fix: wallet_requestExecutionPermissions requests should reject any requests that include chains that don't support EIP-7702 (#40152)

jeffsmale90 · web-flow · commit 90f7bc0cd576 · 2026-03-04T22:39:57.000Z
## **Description** Presently when a `wallet_requestExecutionPermissions` RPC is served for a chain that doesn't support EIP-7702, we allow the user to sign the permission, and it is returned to the dapp. This results in an expectation that the dapp will serve the requested feature - but the permission is not valid, as the account may not be upgraded on the chain. This PR adds additional validation to the RPC before forwarding it to the Permissions Kernel snap. [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/40152?quickstart=1) ## **Changelog**  CHANGELOG entry: Reject `wallet_requestExecutionPermissions` requests that include chains that do not support EIP-7702 ## **Related issues** Fixes: ## **Manual testing steps** 1. Load Gator Permissions Snap test dapp https://github.com/MetaMask/snap-7715-permissions/tree/main/packages/site with `VITE_SUPPORTED_CHAINS=1,59144` 2. Select "Ethereum" under chain and request the permission Expect: Permission request is shown in the wallet 1. Select "Linea mainnet" (not supported) under chain and request the permission Expect: The request is rejected ## **Screenshots/Recordings**  <img width="708" height="169" alt="image" src="https://github.com/user-attachments/assets/9020bc6f-8f90-428c-86f1-d9aa6270f515" /> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > **Medium Risk** > Changes JSON-RPC behavior for `wallet_requestExecutionPermissions` by hard-rejecting requests containing unsupported `chainId`s based on remote feature flags, which could affect dapps relying on previous permissive behavior. Logic is straightforward but touches permission-gating and feature-flag-driven chain support. > > **Overview** > Pre-validates `wallet_requestExecutionPermissions` requests to **reject any params that include a `chainId` not listed in the `confirmations_eip_7702.supportedChains` remote feature flag**, returning `methodNotSupported` before forwarding to the Permissions Kernel snap. > > Adds `getEip7702SupportedChains` in `eip7702-support-utils` to read supported chains from remote feature flags, and extends unit + e2e coverage (including mocking the client-config flags API) to ensure unsupported chains are blocked and matching is case-insensitive. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ffc7e8e. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
diff --git a/app/scripts/metamask-controller.js b/app/scripts/metamask-controller.js
@@ -129,6 +129,7 @@ import { isSnapId } from '@metamask/snaps-utils';
 import {
   findAtomicBatchSupportForChain,
   checkEip7702Support,
+  getEip7702SupportedChains,
 } from '../../shared/lib/eip7702-support-utils';
 import { createEIP7702UpgradeTransaction } from '../../shared/lib/eip7702-utils';
 import { captureException } from '../../shared/lib/sentry';
@@ -1149,8 +1150,25 @@ export default class MetamaskController extends EventEmitter {
           throw rpcErrors.methodNotSupported('No permission type provided');
         }
 
-        for (const param of params) {
-          const permissionType = param?.permission?.type;
+        const supportedChains = getEip7702SupportedChains(
+          this.remoteFeatureFlagController.state,
+        ).map((chainId) => chainId.toLowerCase());
+
+        const unsupportedChains = params
+          .filter(
+            ({ chainId }) => !supportedChains.includes(chainId?.toLowerCase()),
+          )
+          .map(({ chainId }) => chainId);
+
+        if (unsupportedChains.length > 0) {
+          throw rpcErrors.methodNotSupported(
+            `wallet_requestExecutionPermissions is not supported on chains '${unsupportedChains.join(', ')}'`,
+          );
+        }
+
+        for (const { permission } of params) {
+          const permissionType = permission?.type;
+
           if (!enabledTypes.includes(permissionType)) {
             throw rpcErrors.methodNotSupported(
               `Permission type '${permissionType ?? 'unknown'}' is not enabled`,
diff --git a/app/scripts/metamask-controller.test.js b/app/scripts/metamask-controller.test.js
@@ -40,10 +40,12 @@ import {
   getEthAccounts,
 } from '@metamask/chain-agnostic-permission';
 import { PermissionDoesNotExistError } from '@metamask/permission-controller';
-
 import log from 'loglevel';
 import browser from 'webextension-polyfill';
+import { JsonRpcEngine } from '@metamask/json-rpc-engine';
+import { errorCodes } from '@metamask/rpc-errors';
 import { parseCaipAccountId } from '@metamask/utils';
+
 import { createTestProviderTools } from '../../test/stub/provider';
 import {
   HardwareDeviceNames,
@@ -69,12 +71,14 @@ import {
   DEFI_REFERRAL_PARTNERS,
   DefiReferralPartner,
 } from '../../shared/constants/defi-referrals';
+import { getEnabledAdvancedPermissions } from '../../shared/modules/environment';
 import { ReferralStatus } from './controllers/preferences-controller';
 import { METAMASK_COOKIE_HANDLER } from './constants/stream';
 import {
   getOriginsWithSessionProperty,
   getPermittedAccountsForScopesByOrigin,
 } from './controllers/permissions';
+import { forwardRequestToSnap } from './lib/forwardRequestToSnap';
 import MetaMaskController from './metamask-controller';
 
 jest.mock('webextension-polyfill', () => ({
@@ -310,6 +314,15 @@ jest.mock('@metamask/core-backend', () => ({
   createApiPlatformClient: jest.fn().mockReturnValue({ mockApiClient: true }),
 }));
 
+jest.mock('../../shared/modules/environment', () => ({
+  ...jest.requireActual('../../shared/modules/environment'),
+  getEnabledAdvancedPermissions: jest.fn(() => []),
+}));
+
+jest.mock('./lib/forwardRequestToSnap', () => ({
+  forwardRequestToSnap: jest.fn().mockResolvedValue({}),
+}));
+
 const TEST_SEED =
   'debris dizzy just program just float decrease vacant alarm reduce speak stadium';
 const TEST_ADDRESS = '0x0dcd5d886577d5081b0c52e242ef29e70be3e7bc';
@@ -1308,6 +1321,143 @@ describe('MetaMaskController', () => {
       });
     });
 
+    describe('wallet_requestExecutionPermissions (processRequestExecutionPermissions)', () => {
+      beforeEach(() => {
+        jest
+          .mocked(getEnabledAdvancedPermissions)
+          .mockReturnValue(['erc20-token-revocation']);
+        jest.mocked(forwardRequestToSnap).mockResolvedValue({});
+      });
+
+      /**
+       * Run wallet_requestExecutionPermissions through the controller's
+       * metamask middleware and return the JSON-RPC response.
+       * @param params - The parameters for the wallet_requestExecutionPermissions request.
+       * @returns The JSON-RPC response.
+       */
+      async function requestExecutionPermissions(params) {
+        const engine = new JsonRpcEngine();
+        engine.push(metamaskController.metamaskMiddleware);
+        const request = {
+          jsonrpc: '2.0',
+          id: 1,
+          method: 'wallet_requestExecutionPermissions',
+          params,
+        };
+        return await engine.handle(request);
+      }
+
+      const createWalletRequestExecutionPermissionsParamsForChains = (
+        chainIds,
+      ) => {
+        return chainIds.map((chainId) => ({
+          chainId,
+          to: '0x0000000000000000000000000000000000000000',
+          permission: {
+            type: 'erc20-token-revocation',
+            data: {
+              justification: 'A test permission request',
+            },
+            isAdjustmentAllowed: true,
+          },
+        }));
+      };
+
+      it('rejects when a requested chain is not in EIP-7702 supportedChains', async () => {
+        jest
+          .spyOn(metamaskController.remoteFeatureFlagController, 'state', 'get')
+          .mockReturnValue({
+            remoteFeatureFlags: {
+              confirmations_eip_7702: {
+                supportedChains: ['0x1', '0x5'],
+              },
+            },
+            cacheTimestamp: 0,
+          });
+
+        const params = createWalletRequestExecutionPermissionsParamsForChains([
+          '0x99',
+        ]);
+        const response = await requestExecutionPermissions(params);
+
+        expect(response.error).toBeDefined();
+        expect(response.error.code).toStrictEqual(
+          errorCodes.rpc.methodNotSupported,
+        );
+        expect(response.error.message).toMatch(
+          /wallet_requestExecutionPermissions is not supported on chains '0x99'/u,
+        );
+      });
+
+      it('rejects when any of multiple requested chains are unsupported', async () => {
+        jest
+          .spyOn(metamaskController.remoteFeatureFlagController, 'state', 'get')
+          .mockReturnValue({
+            remoteFeatureFlags: {
+              confirmations_eip_7702: {
+                supportedChains: ['0x1'],
+              },
+            },
+            cacheTimestamp: 0,
+          });
+
+        const params = createWalletRequestExecutionPermissionsParamsForChains([
+          '0x1',
+          '0x5',
+        ]);
+        const response = await requestExecutionPermissions(params);
+
+        expect(response.error).toBeDefined();
+        expect(response.error.code).toStrictEqual(
+          errorCodes.rpc.methodNotSupported,
+        );
+        expect(response.error.message).toMatch(
+          /wallet_requestExecutionPermissions is not supported on chains .*0x5/u,
+        );
+      });
+
+      it('does not reject when all requested chains are supported', async () => {
+        jest
+          .spyOn(metamaskController.remoteFeatureFlagController, 'state', 'get')
+          .mockReturnValue({
+            remoteFeatureFlags: {
+              confirmations_eip_7702: {
+                supportedChains: ['0x1', '0x5', '0x539'],
+              },
+            },
+            cacheTimestamp: 0,
+          });
+
+        const params = createWalletRequestExecutionPermissionsParamsForChains([
+          '0x1',
+          '0x539',
+        ]);
+        const response = await requestExecutionPermissions(params);
+
+        expect(response.error).toBeUndefined();
+      });
+
+      it('does not reject when chainId matches supported chain (case-insensitive)', async () => {
+        jest
+          .spyOn(metamaskController.remoteFeatureFlagController, 'state', 'get')
+          .mockReturnValue({
+            remoteFeatureFlags: {
+              confirmations_eip_7702: {
+                supportedChains: ['0xaa'],
+              },
+            },
+            cacheTimestamp: 0,
+          });
+
+        const params = createWalletRequestExecutionPermissionsParamsForChains([
+          '0xAA',
+        ]);
+        const response = await requestExecutionPermissions(params);
+
+        expect(response.error).toBeUndefined();
+      });
+    });
+
     describe('requestApprovalPermittedChainsPermission', () => {
       it('requests approval', async () => {
         jest
diff --git a/shared/lib/eip7702-support-utils.ts b/shared/lib/eip7702-support-utils.ts
@@ -1,5 +1,6 @@
-import { Hex } from '@metamask/utils';
-import { IsAtomicBatchSupportedResultEntry } from '@metamask/transaction-controller';
+import type { Hex } from '@metamask/utils';
+import type { IsAtomicBatchSupportedResultEntry } from '@metamask/transaction-controller';
+import type { RemoteFeatureFlagControllerState } from '@metamask/remote-feature-flag-controller';
 
 /**
  * Checks if EIP-7702 is supported for a specific chain based on atomic batch support results.
@@ -51,3 +52,40 @@ export function checkEip7702Support(
       : null,
   };
 }
+
+// Feature flag definitions from @metamask/transaction-controller
+const EIP7702_FEATURE_FLAG = 'confirmations_eip_7702';
+
+type TransactionControllerPartialFeatureFlags = {
+  /** Feature flags to support EIP-7702 / type-4 transactions. */
+  [EIP7702_FEATURE_FLAG]?: {
+    /**
+     * All contracts that support EIP-7702 batch transactions.
+     * Keyed by chain ID.
+     * First entry in each array is the contract that standard EOAs will be upgraded to.
+     */
+    contracts?: Record<
+      Hex,
+      {
+        /** Address of the smart contract. */
+        address: Hex;
+
+        /** Signature to verify the contract is authentic. */
+        signature: Hex;
+      }[]
+    >;
+
+    /** Chains enabled for EIP-7702 batch transactions. */
+    supportedChains?: Hex[];
+  };
+};
+
+export function getEip7702SupportedChains({
+  remoteFeatureFlags,
+}: RemoteFeatureFlagControllerState): Hex[] {
+  const eip7702FeatureFlags = remoteFeatureFlags as
+    | TransactionControllerPartialFeatureFlags
+    | undefined;
+
+  return eip7702FeatureFlags?.[EIP7702_FEATURE_FLAG]?.supportedChains ?? [];
+}
diff --git a/test/e2e/json-rpc/wallet_requestExecutionPermissions.spec.ts b/test/e2e/json-rpc/wallet_requestExecutionPermissions.spec.ts
@@ -1,18 +1,54 @@
 import { strict as assert } from 'assert';
+import type { Mockttp } from 'mockttp';
 import { withFixtures } from '../helpers';
 import FixtureBuilderV2 from '../fixtures/fixture-builder-v2';
 import { Driver } from '../webdriver/driver';
 import { loginWithBalanceValidation } from '../page-objects/flows/login.flow';
 import { WINDOW_TITLES } from '../constants';
 import TestDapp from '../page-objects/pages/test-dapp';
 import AdvancedPermissionsIntroduction from '../page-objects/pages/confirmations/advanced-permissions-introduction';
+import { getProductionRemoteFlagApiResponse } from '../feature-flags/feature-flag-registry';
+
+/**
+ * Mocks the client-config flags API so that confirmations_eip_7702 has
+ * supportedChains: ['0x539']. This is more reliable than fixture state because
+ * the extension fetches flags when the UI opens and overwrites fixture-loaded state.
+ *
+ * @param server - The mockttp server to mock the flags API on.
+ * @returns An array of mockttp requests to mock the flags API.
+ */
+async function mockEip7702SupportedChains(server: Mockttp) {
+  const flags = getProductionRemoteFlagApiResponse();
+
+  const flagsWithEip7702 = [
+    ...flags,
+    {
+      // eslint-disable-next-line @typescript-eslint/naming-convention
+      confirmations_eip_7702: {
+        supportedChains: ['0x539'],
+        contracts: {},
+      },
+    },
+  ];
+  return [
+    await server
+      .forGet('https://client-config.api.cx.metamask.io/v1/flags')
+      .withQuery({ client: 'extension', distribution: 'main' })
+      .thenCallback(() => ({
+        ok: true,
+        statusCode: 200,
+        json: flagsWithEip7702,
+      })),
+  ];
+}
 
 describe('wallet_requestExecutionPermissions', function () {
   it('blocks other requests, until the dialog is closed', async function () {
     await withFixtures(
       {
         dappOptions: { numberOfTestDapps: 1 },
         fixtures: new FixtureBuilderV2().build(),
+        testSpecificMock: mockEip7702SupportedChains,
         title: this.test?.fullTitle(),
       },
       async ({ driver }: { driver: Driver }) => {
