0

when I send transaction to approve token spend it ask Metamask of the user logged to sign it but i want 1inch dex to get approval as spender, but instead my test website on localhost get this permission. My code looks like:

approveTokenSpent = async () => {
    console.log("Approve v1");
    const user_address = await checkEthereumAddress();
    console.log(user_address);
    const selected_coin = document.getElementById("select_coin1").value;
    var amount = document.getElementById("amount1").value;
    amount = amount * 1000000000000000000;
    console.log("SELECTED COIN " + selected_coin + " AMOUNT " + amount);
    
    let url = "https://api.1inch.exchange/v3.0/56/healthcheck";
    answer = await urlSend(url);
    console.log("1inch status: ");
    if(answer.status === "OK") {
        console.log(answer.status);
        let url1 = "https://api.1inch.exchange/v3.0/1/approve/spender";
        let url2 = "https://api.1inch.exchange/v3.0/1/tokens";

        console.log(url1);

        const address_spender = await fetch(url1)`enter code here`
        .then( res => res.json() )
        .then( data => {
            console.log(data);
            return data 
        });

        console.log(url2);

        const tokens = await fetch(url2)
        .then( res => res.json() )
        .then( data => {
            console.log(data);
            return data
        });
        console.log(tokens.tokens["0x0a50c93c762fdd6e56d86215c24aaad43ab629aa"]);
        address_spender_new = address_spender["address"]
        console.log(address_spender["address"]);
        console.log(typeof(address_spender_new));
        let url3 = "https://api.1inch.exchange/v3.0/1/approve/calldata?amount="+amount+"&tokenAddress="+selected_coin;
        console.log("URL3 before tp");
        console.log(url3);
        const transactionParameters = await fetch(url3)
        .then( res => res.json() )
        .then( data1 => {
            console.log("url3 ");
            console.log(data1);
            const transactionParameters = {

                to: data1['to'], // Required except during contract publications.
                from: user_address[0], // must match user's active address.
                
                value: "0", 
                data: data1['data']
                 
            };
            return transactionParameters
        });
        try {
            const txHash = await ethereum.request({
            method: 'eth_sendTransaction',
            params: [transactionParameters],
            });
            let data = txHash.data;

        } catch (error) {
            if (error.code === 4001) {
                alert("User denied transaction signature.")
            } else {
                alert(error)
            }
        }

        return address_spender
    } else {
        console.log(answer.status);
    }

    
}

Message in Metamask:

Allow Http://localhost:1234 to spend your PPAY? Do you trust this site? By granting this permission, you’re allowing Http://localhost:1234 to withdraw your PPAY and automate transactions for you.

So how to get approval not for my website but for 1inch exchange which address is in address_spender

Mariusz Sidorowicz
  • 336
  • 3
  • 12

1 Answers1

-1

Seems it's okay while spender address is 1inch. Approval seen in Metamask is showing which website ask for it, but actually 1inch is granted to spend tokens

Mariusz Sidorowicz
  • 336
  • 3
  • 12