fix: cp-12.15.2 Allow verifyingContract to be omitted from EIP-712 signatures (#31613)

Gudahtt · web-flow · commit a4179bcada42 · 2025-04-04T17:58:30.000Z
## **Description** The signature controller has been patched with changes from MetaMask/core#5595 to allow the `verifyingContract` field to be missing from EIP-712 signatures. It is optional in the spec. [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/31613?quickstart=1) ## **Related issues** Fixes #31607 ## **Manual testing steps** 1. Connect to the test-dapp 2. Enter this URL: ``` https://metamask.github.io/test-dapp/request.html?method=eth_signTypedData_v4&params=[%22YOUR_ADDRESSS_HERE%22,{%22types%22:{%22EIP712Domain%22:[{%22name%22:%22name%22,%22type%22:%22string%22}],%22Mail%22:[{%22name%22:%22from%22,%22type%22:%22string%22}]},%22primaryType%22:%22Mail%22,%22domain%22:{%22name%22:%22foo%22},%22message%22:{%from%22:%22foo%22}}] ``` (replace `YOUR_ADDRESS_HERE` with a connected address) 3. Previous it would fail. On this branch it should correctly prompt a signature confirmation. ## **Screenshots/Recordings**  ### **Before**  ### **After**  ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - We can manually test this for now, I will follow-up with an E2E test in a later PR - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
diff --git a/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch b/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch
@@ -0,0 +1,30 @@
+diff --git a/dist/utils/validation.cjs b/dist/utils/validation.cjs
+index eb116f75643a6607af10eb1669aaabfb48159826..349937fca246b26deac4a428fb3ad93dc7e18a6e 100644
+--- a/dist/utils/validation.cjs
++++ b/dist/utils/validation.cjs
+@@ -150,7 +150,9 @@ function validateAddress(address, propertyName) {
+ function validateVerifyingContract({ data, internalAccounts, origin, }) {
+     const verifyingContract = data?.domain?.verifyingContract;
+     const isExternal = origin && origin !== approval_controller_1.ORIGIN_METAMASK;
+-    if (isExternal &&
++    if (verifyingContract &&
++        typeof verifyingContract === 'string' &&
++        isExternal &&
+         internalAccounts.some((internalAccount) => internalAccount.toLowerCase() === verifyingContract.toLowerCase())) {
+         throw new Error(`External signature requests cannot use internal accounts as the verifying contract.`);
+     }
+diff --git a/dist/utils/validation.mjs b/dist/utils/validation.mjs
+index 58b55c134527537c0ef1f44876afcf2939e9ed53..d4af6e8a1e8fff08e422ebfa6b9f444dc24c8632 100644
+--- a/dist/utils/validation.mjs
++++ b/dist/utils/validation.mjs
+@@ -145,7 +145,9 @@ function validateAddress(address, propertyName) {
+ function validateVerifyingContract({ data, internalAccounts, origin, }) {
+     const verifyingContract = data?.domain?.verifyingContract;
+     const isExternal = origin && origin !== ORIGIN_METAMASK;
+-    if (isExternal &&
++    if (verifyingContract &&
++        typeof verifyingContract === 'string' &&
++        isExternal &&
+         internalAccounts.some((internalAccount) => internalAccount.toLowerCase() === verifyingContract.toLowerCase())) {
+         throw new Error(`External signature requests cannot use internal accounts as the verifying contract.`);
+     }
diff --git a/package.json b/package.json
@@ -314,7 +314,7 @@
     "@metamask/safe-event-emitter": "^3.1.1",
     "@metamask/scure-bip39": "^2.0.3",
     "@metamask/selected-network-controller": "^19.0.0",
-    "@metamask/signature-controller": "^26.0.0",
+    "@metamask/signature-controller": "patch:@metamask/signature-controller@npm%3A26.0.0#~/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch",
     "@metamask/smart-transactions-controller": "^16.3.0",
     "@metamask/snaps-controllers": "^11.1.0",
     "@metamask/snaps-execution-environments": "^7.1.0",
diff --git a/yarn.lock b/yarn.lock
@@ -6247,7 +6247,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@metamask/signature-controller@npm:^26.0.0":
+"@metamask/signature-controller@npm:26.0.0":
   version: 26.0.0
   resolution: "@metamask/signature-controller@npm:26.0.0"
   dependencies:
@@ -6268,6 +6268,27 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@metamask/signature-controller@patch:@metamask/signature-controller@npm%3A26.0.0#~/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch":
+  version: 26.0.0
+  resolution: "@metamask/signature-controller@patch:@metamask/signature-controller@npm%3A26.0.0#~/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch::version=26.0.0&hash=eeb7c7"
+  dependencies:
+    "@metamask/base-controller": "npm:^8.0.0"
+    "@metamask/controller-utils": "npm:^11.6.0"
+    "@metamask/eth-sig-util": "npm:^8.2.0"
+    "@metamask/utils": "npm:^11.2.0"
+    jsonschema: "npm:^1.4.1"
+    lodash: "npm:^4.17.21"
+    uuid: "npm:^8.3.2"
+  peerDependencies:
+    "@metamask/accounts-controller": ^26.0.0
+    "@metamask/approval-controller": ^7.0.0
+    "@metamask/keyring-controller": ^21.0.0
+    "@metamask/logging-controller": ^6.0.0
+    "@metamask/network-controller": ^22.0.0
+  checksum: 10/a2df7d134d1b8e48af9ef218c0011b8a41ca5dcbed23ce75cc089043950b5c95114bea223639230fc0197d81b1c89647bf99abad41b7368082aa829c2ff3aacd
+  languageName: node
+  linkType: hard
+
 "@metamask/slip44@npm:^4.1.0":
   version: 4.1.0
   resolution: "@metamask/slip44@npm:4.1.0"
@@ -27274,7 +27295,7 @@ __metadata:
     "@metamask/safe-event-emitter": "npm:^3.1.1"
     "@metamask/scure-bip39": "npm:^2.0.3"
     "@metamask/selected-network-controller": "npm:^19.0.0"
-    "@metamask/signature-controller": "npm:^26.0.0"
+    "@metamask/signature-controller": "patch:@metamask/signature-controller@npm%3A26.0.0#~/.yarn/patches/@metamask-signature-controller-npm-26.0.0-ecbc8b6cda.patch"
     "@metamask/smart-transactions-controller": "npm:^16.3.0"
     "@metamask/snaps-controllers": "npm:^11.1.0"
     "@metamask/snaps-execution-environments": "npm:^7.1.0"
