Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: [Bug]: Some requests to the Security Alerts API consistently fail with a status of 500 on the BNB Chain, Malicious ERC 20 Transfer is not flagged #29902

Open
sleepytanya opened this issue Jan 24, 2025 · 1 comment
Open

[Bug]: [Bug]: Some requests to the Security Alerts API consistently fail with a status of 500 on the BNB Chain, Malicious ERC 20 Transfer is not flagged #29902

sleepytanya opened this issue Jan 24, 2025 · 1 comment
Assignees
@vinistevam
Labels
regression-prod-12.10.1 Regression bug that was found in production in release 12.10.1 sev-2 team-confirmations Push issues to confirmations team type-bug

Comments

@sleepytanya
Copy link
Contributor

sleepytanya commented Jan 24, 2025
edited
Loading

Describe the bug

Malicious transactions other than Malicious ERC 20 Transfer (USDC) are being flagged (there is a brief delay before Blockaid warning appears when Security alerts API fails).

In 12.10.1 and in 12.11.0, a 500 error can be consistently reproduced when interacting with:

Malicious ERC 20 Transfer (USDC)
Malicious ERC 20 Approval (BUSD)
Malicious Set Approval for All
Malicious ERC 20 Approval with Odd Hex Data

Update:
the issue is also present in 12.9.3

Expected behavior

All transactions identified as malicious should be appropriately flagged

Screenshots/Recordings

security_api.mov

Steps to reproduce

  1. Switch to BNB
  2. Connect to the test dapp
  3. Start Malicious ERC 20 Transfer (USDC), Malicious ERC 20 Approval (BUSD), Malicious Set Approval for All or Malicious ERC 20 Approval with Odd Hex Data
  4. See 500 errors in the console

Error messages or log output

sentry-install.js:1 Error validating request with security alerts API (Error#8)
(anonymous) @ sentry-install.js:1
(anonymous) @ sentry-install.js:3
error @ runtime-lavamoat.js:7134
p @ background-7.js:1
(anonymous) @ background-7.js:1
await in (anonymous)
r.validateRequestWithPPOM @ background-7.js:1
await in r.validateRequestWithPPOM
(anonymous) @ background-7.js:1
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
n @ common-9.js:1
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
u @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
v @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
u @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
d @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
r @ common-9.js:1
u @ common-9.js:1
(anonymous) @ common-9.js:1
r.trace @ common-9.js:1
(anonymous) @ background-7.js:1
(anonymous) @ common-1.js:1
p @ common-1.js:1
m @ common-1.js:1
await in m
d @ common-1.js:1
l @ common-1.js:1
handle @ common-1.js:1
write @ background-1.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
d @ common-8.js:1
(anonymous) @ common-5.js:13
S @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
c @ common-8.js:1
transform @ background-6.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
d @ common-8.js:1
(anonymous) @ common-5.js:13
S @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
_write @ common-1.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
f @ common-6.js:1
(anonymous) @ common-5.js:13
z @ common-6.js:1
B @ common-6.js:1
(anonymous) @ common-6.js:1
_onMessage @ common-5.js:13
(anonymous) @ common-5.js:13Understand this errorAI
sentry-install.js:1 Error#8: Security alerts API request failed with status: 500
(anonymous) @ sentry-install.js:1
(anonymous) @ sentry-install.js:3
logError @ runtime-lavamoat.js:7087
logSubErrors @ runtime-lavamoat.js:7030
error @ runtime-lavamoat.js:7136
p @ background-7.js:1
(anonymous) @ background-7.js:1
await in (anonymous)
r.validateRequestWithPPOM @ background-7.js:1
await in r.validateRequestWithPPOM
(anonymous) @ background-7.js:1
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
n @ common-9.js:1
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
u @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
v @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
u @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
(anonymous) @ common-9.js:1
(anonymous) @ sentry-install.js:3
withScope @ sentry-install.js:3
d @ sentry-install.js:3
(anonymous) @ sentry-install.js:3
r @ common-9.js:1
u @ common-9.js:1
(anonymous) @ common-9.js:1
r.trace @ common-9.js:1
(anonymous) @ background-7.js:1
(anonymous) @ common-1.js:1
p @ common-1.js:1
m @ common-1.js:1
await in m
d @ common-1.js:1
l @ common-1.js:1
handle @ common-1.js:1
write @ background-1.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
d @ common-8.js:1
(anonymous) @ common-5.js:13
S @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
c @ common-8.js:1
transform @ background-6.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
d @ common-8.js:1
(anonymous) @ common-5.js:13
S @ common-8.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
_write @ common-1.js:1
x @ common-8.js:1
(anonymous) @ common-8.js:1
(anonymous) @ common-8.js:1
f @ common-6.js:1
(anonymous) @ common-5.js:13
z @ common-6.js:1
B @ common-6.js:1
(anonymous) @ common-6.js:1
_onMessage @ common-5.js:13
(anonymous) @ common-5.js:13Understand this errorAI
sentry-install.js:1   at i (chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn/background-7.js:1:171807)
  at async chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn/background-7.js:1:162493
  at async r.validateRequestWithPPOM (chrome-extension://nkbihfbeogaeaoehlefnkodbefgpgknn/background-7.js:1:162451)

Detection stage

In production (default)

Version

12.10.1

Build type

None

Browser

Chrome

Operating system

MacOS

Hardware wallet

No response

Additional context

No response

Severity

No response
@sleepytanya sleepytanya added regression-prod-12.10.1 Regression bug that was found in production in release 12.10.1 sev-2 team-confirmations Push issues to confirmations team type-bug labels Jan 24, 2025
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by team Jan 24, 2025
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by severity Jan 24, 2025
@complexip
Copy link

Hi @sleepytanya
Reach out to the official Support Portal to report your request and get more details by initiating a live chat with an agent through the chat button on the platform. Access the portal here: Support Page.

Note: Click the chat button to start a conversation with an agent for assistance.

@vinistevam vinistevam self-assigned this Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinistevam vinistevam

Labels
regression-prod-12.10.1 Regression bug that was found in production in release 12.10.1 sev-2 team-confirmations Push issues to confirmations team type-bug
Projects
Bugs by severity
Status: To be fixed
Bugs by team
Status: To be fixed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vinistevam @sleepytanya @complexip