feat: Add middleware to validate wallet_snap permission request#3838
Merged
feat: Add middleware to validate wallet_snap permission request#3838
wallet_snap permission request#3838Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3838 +/- ##
=======================================
Coverage 98.47% 98.47%
=======================================
Files 429 430 +1
Lines 12421 12433 +12
Branches 1924 1929 +5
=======================================
+ Hits 12231 12243 +12
Misses 190 190 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
| * | ||
| * @returns The middleware. | ||
| */ | ||
| export function createWalletSnapPermissionMiddleware(): JsonRpcMiddleware< |
Member
There was a problem hiding this comment.
Can v2 middlewares be dropped in where we need them in clients as-is?
Member
Author
There was a problem hiding this comment.
Yeah, there's a function to use it as legacy middleware.
Member
There was a problem hiding this comment.
We should probably make note to start converting our code to use v2
packages/snaps-rpc-methods/src/middleware/wallet-snap-permission.ts
Outdated
Show resolved
Hide resolved
FrederikBolding
approved these changes
Feb 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds middleware which validates
wallet_snappermission requests. It ensureswallet_snapis not requested together with other permissions.https://consensyssoftware.atlassian.net/browse/WPC-398
Note
Medium Risk
Adds new request-validation middleware for
wallet_requestPermissions, which can reject previously-accepted multi-permission requests that includewallet_snapand may impact dapp compatibility.Overview
Adds a new JSON-RPC middleware (
createWalletSnapPermissionMiddleware) that validateswallet_requestPermissionsand throwsinvalidParamswhenwallet_snapis requested together with any other permission.Exports the middleware via
src/middleware/index.ts, adds unit tests covering rejection/allow cases, and nudges Jest coverage thresholds to account for the new test file.Written by Cursor Bugbot for commit 8c88edc. This will update automatically on new commits. Configure here.