MetaMask · jeffsmale90 · Jan 21, 2026 · Nov 12, 2025 · Dec 8, 2025 · Dec 9, 2025
@@ -16,7 +16,11 @@ import type {
   TokenBalanceAndMetadata,
   TokenMetadataClient,
 } from './types';
-import { callContract, ensureChain } from '../utils/blockchain';
+import {
+  callContract,
+  ensureChain,
+  getTransactionReceipt,
+} from '../utils/blockchain';
 import { sleep } from '../utils/httpClient';
 
 /**
@@ -327,4 +331,68 @@ export class BlockchainTokenMetadataClient implements TokenMetadataClient {
       );
     }
   }
+
+  /**
+   * Checks if a transaction receipt is valid by calling the eth_getTransactionReceipt method.
+   * @param args - The parameters for checking the transaction receipt.
+   * @param args.txHash - The hash of the transaction to check.
+   * @param args.chainId - The chain ID in hex format.
+   * @returns True if the transaction receipt is valid, false if it is not.
+   * @throws InvalidInputError if input parameters are invalid.
+   * @throws ChainDisconnectedError if the provider is on the wrong chain.
+   * @throws ResourceUnavailableError if the on-chain check fails and we cannot determine the status.
+   */
+  public async checkTransactionReceipt({
+    txHash,
+    chainId,
+  }: {
+    txHash: Hex;
+    chainId: Hex;
+  }): Promise<boolean> {
+    logger.debug('BlockchainTokenMetadataClient:checkTransactionReceipt()', {
+      txHash,
+      chainId,
+    });
+
+    if (!chainId) {
+      const message = 'No chain ID provided';
+      logger.error(message);
+      throw new InvalidInputError(message);
+    }
+
+    await ensureChain(this.#ethereumProvider, chainId);
+
+    try {
+      const result = await getTransactionReceipt({
+        ethereumProvider: this.#ethereumProvider,
+        txHash,
+        isRetryableError: (error) => this.#isRetryableError(error),
+      });
+
+      // Either 1 (success) or 0 (failure)
+      if (result.status === '0x0') {
+        return false;
+      }
+
+      return true;
+    } catch (error) {
+      const errorMessage =
+        error instanceof Error ? error.message : String(error);
+      logger.error(`Failed to check transaction receipt: ${errorMessage}`);
+
+      // Re-throw critical errors - they should propagate
+      if (
+        error instanceof InvalidInputError ||
+        error instanceof ChainDisconnectedError
+      ) {
+        throw error;
+      }
+
+      // For other errors (network issues, contract call failures, etc.),
+      // we cannot determine the status, so throw an error instead of returning false
+      throw new ResourceUnavailableError(
+        `Failed to check transaction receipt: ${errorMessage}`,
+      );
+    }
+  }
 }
@@ -96,6 +96,37 @@ export type TokenBalanceAndMetadata = {
   iconUrl?: string;
 };
 
+/**
+ * Represents a transaction receipt from the blockchain.
+ * As defined in the Ethereum JSON-RPC API(https://docs.metamask.io/services/reference/zksync/json-rpc-methods/eth_gettransactionreceipt/)
+ */
+export type TransactionReceipt = {
+  blockHash: Hex;
+  blockNumber: Hex;
+  contractAddress: Hex | null;
+  cumulativeGasUsed: Hex;
+  effectiveGasPrice: Hex;
+  from: Hex;
+  gasUsed: Hex;
+  logs: {
+    address: Hex;
+    blockHash: Hex;
+    blockNumber: Hex;
+    data: Hex;
+    logIndex: Hex;
+    removed: boolean;
+    topics: Hex[];
+    transactionHash: Hex;
+    transactionIndex: Hex;
+  }[];
+  logsBloom: Hex;
+  status: Hex;
+  to: Hex;
+  transactionHash: Hex;
+  transactionIndex: Hex;
+  type: Hex;
+};
+
 /**
  * Interface for token metadata clients that can fetch token balance and metadata
  */

@@ -26,6 +26,11 @@ import { z } from 'zod';
 
 import type { SnapsMetricsService } from '../services/snapsMetricsService';
 
+export type RevocationMetadata = {
+  txHash: Hex;
+  blockTimestamp: string;
+};
+
 // Constants for validation
 const MAX_STORAGE_SIZE_BYTES = 400 * 1024; // 400kb limit as documented
 
@@ -34,6 +39,9 @@ const zStoredGrantedPermission = z.object({
   permissionResponse: zPermissionResponse,
   siteOrigin: z.string().min(1, 'Site origin cannot be empty'),
   isRevoked: z.boolean().default(false),
+  metadata: z
+    .custom<RevocationMetadata>()
+    .default({ txHash: '0x', blockTimestamp: '' }),
 });
 
 /**
@@ -106,13 +114,15 @@ export type ProfileSyncManager = {
   updatePermissionRevocationStatus: (
     permissionContext: Hex,
     isRevoked: boolean,
+    metadata?: RevocationMetadata,
   ) => Promise<void>;
 };
 
 export type StoredGrantedPermission = {
   permissionResponse: PermissionResponse;
   siteOrigin: string;
   isRevoked: boolean;
+  metadata?: RevocationMetadata;
 };
 
 /**
@@ -359,10 +369,12 @@ export function createProfileSyncManager(
    *
    * @param permissionContext - The context of the granted permission to update.
    * @param isRevoked - The new revocation status.
+   * @param metadata - The revocation transaction metadata.
    */
   async function updatePermissionRevocationStatus(
     permissionContext: Hex,
     isRevoked: boolean,
+    metadata?: RevocationMetadata,
   ): Promise<void> {
     try {
       const existingPermission = await getGrantedPermission(permissionContext);
@@ -376,6 +388,7 @@ export function createProfileSyncManager(
       logger.debug('Profile Sync: Updating permission revocation status:', {
         existingPermission,
         isRevoked,
+        metadata,
       });
 
       await authenticate();
@@ -385,6 +398,11 @@ export function createProfileSyncManager(
         isRevoked,
       };
 
+      // Attach metadata when a transaction hash is given
+      if (metadata) {
+        updatedPermission.metadata = metadata;
+      }
+
       await storeGrantedPermission(updatedPermission);
       logger.debug('Profile Sync: Successfully stored updated permission');
     } catch (error) {

@@ -191,7 +191,7 @@ export function createRpcHandler({
   const submitRevocation = async (params: Json): Promise<Json> => {
     logger.debug('submitRevocation() called with params:', params);
 
-    const { permissionContext } = validateRevocationParams(params);
+    const { permissionContext, metadata } = validateRevocationParams(params);
 
     // First, get the existing permission to validate it exists
     logger.debug(
@@ -255,9 +255,26 @@ export function createRpcHandler({
       );
     }
 
+    // Check if the transaction have if confirmed on-chain
+    if (metadata) {
+      const { txHash } = metadata;
+      const isTransactionValid =
+        await blockchainMetadataClient.checkTransactionReceipt({
+          txHash,
+          chainId: permissionChainId,
+        });
+
+      if (!isTransactionValid) {
+        throw new InvalidInputError(
+          `Transaction ${txHash} is not valid. Cannot process revocation.`,
+        );
+      }
+    }
+
     await profileSyncManager.updatePermissionRevocationStatus(
       permissionContext,
       true,
+      metadata,
     );
 
     return { success: true };

@@ -8,7 +8,7 @@ import {
 import { hexToNumber, numberToHex } from '@metamask/utils';
 
 import { sleep } from './httpClient';
-import type { RetryOptions } from '../clients/types';
+import type { RetryOptions, TransactionReceipt } from '../clients/types';
 
 /**
  * Ensures the ethereum provider is connected to the specified chain.
@@ -119,3 +119,67 @@ export async function callContract({
 
   throw new InternalError(`Contract call failed after ${retries + 1} attempts`);
 }
+
+/**
+ * Gets a transaction receipt from the blockchain with retry logic.
+ * Note: The caller is responsible for ensuring the provider is on the correct chain using `ensureChain`.
+ *
+ * @param args - The parameters for the transaction receipt.
+ * @param args.ethereumProvider - The ethereum provider to use for the call.
+ * @param args.txHash - The hash of the transaction to get the receipt for.
+ * @param args.retryOptions - Optional retry configuration. When not provided, defaults to 1 retry attempt with 1000ms delay.
+ * @param args.isRetryableError - Optional function to determine if an error is retryable. Defaults to retrying all errors except ChainDisconnectedError.
+ * @returns The transaction receipt.
+ * @throws ResourceNotFoundError if the transaction receipt is not found after all retries.
+ * @throws The original error if it's not retryable.
+ */
+export async function getTransactionReceipt({
+  ethereumProvider,
+  txHash,
+  retryOptions,
+  isRetryableError,
+}: {
+  ethereumProvider: SnapsEthereumProvider;
+  txHash: Hex;
+  retryOptions?: RetryOptions | undefined;
+  isRetryableError?: ((error: unknown) => boolean) | undefined;
+}): Promise<TransactionReceipt> {
+  const { retries = 1, delayMs = 1000 } = retryOptions ?? {};
+  const defaultIsRetryableError = (error: unknown): boolean => {
+    return !(error instanceof ChainDisconnectedError);
+  };
+  const shouldRetry = isRetryableError ?? defaultIsRetryableError;
+
+  // Try up to initial attempt + retry attempts
+  for (let attempt = 0; attempt <= retries; attempt++) {
+    try {
+      const result = await ethereumProvider.request<TransactionReceipt>({
+        method: 'eth_getTransactionReceipt',
+        params: [txHash],
+      });
+
+      if (!result) {
+        throw new ResourceNotFoundError('Transaction receipt not found');
+      }
+
+      return result as TransactionReceipt;
+    } catch (error) {
+      // Check if this is a retryable error
+      if (shouldRetry(error)) {
+        if (attempt < retries) {
+          await sleep(delayMs);
+          continue;
+        }
+        throw new ResourceNotFoundError(
+          'Transaction receipt not found after retries',
+        );
+      }
+      // Re-throw non-retryable errors immediately
+      throw error;
+    }
+  }
+
+  throw new InternalError(
+    `Transaction receipt not found after ${retries + 1} attempts`,
+  );
+}
@@ -8,6 +8,7 @@ import {
 import { extractZodError } from '@metamask/7715-permissions-shared/utils';
 import type { Hex } from '@metamask/delegation-core';
 import { InvalidInputError, type Json } from '@metamask/snaps-sdk';
+import type { RevocationMetadata } from 'src/profileSync';
 import { z } from 'zod';
 
 export const validateGetGrantedPermissionsParams = (
@@ -40,6 +41,7 @@ export const validatePermissionRequestParam = (
 // Validation schema for revocation parameters
 const zRevocationParams = z.object({
   permissionContext: zHexStr,
+  metadata: z.custom<RevocationMetadata>(),
 });
 
 /**
@@ -50,6 +52,7 @@ const zRevocationParams = z.object({
  */
 export function validateRevocationParams(params: Json): {
   permissionContext: Hex;
+  metadata?: RevocationMetadata;
 } {
   try {
     if (!params || typeof params !== 'object') {
@@ -60,6 +63,7 @@ export function validateRevocationParams(params: Json): {
 
     return {
       permissionContext: validated.permissionContext,
+      metadata: validated.metadata,
     };
   } catch (error) {
     if (error instanceof z.ZodError) {

@@ -672,4 +672,6 @@ describe('BlockchainTokenMetadataClient', () => {
       expect(mockEthereumProvider.request).toHaveBeenCalledTimes(2);
     });
   });
+
+  // TODO: Add test cases for checkTransactionReceipt
 });
-Original file line number
+Diff line change
@@ Expand Up / @@ -672,4 +672,6 @@ describe('BlockchainTokenMetadataClient', () => { @@
           expect(mockEthereumProvider.request).toHaveBeenCalledTimes(2);
         });
       });
+      // TODO: Add test cases for checkTransactionReceipt
     });