Reject session proposals on invalid namespace, unsupported methods or no accounts

CHANGELOG.md

@@ -13,5 +13,6 @@
 ### Changed
 - Suggest running a recovery when facing account or identity creation errors
 - Baker/baking renamed to Validator/validating
+- WalletConnect session proposals are now rejected if the namespace or methods are not supported, or if the wallet contains no accounts.
 
 [Unreleased]: https://github.com/Concordium/cryptox-android/compare/0.6.1-qa.5...HEAD

app/src/main/java/com/concordium/wallet/ui/walletconnect/WalletConnectView.kt

@@ -163,6 +163,9 @@ class WalletConnectView(
 
                     WalletConnectViewModel.Error.NoSupportedChains ->
                         R.string.wallet_connect_error_no_supported_chains
+
+                    WalletConnectViewModel.Error.UnsupportedMethod ->
+                        R.string.wallet_connect_error_unsupported_methods
                 }
 
                 Toast.makeText(activity, errorRes, Toast.LENGTH_SHORT).show()

app/src/main/java/com/concordium/wallet/ui/walletconnect/WalletConnectViewModel.kt

@@ -106,6 +106,11 @@ private constructor(
         ),
     )
 
+    private val allowedRequestMethods = setOf(
+        REQUEST_METHOD_SIGN_AND_SEND_TRANSACTION,
+        REQUEST_METHOD_SIGN_MESSAGE,
+    )
+
     private val accountRepository: AccountRepository by lazy {
         AccountRepository(WalletDatabase.getDatabase(getApplication()).accountDao())
     }
@@ -289,15 +294,30 @@ private constructor(
             allowedChains.contains(chain)
         }
 
+        val proposerPublicKey = sessionProposal.proposerPublicKey
+
         if (singleNamespaceEntry == null || singleNamespaceChain == null) {
             Log.e("cant_find_supported_chain")
-
             mutableEventsFlow.tryEmit(
                 Event.ShowFloatingError(
                     Error.NoSupportedChains
                 )
             )
-            mutableStateFlow.tryEmit(State.Idle)
+            rejectSession(proposerPublicKey, "The session proposal did not contain a valid namespace. Allowed namespaces are: $allowedChains")
+            return@launch
+        }
+
+        // Check if the proposer requests unsupported methods, and reject the session proposal
+        // if that is the case.
+        val requestedMethods = singleNamespaceEntry.value.methods
+        if (!allowedRequestMethods.containsAll(requestedMethods)) {
+            Log.e("Received an unsupported request method: $requestedMethods")
+            mutableEventsFlow.tryEmit(
+                Event.ShowFloatingError(
+                    Error.UnsupportedMethod
+                )
+            )
+            rejectSession(proposerPublicKey, "An unsupported method was requested: $requestedMethods, supported methods are $allowedRequestMethods")
             return@launch
         }
 
@@ -306,17 +326,16 @@ private constructor(
         val accounts = getAvailableAccounts()
         if (accounts.isEmpty()) {
             Log.d("there_are_no_accounts")
-
             mutableEventsFlow.tryEmit(
                 Event.ShowFloatingError(
                     Error.NoAccounts
                 )
             )
-            mutableStateFlow.tryEmit(State.Idle)
+            rejectSession(proposerPublicKey, "The wallet does not contain any accounts to open a session for")
             return@launch
         }
 
-        [email protected] = sessionProposal.proposerPublicKey
+        [email protected] = proposerPublicKey
         [email protected] = singleNamespaceEntry.key
         [email protected] = singleNamespaceEntry.value
         [email protected] = singleNamespaceChain
@@ -375,20 +394,14 @@ private constructor(
         mutableStateFlow.tryEmit(State.Idle)
     }
 
-    fun rejectSessionProposal() {
-        check(state is State.SessionProposalReview || state is State.AccountSelection) {
-            "Session proposal rejection is only possible in the proposal review " +
-                    "or account selection states"
-        }
+    private fun rejectSession(proposerPublicKey: String, reason: String) {
+        val rejectParams = Sign.Params.Reject(
+            proposerPublicKey = proposerPublicKey,
+            reason = reason
+        )
 
-        SignClient.rejectSession(
-            Sign.Params.Reject(
-                proposerPublicKey = sessionProposalPublicKey,
-                reason = "Rejected by user",
-            )
-        ) { error ->
+        SignClient.rejectSession(rejectParams) { error ->
             Log.e("failed_rejecting_session", error.throwable)
-
             mutableEventsFlow.tryEmit(
                 Event.ShowFloatingError(
                     Error.ResponseFailed
@@ -399,6 +412,14 @@ private constructor(
         mutableStateFlow.tryEmit(State.Idle)
     }
 
+    fun rejectSessionProposal() {
+        check(state is State.SessionProposalReview || state is State.AccountSelection) {
+            "Session proposal rejection is only possible in the proposal review " +
+                    "or account selection states"
+        }
+        rejectSession(sessionProposalPublicKey, "Rejected by user")
+    }
+
     fun onChooseAccountClicked() {
         val reviewState = checkNotNull(state as? State.SessionProposalReview) {
             "Choose account button can only be clicked in the proposal review state"
@@ -1243,6 +1264,11 @@ private constructor(
          */
         object NoSupportedChains : Error
 
+        /**
+         * The dApp sent a session proposal requesting an unsupported method.
+         */
+        object UnsupportedMethod : Error
+
         /**
          * The dApp sent a request that can't be parsed.
          */

app/src/main/res/values/strings.xml

@@ -552,6 +552,7 @@
     <string name="wallet_connect_error_tx_submit_failed">Could not submit the transaction</string>
     <string name="wallet_connect_error_no_accounts">You must have at least one active account to continue</string>
     <string name="wallet_connect_error_no_supported_chains">The wallet does not support the requested chains</string>
+    <string name="wallet_connect_error_unsupported_methods">The wallet does not support the requested methods</string>
     <string name="wallet_connect_choose_another_account">Choose another account</string>
     <string name="wallet_connect_template_session_proposal_review_title">Connect to %1$s?</string>
     <string name="wallet_connect_session_proposal_allow">@string/allow</string>