feat: add getApprovals to PhishingController#8074
Open
AugmentedMode wants to merge 5 commits intomainfrom
Open
feat: add getApprovals to PhishingController#8074AugmentedMode wants to merge 5 commits intomainfrom
AugmentedMode wants to merge 5 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
|
|
||
| export const SECURITY_ALERTS_BASE_URL = | ||
| 'https://security-alerts.api.cx.metamask.io'; | ||
| export const SECURITY_ALERTS_BASE_URL = 'http://localhost:3000'; |
There was a problem hiding this comment.
Production URL replaced with localhost debug URL
High Severity
SECURITY_ALERTS_BASE_URL has been changed from the production endpoint https://security-alerts.api.cx.metamask.io to http://localhost:3000. This breaks all security alert functionality in production — not just the new getApprovals method, but also the existing scanAddress and bulkScanTokens methods that rely on the same constant. Additionally, the protocol was downgraded from HTTPS to HTTP.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
getApprovalsmethod toPhishingControllerthat wraps the security alerts APIPOST /address/evm/approvalsendpoint (Blockaid's approvals endpoint)scanAddresspattern (input validation, chain resolution,safelyExecuteWithTimeout) but intentionally does not cache — the frontend manages stateChanges
src/types.ts— AddedApprovalResultType/ApprovalFeatureTypeenums and types:Approval,ApprovalsResponse,Allowance,ApprovalAsset,Exposure,Spender,ApprovalFeaturesrc/PhishingController.ts— AddedAPPROVALS_ENDPOINTconstant,PhishingControllerGetApprovalsActionaction type, messenger registration, andgetApprovalsmethodsrc/index.ts— Exported all new types and enumssrc/PhishingController.test.ts— Added 8 test cases covering: valid response, missing address/chainId, unknown chain, HTTP errors, timeout, address/chainId normalizationNote
High Risk
Adds a new external API call path and messenger action, and changes
SECURITY_ALERTS_BASE_URLtohttp://localhost:3000, which could break production requests if not environment-gated.Overview
Adds a new
PhishingController.getApprovalsmethod and messenger action that POSTs toAPPROVALS_ENDPOINTto retrieve approval/allowance/exposure/spender enrichment data, with input normalization and a 5s timeout returning{ approvals: [] }on errors.Introduces and exports approval-related enums/types from
types.ts, adds comprehensive unit tests for the new method, and updates the package changelog.Notably changes
SECURITY_ALERTS_BASE_URLinPhishingController.tstohttp://localhost:3000.Written by Cursor Bugbot for commit ed84f19. This will update automatically on new commits. Configure here.