Skip to content

feat: adding more validations for types sign v4 messages#8526

Merged
jpuri merged 7 commits intomainfrom
typed_sign_validation
Apr 22, 2026
Merged

feat: adding more validations for types sign v4 messages#8526
jpuri merged 7 commits intomainfrom
typed_sign_validation

Conversation

@jpuri
Copy link
Copy Markdown
Contributor

@jpuri jpuri commented Apr 20, 2026
edited by cursor Bot
Loading

Explanation

Adding more validations for typed sign v4 messaged.

References

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed
  • I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Medium Risk
Tightens validation on eth_signTypedData_v4 inputs, which may break dapps that previously sent additional top-level fields in typed data. Change is localized but affects a commonly used signing path.

Overview
Stricter eth_signTypedData_v4 input validation: the wallet middleware now rejects EIP-712 typed-data JSON that includes any extraneous top-level keys beyond those defined by @metamask/eth-sig-util’s TYPED_MESSAGE_SCHEMA.

This introduces a new validateTypedMessageKeys utility (and tests) and wires it into the eth_signTypedData_v4 flow, plus adds coverage ensuring requests with unexpected keys fail with Invalid input.; the changelog is updated accordingly.

Reviewed by Cursor Bugbot for commit 3c2ae43. Bugbot is set up for automated code reviews on this repo. Configure here.

@jpuri jpuri marked this pull request as ready for review April 21, 2026 08:35
@jpuri jpuri requested review from a team as code owners April 21, 2026 08:35
@jpuri jpuri enabled auto-merge April 21, 2026 08:41
ffmcgee725
ffmcgee725 previously approved these changes Apr 21, 2026
View reviewed changes
@pedronfigueiredo pedronfigueiredo self-requested a review April 21, 2026 14:19
jiexi
jiexi previously approved these changes Apr 21, 2026
View reviewed changes
Comment thread packages/eth-json-rpc-middleware/src/utils/validation.ts Outdated
mcmire
mcmire reviewed Apr 21, 2026
View reviewed changes
Comment thread packages/eth-json-rpc-middleware/CHANGELOG.md Outdated
@jpuri @mcmire
Update packages/eth-json-rpc-middleware/CHANGELOG.md
11a16b7 
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
@jpuri jpuri dismissed stale reviews from pedronfigueiredo, ffmcgee725, and jiexi via 11a16b7 April 22, 2026 03:28
@jpuri @jiexi
Update packages/eth-json-rpc-middleware/src/utils/validation.ts
3c2ae43 
Co-authored-by: jiexi <jiexiluan@gmail.com>
@jpuri
Copy link
Copy Markdown
Contributor Author

jpuri commented Apr 22, 2026

Hey @mcmire : thanks for the feedback, I merged the suggestion to make put the task under "Changed"

mcmire
mcmire approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@jpuri jpuri added this pull request to the merge queue Apr 22, 2026
Merged via the queue into main with commit f303f59 Apr 22, 2026
358 checks passed
@jpuri jpuri deleted the typed_sign_validation branch April 22, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcmire mcmire mcmire approved these changes

@pedronfigueiredo pedronfigueiredo pedronfigueiredo approved these changes

@ffmcgee725 ffmcgee725 ffmcgee725 approved these changes

@jiexi jiexi Awaiting requested review from jiexi

Assignees

No one assigned

Labels

team-confirmations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jpuri @mcmire @jiexi @pedronfigueiredo @ffmcgee725