Browser from 'webextension-polyfill';
 import { RequestType } from './constants';
-import { addressToAppName, decodeApproval, decodeOpenSeaListing, getOpenSeaItemTokenData, getRpcUrl, getTokenData } from './utils';
+import { addressToAppName, decodeApproval, decodeOpenSeaListing, decodePermit, getOpenSeaItemTokenData, getRpcUrl, getTokenData } from './utils';
 
 // Note that these messages will be periodically cleared due to the background service shutting down
 // after 5 minutes of inactivity (see Manifest v3 docs).
@@ -62,7 +62,11 @@ const processTransactionBypassCheckRequest = (message: any) => {
 
 
 const processSignatureRequest = async (message: any, remotePort: Browser.Runtime.Port) => {
-  const popupCreated = await createOpenSeaListingPopup(message);
+  const { primaryType } = message?.data?.typedData;
+
+  const popupCreated = primaryType === 'Permit'
+    ? await createAllowancePopup(message)
+    : await createOpenSeaListingPopup(message);
 
   if (!popupCreated) {
     remotePort.postMessage({ id: message.id, data: true });
@@ -73,16 +77,24 @@ const processSignatureRequest = async (message: any, remotePort: Browser.Runtime
   messagePorts[message.id] = remotePort;
 }
 
-const processSignatureBypassCheckRequest = (message: any) => {
-  createOpenSeaListingPopup(message);
+const processSignatureBypassCheckRequest = async (message: any) => {
+  const { primaryType } = message?.data?.typedData;
+
+  if (primaryType === 'Permit') {
+    await createAllowancePopup(message)
+  } else {
+    await createOpenSeaListingPopup(message);
+  }
 }
 
 const createAllowancePopup = async (message: any) => {
   const { ['settings:warnOnApproval']: warnOnApproval } = await Browser.storage.local.get({ 'settings:warnOnApproval': true });
   if (!warnOnApproval) return false;
 
-  const { transaction, chainId } = message.data;
-  const allowance = decodeApproval(transaction.data ?? '', transaction.to ?? '');
+  const { transaction, typedData, chainId } = message.data;
+  const allowance = transaction
+    ? decodeApproval(transaction.data ?? '', transaction.to ?? '')
+    : decodePermit(typedData);
 
   // Return false if we don't create a popup
   if (!allowance) return false;
@@ -96,7 +108,7 @@ const createAllowancePopup = async (message: any) => {
     addressToAppName(allowance.spender, chainId),
     Browser.windows.getCurrent(),
   ]).then(async ([tokenData, spenderName, window]) => {
-    const bypassed = message.data.type === RequestType.TRANSACTION_BYPASS_CHECK;
+    const bypassed = [RequestType.TRANSACTION_BYPASS_CHECK, RequestType.SIGNATURE_BYPASS_CHECK].includes(message.data.type);
 
     const queryString = new URLSearchParams({
       id: message.id,

diff --git a/src/utils.ts b/src/utils.ts
@@ -60,6 +60,19 @@ export const decodeApproval = (data: string, asset: string) => {
   return undefined;
 };
 
+export const decodePermit = (typedData: any) => {
+  if (typedData?.primaryType === 'Permit') {
+    const asset = typedData?.domain?.verifyingContract;
+    const { spender, value, allowed } = typedData?.message;
+
+    if (!asset || value === '0' || allowed === false) return undefined;
+
+    return { asset, spender };
+  }
+
+  return undefined;
+};
+
 export const decodeOpenSeaListing = (data: any) => {
   const { offer, offerer } = data?.message ?? {};
   if (!offer || !offerer) return undefined;