Security alerts - We should run a new validation when transaction is edited on mobile

seaona commented 8 months ago

Describe the bug

Problem: same as in Extension, whenever we edit a transaction, the PPOM validation is not updated. A benign transaction could be malicious, if we change the amount of Approve/Send. However this won't be captured by the Blockaid warning, as it does not re-run the validation on Edit.

Expected behavior

Should we re-validate on edit? in all cases ,in some cases (i.e. if gas is changed no, but if recipient/ amounts are changed yes?)

Screenshots/Recordings

https://github.com/MetaMask/metamask-mobile/assets/54408225/c7327bde-5e66-4235-b2c4-a2b452b7ceab

Steps to reproduce

Enable Blockaid from Settings
Trigger a malicious Approve ERC20
See malicious warning is displayed
Change the approve value to 0
See malicious warning is still displayed / validation is not re-run

Error messages or log output

No response

Version

7.15.0

Build type

None

Device

Pixel 6

Operating system

Android

Additional context

No response

Severity

No response

github-actions[bot] commented 5 months ago

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

github-actions[bot] commented 3 weeks ago

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

MetaMask / metamask-mobile