chore: final pre-audit fixes

Author: shane-t

packages/api/src/index.ts

@@ -13,13 +13,13 @@ import type http from 'http';
 import custodianRequests from './custodian/requests';
 import { methodMapping } from './method-mapping';
 import doc from './openrpc.json';
+import clearRequestsHandler from './routes/clearRequestsHandler';
 import listRequestsHandler from './routes/listRequestsHandler';
 import tokenHandler from './routes/token-handler';
 import type { UpdateSignedMessageRequest } from './routes/updateSignedMessageHandler';
 import updateSignedMessageHandler from './routes/updateSignedMessageHandler';
 import type { UpdateTransactionRequest } from './routes/updateTransactionHandler';
 import updateTransactionHandler from './routes/updateTransactionHandler';
-import clearRequestsHandler from './routes/clearRequestsHandler';
 
 dotenv.config();
 

packages/snap/src/features/homepage/components/CustodianList.tsx

@@ -70,7 +70,7 @@ export const CustodianList: SnapComponent<CustodianListProps> = ({
           solution
         </Text>
         {custodianMetadata
-          .filter((custodian) => custodian.enabled)
+          .filter((custodian) => custodian.production)
           .map((custodian) => (
             <Section
               key={custodian.name}

packages/snap/src/index.ts

@@ -1,6 +1,7 @@
+/* eslint-disable @typescript-eslint/no-throw-literal */
 import type { JsonRpcRequest } from '@metamask/keyring-api';
 import {
-  MethodNotSupportedError,
+  KeyringRequestStruct,
   handleKeyringRequest,
 } from '@metamask/keyring-api';
 import {
@@ -9,6 +10,7 @@ import {
   type OnUserInputHandler,
   type OnHomePageHandler,
   UnauthorizedError,
+  MethodNotFoundError,
 } from '@metamask/snaps-sdk';
 import type {
   Json,
@@ -156,17 +158,17 @@ export const onRpcRequest: OnRpcRequestHandler = async ({
         const requestManager = await getRequestManager();
         return await requestManager.clearAllRequests();
       }
-      throw new MethodNotSupportedError(request.method);
+      throw new MethodNotFoundError(request.method);
     }
 
     default: {
-      throw new MethodNotSupportedError(request.method); // @audit-info or MethodNotFoundError 👉 https://docs.metamask.io/snaps/how-to/communicate-errors/#import-and-throw-errors
+      throw new MethodNotFoundError(request.method);
     }
   }
 };
 
 export const onKeyringRequest: OnKeyringRequestHandler = async ({
-  origin, // @audit specify ts types
+  origin,
   request,
 }: {
   origin: string;
@@ -177,16 +179,17 @@ export const onKeyringRequest: OnKeyringRequestHandler = async ({
     JSON.stringify(request, undefined, 2),
   );
 
+  assert(request, KeyringRequestStruct);
+
   // Check if origin is allowed to call method.
   if (!hasPermission(origin, request.method)) {
-    // @audit - enforce runtime type/input validation! user superstruct from metamask
     throw new Error(
       `Origin '${origin}' is not allowed to call '${request.method}'`,
     );
   }
 
-  // Handle keyring methods.
-  return handleKeyringRequest(await getKeyring(), request); // @audit - handleKeyringRequest is async, might req. await? (else returns promise of promise? dblcheck with MM team)
+  const keyring = await getKeyring();
+  return handleKeyringRequest(keyring, request);
 };
 
 // Improved polling function