fix: fix walletconnect source validation (#11592)

## **Description** This PR fixes a request source validation check for walletconnect. We previously checked if the metadata url matches the origin. However the origin could be `wc::https://appkit-lab.reown.com/` or `wc::https://opensea.io` for example. ## **Related issues** Fixes: [SDK-56](https://consensyssoftware.atlassian.net/browse/SDK-56) ## **Manual testing steps** 1. Go to [WallectConnect Dapp](https://appkit-lab.reown.com/) 2. Connect using MetaMask 3. Perform a transaction 4. Check the MetaMask mobile analytics on Segment 5. The `request_source` should be `WalletConnect` ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [SDK-56]: https://consensyssoftware.atlassian.net/browse/SDK-56?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
MetaMask · Oct 8, 2024 · 1e17c39 · 1e17c39
1 parent f178cd0
commit 1e17c39
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 7 deletions.
diff --git a/app/components/Views/confirmations/Approval/index.js b/app/components/Views/confirmations/Approval/index.js
@@ -271,10 +271,17 @@ class Approval extends PureComponent {
       const wc2Manager = await WC2Manager.getInstance();
       const sessions = wc2Manager.getSessions();
       this.originIsWalletConnect = sessions.some((session) => {
-        DevLogger.log(
-          `Approval::detectOrigin Comparing session URL ${session.peer.metadata.url} with origin ${origin}`,
-        );
-        return session.peer.metadata.url === origin;
+        // Otherwise, compare the origin with the metadata URL
+        if (
+          session.peer.metadata.url === origin ||
+          origin.startsWith(WALLET_CONNECT_ORIGIN)
+        ) {
+          DevLogger.log(
+            `Approval::detectOrigin Comparing session URL ${session.peer.metadata.url} with origin ${origin}`,
+          );
+          return true;
+        }
+        return false;
       });
     }
     DevLogger.log(

diff --git a/app/components/Views/confirmations/components/ApproveTransactionReview/index.js b/app/components/Views/confirmations/components/ApproveTransactionReview/index.js
@@ -104,6 +104,7 @@ import { createBuyNavigationDetails } from '../../../../UI/Ramp/routes/utils';
 import SDKConnect from '../../../../../core/SDKConnect/SDKConnect';
 import DevLogger from '../../../../../core/SDKConnect/utils/DevLogger';
 import { WC2Manager } from '../../../../../core/WalletConnect/WalletConnectV2';
+import { WALLET_CONNECT_ORIGIN } from '../../../../../util/walletconnect';
 
 const { ORIGIN_DEEPLINK, ORIGIN_QR_CODE } = AppConstants.DEEPLINKS;
 const POLLING_INTERVAL_ESTIMATED_L1_FEE = 30000;
@@ -362,7 +363,11 @@ class ApproveTransactionReview extends PureComponent {
       // Check if it is walletConnect origin
       WC2Manager.getInstance().then((wc2) => {
         this.originIsWalletConnect = wc2.getSessions().some((session) => {
-          if (session.peer.metadata.url === origin) {
+          // Otherwise, compare the origin with the metadata URL
+          if (
+            session.peer.metadata.url === origin ||
+            origin.startsWith(WALLET_CONNECT_ORIGIN)
+          ) {
             DevLogger.log(
               `ApproveTransactionReview::componentDidMount Found matching session for origin ${origin}`,
             );

diff --git a/app/core/AppConstants.ts b/app/core/AppConstants.ts
@@ -171,8 +171,6 @@ export default {
     WC: 'WalletConnect',
     WC2: 'WalletConnectV2',
     IN_APP_BROWSER: 'In-App-Browser',
-    SDK_ANDROID: 'MetaMask-SDK-Android',
-    SDK_IOS: 'MetaMask-SDK-IOS',
   },
   MM_SDK: {
     SDK_CONNECTIONS: 'sdkConnections',