feat(wallet): support CoW 🐮 orders in Safe Sign

[onyb]

Summary of changes:

• Add support for parsing EIP-712 messages for CoW orders, and render the parsed fields in the Safe Sign UI previously designed for 0x swaps.
• Add support for unknown tokens in Safe Sign UI.

Resolves brave/brave-browser#33093

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

👉 Case A: CoW Swap trade

Before	After

👉 Case B: CoW Swap trade with custom recipient

Before	After

It's also possible to view the raw message by clicking on the Details button.

👉 Case C: CoW swap trade selling native asset (ETH on Ethereum, XDAI on Gnosis)

⚠️ These trades cost gas, since they are real transactions. Also, we do not have the ability to display custom recipients in this case, for the time being.

Before	After

👉 Case D: 0x Swap involving unknown tokens

Before	After

[supermassive]

wallet core lgtm

[mkarolin]

strings++

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[kdenhartog]

Just working on some dynamic testing on swap.cow.fi. I'm not seeing either of the before or after screens being presented when running this dev branch. It's still showing all the old UI for me. Is there a flag that needs to be enabled for this to work?

[kdenhartog]

0x swaps are still working good for me though. Ignore the network fee not showing, I'm fairly certain that's because I don't have an API key I need enabled.

[josheleonard]

Should we check for the error message presence instead?

[onyb]

e075c8e

[josheleonard]

shouldnt we just check if there is an error message?

[onyb]

e075c8e

[josheleonard]

how about?

Suggested change

	const makeUnknownToken = (
	const UNKOWN_TOKEN = (

[onyb]

I think makeUnknownToken makes more sense since it is a function. I'd use UNKNOWN_TOKEN for a constant.

[josheleonard]

memoize these objet to prevent re-renders of child components

[onyb]

e075c8e

[onyb]

@kdenhartog You need to wrap ETH into WETH in order to benefit from gasless swaps using EIP-712 messages. If you select ETH as your sell asset, you'll need to pay for gas fees - which is actually wrapping it into WETH behind the scenes.

@StephenHeaps also had the same feedback by the way. We should handle this case the same way we parse 0x calldata into the ETHSwap transaction type. I'm currently working with the CoW team to implement a calldata parser for this particular case.

[anxolin]

Amazing! this looks slick.

I just checked the PR. I wouldn't mind trying it out, do you think is easy for me to run this locally?

[anxolin]

I would suggest adding the feeAmount and kind (that can be either sell or buy)
And maybe partiallyFillable

see:
https://github.com/cowprotocol/contracts/blob/5c25837f585d79dc5450fb80f66c41f596c3198d/src/ts/order.ts#L151

[anxolin]

Or this is just for the view that shows the basic params, and the rest are visible in the details?

[onyb]

Or this is just for the view that shows the basic params, and the rest are visible in the details?

That's right. I think we'll need to extend the current design to accommodate for those extra fields. Would be a good next step for us to make the signing screen even more informative.

[anxolin]

I see you get decimals, symbol. You might want to consider fetching the name as well

[onyb]

Oh I didn't know name was also part of the ERC20 interface. Good to know! We don't need the token name for this particular case (it doesn't get displayed), but I'll add it another PR.

[anxolin]

yep, it is, although is optional (although most contracts have them).

Not sure if your provider accounts for it, but there's some contracts that implement these methods but return bytes instead of the string. One that comes to mind is SAI, so I would try this out. They have different ABI for the same method, technically they don't respect the standard, but most dapps handle this case.

[onyb]

Thanks for the info. Created an issue to track this: brave/brave-browser#33162

[anxolin]

nice refactor! ❤️

[anxolin]

Probably out of scope for this PR, but, one thing that would help with the security is to show a warning if the receiver account and the signing account is not the same (or is not 0x0, since that in the smart contract refers to the owner of the funds).

Changing the receiver is a great CoW Swap feature, it allows you to SWAP and send in one operation. However, i think is nice to make the user aware the destination of the funds is different than the origin of them

[onyb]

Indeed that's a good point. The addresses should also link to the explorer. Will take inputs from the design team for a future iteration.

[kdenhartog]

++ seems like a good follow up item

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[StephenHeaps]

iOS++.

iOS will get ETHSwap UI for free 🔥:

And I've opened brave/brave-ios#8114 for integrating the Safe Sign UI with this signature request on iOS.

[brave-builds]

A Storybook has been deployed to preview UI for the latest push

[josheleonard]

desktop frontend ++

[kdenhartog]

Just one blocking question to confirm we aren't introducing a casting issue - rest seems like good follow up issues.

[kdenhartog]

++ seems like a good follow up item

[kdenhartog]

This function could use a bit of refactoring. It's starting to get pretty complex for a parsing function that's handling untrusted data supplied by a page. Given that an error in this logic can easily lead to a rule of 2 violation we should split this up better.

Let's do a follow up issue for this.

[kdenhartog]

LGTM for the one sec concern I had