feat: Add malicious contract interaction as an option (#356)

pnarayanaswamy · web-flow · commit 3dc8f69f919b · 2024-08-23T14:16:17.000+02:00
* feat: Add malicious contract interaction as an option

* chore: add data for networks and update button details

* chore: exclude base

* chore: add base hex address

* chore: refactor

* chore: address review
diff --git a/src/index.html b/src/index.html
@@ -857,6 +857,13 @@ <h5>Transactions</h5>
                 >
                   Malicious ERC20 Approval (BUSD)
                 </button>
+                <button
+                  class="btn btn-primary btn-lg btn-block mb-3"
+                  id="maliciousContractInteractionButton"
+                  disabled
+                >
+                   Malicious Contract Interaction
+                </button>
                 <button
                   class="btn btn-primary btn-lg btn-block mb-3"
                   id="maliciousSetApprovalForAll"
diff --git a/src/index.js b/src/index.js
@@ -17,6 +17,7 @@ import {
   ERC20_SAMPLE_CONTRACTS,
   ERC721_SAMPLE_CONTRACTS,
   NETWORKS_BY_CHAIN_ID,
+  MALICIOUS_CONTRACT_ADDRESSES,
 } from './onchain-sample-contracts';
 import { getPermissionsDisplayString, stringifiableToHex } from './utils';
 
@@ -39,6 +40,11 @@ const {
  * Page
  */
 
+const SEPOLIA_NETWORK_ID_HEX = '0xaa36a7';
+const SEPOLIA_NETWORK_ID_DEC = '11155111';
+const BASE_NETWORK_ID = '8453';
+const BASE_NETWORK_ID_HEX = '0x2105';
+
 const currentUrl = new URL(window.location.href);
 const forwarderOrigin =
   currentUrl.hostname === 'localhost' ? 'http://localhost:9010' : undefined;
@@ -309,6 +315,10 @@ const mintSepoliaERC20 = document.getElementById('mintSepoliaERC20');
 const maliciousApprovalButton = document.getElementById(
   'maliciousApprovalButton',
 );
+const maliciousContractInteractionButton = document.getElementById(
+  'maliciousContractInteractionButton',
+);
+
 const maliciousERC20TransferButton = document.getElementById(
   'maliciousERC20TransferButton',
 );
@@ -429,6 +439,7 @@ const allConnectedButtons = [
   signInvalidVerifyingContractType,
   eip747WatchButton,
   maliciousApprovalButton,
+  maliciousContractInteractionButton,
   maliciousSetApprovalForAll,
   maliciousERC20TransferButton,
   maliciousRawEthButton,
@@ -482,6 +493,7 @@ const initialConnectedButtons = [
   signInvalidVerifyingContractType,
   eip747WatchButton,
   maliciousApprovalButton,
+  maliciousContractInteractionButton,
   maliciousSetApprovalForAll,
   maliciousERC20TransferButton,
   maliciousRawEthButton,
@@ -708,16 +720,31 @@ const handleNewChain = (chainId) => {
   }
 };
 
-const handleNewNetwork = (networkId) => {
+function isSepoliaNetworkId(networkId) {
+  return (
+    networkId === SEPOLIA_NETWORK_ID_DEC || networkId === SEPOLIA_NETWORK_ID_HEX
+  );
+}
+
+function isBaseNetworkId(networkId) {
+  return networkId === BASE_NETWORK_ID || networkId === BASE_NETWORK_ID_HEX;
+}
+
+function toggleSepoliaMintButton(networkId) {
+  mintSepoliaERC20.hidden = !isSepoliaNetworkId(networkId);
+}
+
+function toggleMaliciousContractInteractionButton(networkId) {
+  maliciousContractInteractionButton.hidden =
+    isBaseNetworkId(networkId) || isSepoliaNetworkId(networkId);
+}
+
+function handleNewNetwork(networkId) {
   networkDiv.innerHTML = networkId;
-  const isNetworkIdSepolia = networkId === ('11155111' || '0xaa36a7');
 
-  if (isNetworkIdSepolia) {
-    mintSepoliaERC20.hidden = false;
-  } else {
-    mintSepoliaERC20.hidden = true;
-  }
-};
+  toggleSepoliaMintButton(networkId);
+  toggleMaliciousContractInteractionButton(networkId);
+}
 
 const getNetworkAndChainId = async () => {
   try {
@@ -1604,6 +1631,26 @@ const initializeFormElements = () => {
     console.log(result);
   };
 
+  // Malicious Contract interaction
+  maliciousContractInteractionButton.onclick = async () => {
+    const contractAddress =
+      MALICIOUS_CONTRACT_ADDRESSES[networkName] ||
+      MALICIOUS_CONTRACT_ADDRESSES.default;
+
+    const result = await provider.request({
+      method: 'eth_sendTransaction',
+      params: [
+        {
+          from: accounts[0],
+          to: contractAddress,
+          data: '0xef5cfb8c0000000000000000000000000b3e87a076ac4b0d1975f0f232444af6deb96c59',
+          value: '0x0',
+        },
+      ],
+    });
+    console.log(result);
+  };
+
   // Malicious ERC20 transfer
   maliciousERC20TransferButton.onclick = async () => {
     let erc20Contract;
diff --git a/src/onchain-sample-contracts.js b/src/onchain-sample-contracts.js
@@ -31,3 +31,8 @@ export const ERC721_SAMPLE_CONTRACTS = {
   base: '0x90997fc967e75b7e69f899133aab31d197beb802',
   opBnb: '0x61d7e121185b1d7902a3da7f3c8ac9faaee8863b',
 };
+
+export const MALICIOUS_CONTRACT_ADDRESSES = {
+  mainnet: '0x000062Accd1a9d62eF428eC86cA3dD4f45120000',
+  default: '0x00008F1149168C1D2fa1eBa1Ad3e9cD644510000',
+};
