feat: restrict safe pass safe app access for ofac blocked addresses #4066
Conversation
Branch preview✅ Deploy successful! Storybook: |
ESLint Summary View Full Report
Report generated by eslint-plus-action |
📦 Next.js Bundle Analysis for safe-wallet-webThis analysis was generated by the Next.js Bundle Analysis action. 🤖
|
| Page | Size (compressed) |
|---|---|
global |
940.53 KB (🟡 +125 B) |
Details
The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!
Three Pages Changed Size
The following pages changed size from the code in this PR compared to its base branch:
| Page | Size (compressed) | First Load |
|---|---|---|
/apps/open |
56.73 KB (🟡 +1.99 KB) |
997.25 KB |
/home |
60.28 KB (🟡 +25 B) |
1000.81 KB |
/stake |
593 B (🟡 +4 B) |
941.11 KB |
Details
Only the gzipped size is provided here based on an expert tip.
First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.
Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis
Next to the size is how much the size has increased or decreased compared with the base branch of this PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this.
Coverage report
Show new covered files 🐣
Show files with reduced coverage 🔻
Test suite run success1490 tests passing in 204 suites. Report generated by 🧪jest coverage report action from c3a6485 |
| if (isSafeSanctioned) { | ||
| return safeAddress | ||
| } | ||
| if (isWalletSanctioned) { | ||
| return wallet?.address | ||
| } |
There was a problem hiding this comment.
data contains the error message in case the useGetIsSanctionedQuery throws so I think it would falsely say that an address is sanctioned if the network request fails.
There was a problem hiding this comment.
I think that is not true. The error seems to be transformed and returned in the error field of useGetIsSanctionedQuery
There was a problem hiding this comment.
It is expected to either return a data or error field.
https://redux-toolkit.js.org/rtk-query/usage/customizing-queries#implementing-a-queryfn
There was a problem hiding this comment.
Should we remove the data assignment on error then inside the ofacApi query?
return { error: { status: 'CUSTOM_ERROR', data: (error as Error).message } }
ESLint Summary View Full Report
Report generated by eslint-plus-action |
| @@ -43,6 +45,8 @@ const AppFrame = ({ appUrl, allowedFeaturesList, safeAppFromManifest }: AppFrame | |||
| const chainId = useChainId() | |||
| const chain = useCurrentChain() | |||
| const router = useRouter() | |||
| const sanctionedAddress = useSanctionedAddress() | |||
There was a problem hiding this comment.
This will make a request for all apps, not just SAP app.
| @@ -43,6 +45,8 @@ const AppFrame = ({ appUrl, allowedFeaturesList, safeAppFromManifest }: AppFrame | |||
| const chainId = useChainId() | |||
| const chain = useCurrentChain() | |||
| const router = useRouter() | |||
| const sanctionedAddress = useSanctionedAddress() | |||
| const isSafePassApp = appUrl.startsWith('https://community.safe.global') | |||
| @@ -38,13 +41,22 @@ const WcProposalForm = ({ proposal, setProposal, onApprove }: ProposalFormProps) | |||
| const { isScam, origin } = proposal.verifyContext.verified | |||
| const url = proposer.metadata.url || origin | |||
|
|
|||
| const sanctionedAddress = useSanctionedAddress() | |||
There was a problem hiding this comment.
Again, this will make a request for any connected dapp.
| @@ -50,6 +50,10 @@ export const isBlockedBridge = (origin: string) => { | |||
| return BlockedBridges.some((bridge) => origin.includes(bridge)) | |||
| } | |||
|
|
|||
| export const isSafePassApp = (origin: string) => { | |||
| return origin.includes('community.safe.global') | |||
There was a problem hiding this comment.
Can we if not avoid hardcode then at least make it a constant?
|
I think checking blocked addresses from within apps/open and WalletConnect is a bit excessive. It would be better if we just hide all links to this app, and inside the app itself check for blocked addresses (would have to port that hook there). |
You cannot receive the connected wallet within the Safe app. We only get the |
|
Geoblocking is now in place, so it would be good to hide the header widget if the app cannot be loaded. |
ESLint Summary View Full Report
Report generated by eslint-plus-action |
What this PR changes
How to test it
Screenshots
Open Task
Checklist