fix: address comments

Author: stanleyyconsensys

packages/snap/src/handlers/accountResolver.test.ts

@@ -6,7 +6,10 @@ import {
   RESOLVE_ACCOUNT_KEYRING_AND_WALLET,
   ResolveAccountSource,
 } from './accountResolver';
-import { AccountService } from '../services/account';
+import {
+  AccountService,
+  DerivedAccountAddressMismatchException,
+} from '../services/account';
 import { generateStellarKeyringAccount } from '../services/account/__mocks__/account.fixtures';
 import { AccountNotActivatedException } from '../services/network';
 import {
@@ -20,7 +23,10 @@ import {
   mockOnChainAccountService,
 } from '../services/on-chain-account/__mocks__/onChainAccount.fixtures';
 import { WalletService } from '../services/wallet';
-import { getTestWallet } from '../services/wallet/__mocks__/wallet.fixtures';
+import {
+  generateStellarAddress,
+  getTestWallet,
+} from '../services/wallet/__mocks__/wallet.fixtures';
 
 jest.mock('../utils/logger');
 
@@ -189,6 +195,34 @@ describe('AccountResolver', () => {
     ).rejects.toThrow(AccountNotActivatedException);
   });
 
+  it('throws DerivedAccountAddressMismatchException when state snapshot address differs from keyring', async () => {
+    const { accountResolver, resolveOnChainAccountByKeyringAccountIdSpy } =
+      setup();
+
+    const otherAddress = generateStellarAddress();
+    const mockRawAccount = createMockAccountWithBalances(
+      otherAddress,
+      '1',
+      DEFAULT_MOCK_ACCOUNT_WITH_BALANCES,
+    );
+    const mismatchedOnChainAccount = new OnChainAccount(
+      mockRawAccount,
+      scope,
+      horizonSource(mockRawAccount, scope),
+    );
+    resolveOnChainAccountByKeyringAccountIdSpy.mockResolvedValue(
+      mismatchedOnChainAccount,
+    );
+
+    await expect(
+      accountResolver.resolveAccount({
+        accountId: keyringAccountId,
+        scope,
+        options: RESOLVE_ACCOUNT_FULL_FROM_KEYRING_STATE,
+      }),
+    ).rejects.toThrow(DerivedAccountAddressMismatchException);
+  });
+
   it('omits wallet when wallet load is disabled', async () => {
     const { accountResolver, account, onChainAccount, resolveWalletSpy } =
       setup();

packages/snap/src/handlers/accountResolver.ts

@@ -1,8 +1,9 @@
 import type { KnownCaip2ChainId } from '../api';
 import { AppConfig } from '../config';
-import type {
-  AccountService,
-  StellarKeyringAccount,
+import {
+  assertSameAddress,
+  type AccountService,
+  type StellarKeyringAccount,
 } from '../services/account';
 import { AccountNotActivatedException } from '../services/network/exceptions';
 import type { OnChainAccountService } from '../services/on-chain-account';
@@ -167,6 +168,9 @@ export class AccountResolver {
     if (onChainAccount === null) {
       throw new AccountNotActivatedException(account.address, scope);
     }
+
+    assertSameAddress(account.address, onChainAccount?.accountId);
+
     return onChainAccount;
   }
 }

packages/snap/src/handlers/clientRequest/base.ts

@@ -2,6 +2,7 @@ import type { Struct } from '@metamask/superstruct';
 import type { Json, JsonRpcRequest } from '@metamask/utils';
 
 import type { JsonRpcRequestWithAccount } from './api';
+import type { KnownCaip2ChainId } from '../../api';
 import { AccountNotActivatedException } from '../../services/network';
 import { render as renderAccountActivationPrompt } from '../../ui/confirmation/views/AccountActivationPrompt/render';
 import type { ILogger } from '../../utils/logger';
@@ -41,6 +42,16 @@ export abstract class BaseClientRequestHandler<
     return request.params.accountId;
   }
 
+  /**
+   * Get the scope from the JSON-RPC request.
+   *
+   * @param request - The JSON-RPC request to get the scope from.
+   * @returns The scope or undefined if not provided.
+   */
+  protected getScope(request: RequestType): KnownCaip2ChainId | undefined {
+    return (request.params as { scope?: KnownCaip2ChainId }).scope;
+  }
+
   readonly #accountResolver: AccountResolver;
 
   readonly #resolveAccountOptions: FullActivatedAccountResolveOptions;
@@ -87,6 +98,7 @@ export abstract class BaseClientRequestHandler<
     try {
       return await this.#accountResolver.resolveAccount({
         accountId: this.getAccountId(request),
+        scope: this.getScope(request),
         options: this.#resolveAccountOptions,
       });
     } catch (error: unknown) {