Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix UNSAFE_TODO for wallet #26253

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Fix UNSAFE_TODO for wallet #26253

wants to merge 2 commits into from

Conversation

supermassive
Copy link
Collaborator

Resolves

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Copy link
Contributor

[puLL-Merge] - brave/brave-core@26253

Description

This PR makes several changes to improve code quality, security, and performance in the Brave Wallet component. The main changes include:

  1. Refactoring of RLP encoding and decoding functions.
  2. Improvements to Ethereum transaction handling and signing.
  3. Updates to hash utility functions, particularly Keccak hashing.
  4. Enhancements to EthABI utility functions.
  5. Removal of unsafe TODO comments and associated code.

Possible Issues

  1. The changes to hash functions and encoding might have subtle impacts on existing functionality. Thorough testing is required to ensure compatibility with existing wallet operations.

  2. The removal of the UNSAFE_TODO macro and associated code could potentially introduce bugs if the replacements are not fully equivalent.

Security Hotspots

  1. The changes to cryptographic functions (e.g., KeccakHash) should be carefully reviewed to ensure they maintain the same security properties as the original implementations.

  2. The modifications to transaction signing and message hashing in Ethereum-related code need to be thoroughly vetted to prevent any potential vulnerabilities.

Changes

Changes

  1. browser/ui/webui/brave_wallet/android/android_wallet_page_ui.cc:

    • Removed UNSAFE_TODO macro usage and simplified SetupWebUIDataSource calls.
  2. browser/ui/webui/brave_wallet/ledger/ledger_ui.cc:

    • Removed UNSAFE_TODO macro usage in AddResourcePaths call.
  3. browser/ui/webui/brave_wallet/trezor/trezor_ui.cc:

    • Removed UNSAFE_TODO macro usage in AddResourcePaths call.
  4. browser/ui/webui/brave_wallet/wallet_page_ui.cc:

    • Simplified SetupWebUIDataSource call.
  5. browser/ui/webui/brave_wallet/wallet_panel_ui.cc:

    • Simplified SetupWebUIDataSource call.
  6. components/brave_wallet/browser/eip1559_transaction.cc:

    • Refactored GetMessageToSign and Serialize methods to use base::Extend.
    • Removed hash parameter from GetMessageToSign.
  7. components/brave_wallet/browser/eip2930_transaction.cc:

    • Similar refactoring as in eip1559_transaction.cc.
  8. components/brave_wallet/browser/ens_resolver_task.cc:

    • Updated usage of ExtractFixedBytesFromTuple to use template parameter.
  9. components/brave_wallet/browser/eth_abi_utils.cc:

    • Refactored ExtractFixedBytesFromTuple to use a template parameter.
  10. components/brave_wallet/browser/rlp_encode.cc:

    • Refactored RLP encoding functions to use std::vector<uint8_t> instead of std::string.
  11. components/brave_wallet/common/eth_address.cc:

    • Updated KeccakHash usage to work with new return type.
  12. components/brave_wallet/common/hash_utils.cc:

    • Refactored KeccakHash to return KeccakHashArray instead of std::vector<uint8_t>.
  13. components/brave_wallet/common/hex_utils.cc:

    • Improved Uint256ValueToHex function for better performance and correctness.

These changes aim to improve code quality, remove unsafe practices, and enhance the overall security and performance of the Brave Wallet component.

@@ -13,12 +13,14 @@

#include "base/containers/span.h"
#include "base/gtest_prod_util.h"
#include "brave/components/brave_wallet/common/hash_utils.h"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is this header for?

if (byte <= 0xf) {
std::string one_char_byte;
base::AppendHexEncodedByte(byte, one_char_byte, false);
result += one_char_byte[1];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

base::StrAppend?

#include "base/compiler_specific.h"
#include "base/containers/adapters.h"
#include "base/containers/span.h"
#include "base/debug/crash_logging.h"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leftover?

@@ -32,16 +32,6 @@ class JSSolanaProvider final : public gin::Wrappable<JSSolanaProvider>,

static gin::WrapperInfo kWrapperInfo;

class V8ConverterStrategy : public content::V8ValueConverter::Strategy {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we remove it entirely?
Have you tried solana.publicKey and solana.signTransaction after removal?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This
https://github.com/brave/brave-core/pull/13419/files#diff-7cdd1da2bab576a68d9a1469b45add340ad978aafbdff369f3e590b1aaf8febb

changed v8array -> base::Value conversion from Value(base58 string) to Value(blob) which is exactly what default implementation does https://source.chromium.org/chromium/chromium/src/+/main:content/renderer/v8_value_converter_impl.cc;l=503-529
so we don't need custom conversion strategy

Tried solana.publicKey and it works as before

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants