Skip to content

add: malicious send calls#401

Merged
seaona merged 17 commits into
mainfrom
eip5792-ppom
May 7, 2025
Merged

add: malicious send calls#401
seaona merged 17 commits into
mainfrom
eip5792-ppom

Conversation

@seaona

@seaona seaona commented Apr 10, 2025

Copy link
Copy Markdown
Member

Description

This PR adds a new section for malicious batch transactions.
On each send call we'll have 1 type of a malicious transaction, the rest will be the 2 default simple sends (benign).

Screenshots

Screenshot from 2025-04-11 15-40-32

malicious-eip5792.mp4

@seaona seaona marked this pull request as draft April 10, 2025 11:21
maliciousContractInteractionButton.onclick = async () => {
const contractAddress =
MALICIOUS_CONTRACT_ADDRESSES[globalContext.networkName] ||
MALICIOUS_CONTRACT_ADDRESSES.default;

@seaona seaona Apr 11, 2025

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we directly use the malicious contract interaction data from the sample contracts. We don't want to hide this button for these networks (unsure why this was added)
The payload for the hex data is what makes Blockaid flag it as malicious, no matter to which address we point, even if it's an EOA (which makes our life easier)

@seaona seaona self-assigned this Apr 11, 2025
@seaona seaona marked this pull request as ready for review April 11, 2025 07:52
@@ -0,0 +1,39 @@
import { maliciousAddress } from '../../sample-addresses';

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved the malicious tx's in this file, so they can be used both in the ppom tx and in the ppom batch txs

disabled
>
Malicious Set Approval For All
Malicious Contract Interaction

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

re-ordered these 2 as it makes more sense like this (first all custom contract interactions, and the last one the fallback contract interaction) -- also following this order for the batch

opBnb: '0x61d7e121185b1d7902a3da7f3c8ac9faaee8863b',
optimism: '0xaf18644083151cf57f914cccc23c42a1892c218e',
polygon: '0x9e8ea82e76262e957d4cc24e04857a34b0d8f062',
sepolia: '0xbba60aa8144579e07c6db64121b0f608ab6f0c89',

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reorder alphabetically

params: [
{
from: globalContext.accounts[0],
to: '0x5FbDB2315678afecb367f032d93F642f64180aa3',

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove hardcoded malicious address, and use the const

Comment thread src/sample-addresses.js
@@ -1 +1 @@
export const maliciousAddress = '0x5FbDB2315678afecb367f032d93F642f64180aa3';

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this address is no longer flagged as malicious (https://consensys.slack.com/archives/C08JQ6DDCSU/p1744401213662199?thread_ts=1744173737.539829&cid=C08JQ6DDCSU) replacing with a new address which isflagged

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the change has been reverted, as the address i working again as malicious

Comment thread src/components/ppom/sharedConstants.js
digiwand
digiwand previously approved these changes Apr 16, 2025
@seaona seaona merged commit 57d3df4 into main May 7, 2025
@seaona seaona deleted the eip5792-ppom branch May 7, 2025 15:23
@seaona seaona mentioned this pull request May 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants