Skip to content

Commit 390ff3b

Browse files
authored
Add Blockaid bypass for send value without 0x prefix (#329)
1 parent fd76621 commit 390ff3b

2 files changed

Lines changed: 32 additions & 4 deletions

File tree

src/index.html

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -977,6 +977,13 @@ <h5>Transactions</h5>
977977
>
978978
Malicious ERC20 Approval With Odd Hex Data
979979
</button>
980+
<button
981+
class="btn btn-primary btn-lg btn-block mb-3"
982+
id="maliciousSendWithoutHexPrefixValue"
983+
disabled
984+
>
985+
Malicious Eth Transfer Without 0x Prefix for Hex Value
986+
</button>
980987
<h5>Signatures</h5>
981988
<button
982989
class="btn btn-primary btn-lg btn-block mb-3"

src/index.js

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -339,6 +339,9 @@ const maliciousSendWithOddHexData = document.getElementById(
339339
const maliciousApproveERC20WithOddHexData = document.getElementById(
340340
'maliciousApproveERC20WithOddHexData',
341341
);
342+
const maliciousSendWithoutHexPrefixValue = document.getElementById(
343+
'maliciousSendWithoutHexPrefixValue',
344+
);
342345
const maliciousPermitHexPaddedChain = document.getElementById(
343346
'maliciousPermitHexPaddedChain',
344347
);
@@ -433,6 +436,7 @@ const allConnectedButtons = [
433436
mintSepoliaERC20,
434437
maliciousSendEthWithDeeplink,
435438
maliciousSendWithOddHexData,
439+
maliciousSendWithoutHexPrefixValue,
436440
maliciousApproveERC20WithOddHexData,
437441
maliciousPermitHexPaddedChain,
438442
maliciousPermitIntAddress,
@@ -484,11 +488,10 @@ const initialConnectedButtons = [
484488
sendWithInvalidRecipient,
485489
mintSepoliaERC20,
486490
maliciousSendWithOddHexData,
491+
maliciousSendWithoutHexPrefixValue,
487492
maliciousApproveERC20WithOddHexData,
488493
maliciousPermitHexPaddedChain,
489494
maliciousPermitIntAddress,
490-
maliciousSendWithOddHexData,
491-
maliciousApproveERC20WithOddHexData,
492495
];
493496

494497
// Buttons that are available after connecting via Wallet Connect
@@ -528,11 +531,10 @@ const walletConnectButtons = [
528531
sendWithInvalidRecipient,
529532
mintSepoliaERC20,
530533
maliciousSendWithOddHexData,
534+
maliciousSendWithoutHexPrefixValue,
531535
maliciousApproveERC20WithOddHexData,
532536
maliciousPermitHexPaddedChain,
533537
maliciousPermitIntAddress,
534-
maliciousSendWithOddHexData,
535-
maliciousApproveERC20WithOddHexData,
536538
];
537539

538540
/**
@@ -3324,6 +3326,25 @@ const initializeFormElements = () => {
33243326
}
33253327
};
33263328

3329+
maliciousSendWithoutHexPrefixValue.onclick = async () => {
3330+
try {
3331+
const from = accounts[0];
3332+
const send = await provider.request({
3333+
method: 'eth_sendTransaction',
3334+
params: [
3335+
{
3336+
from,
3337+
to: `${maliciousAddress}`,
3338+
value: 'ffffffffffffff', // value without 0x prefix
3339+
},
3340+
],
3341+
});
3342+
sendMalformedResult.innerHTML = send;
3343+
} catch (err) {
3344+
console.error(err);
3345+
sendMalformedResult.innerHTML = `Error: ${err.message}`;
3346+
}
3347+
};
33273348
maliciousPermitHexPaddedChain.onclick = async () => {
33283349
const result = await provider.request({
33293350
method: 'eth_signTypedData_v4',

0 commit comments

Comments
 (0)