Add checks for malicious input

MajorLift · MajorLift · commit 1dc4299b4943 · 2024-03-11T10:35:52.000-04:00
diff --git a/packages/address-book-controller/src/AddressBookController.ts b/packages/address-book-controller/src/AddressBookController.ts
@@ -110,6 +110,7 @@ export class AddressBookController extends BaseControllerV1<
   delete(chainId: Hex, address: string) {
     address = toChecksumHexAddress(address);
     if (
+      [chainId, address].includes('__proto__') ||
       !isValidHexAddress(address) ||
       !this.state.addressBook[chainId] ||
       !this.state.addressBook[chainId][address]
diff --git a/packages/ens-controller/src/EnsController.ts b/packages/ens-controller/src/EnsController.ts
@@ -194,6 +194,8 @@ export class EnsController extends BaseController<
   delete(chainId: Hex, ensName: string): boolean {
     const normalizedEnsName = normalizeEnsName(ensName);
     if (
+      // @ts-expect-error suppressing to perform runtime check
+      chainId === '__proto__' ||
       !normalizedEnsName ||
       !this.state.ensEntries[chainId] ||
       !this.state.ensEntries[chainId][normalizedEnsName]
diff --git a/packages/name-controller/src/NameController.ts b/packages/name-controller/src/NameController.ts
@@ -441,6 +441,13 @@ export class NameController extends BaseController<
     const normalizedValue = this.#normalizeValue(value, type);
     const normalizedVariation = this.#normalizeVariation(variationKey, type);
 
+    if (
+      normalizedValue === '__proto__' ||
+      normalizedVariation === '__proto__'
+    ) {
+      return;
+    }
+
     this.update((state) => {
       const typeEntries = state.names[type] || {};
       state.names[type] = typeEntries;
