Disallow methods calls prefixed with 'personal_' from running with Al…

…chemy Provider (#111)
alchemyplatform · Mar 16, 2022 · 21d823c · 21d823c
1 parent 8c8598f
commit 21d823c
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/src/web3-adapter/sendJsonRpcPayload.ts b/src/web3-adapter/sendJsonRpcPayload.ts
@@ -16,9 +16,10 @@ const ALCHEMY_DISALLOWED_METHODS: string[] = [
   "eth_sign",
   "eth_signTypedData_v3",
   "eth_signTypedData",
-  "personal_sign",
 ];
 
+const ALCHEMY_DISALLOWED_PREFIXES: string[] = ["personal"];
+
 export interface JsonRpcPayloadSender {
   sendJsonRpcPayload: SendJsonRpcPayloadFunction;
   setWriteProvider(writeProvider: Provider | null | undefined): void;
@@ -89,9 +90,17 @@ function getDisallowedMethod(
   payload: SingleOrBatchRequest,
 ): string | undefined {
   const payloads = Array.isArray(payload) ? payload : [payload];
+
+  // Check if the payload method is a disallowed method or starts with a
+  // disallowed prefix.
   const disallowedRequest =
-    payloads.find((p) => ALCHEMY_DISALLOWED_METHODS.indexOf(p.method) >= 0) ||
-    undefined;
+    payloads.find(
+      (p) =>
+        ALCHEMY_DISALLOWED_METHODS.indexOf(p.method) >= 0 ||
+        ALCHEMY_DISALLOWED_PREFIXES.some((prefix) =>
+          p.method.startsWith(prefix),
+        ),
+    ) || undefined;
   return disallowedRequest && disallowedRequest.method;
 }