* Remove fallback phishing warning configuration
The package `@metamask/phishing-controller` has been updated from v4
v6. The only breaking changes are a minimum Node.js version bump, and
the removal of the fallback phishing configuration.
The fallback phishing configuration was resulting in MetaMask being
incorrectly flagged as malware, and the stale config was causing
problems for sites that had been blocked in the past but have since
been unblocked. This should substantially reduce the bundle size as
well.
* Update LavaMoat policies
* Update test state to include example blocked site
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
* Update phishing controller to v4.0.0
* Move phishing e2e test utilities into its own helper.js
* Update phishing detection e2e test
* Update MetaMask Controller test mocks
* Update mv3 phishing tests
* Fix test for 500 error on warning page
* Allow for directories in test folder
* Update migration number
* Linting fixes
* Remove fail on console error
* Separate mocks from helpers
* Have migration delete PhishingController state entirely
* Remove phishing detection directory
* Only delete the listState in migration
* Bump migration version
* snaps@0.34.0-flask.1
* Update LavaMoat policies
* Replace instances of targetKey with targetName
* Replace use of PermissionKeys with PermissionNames
* Use Flask packages in tests for now
* Bump execution env
* Add another mock
* Fix lint
* Rename `provider` to `providerConfig`
The network controller `provider` state has been renamed to
`providerConfig`. This better reflects what this state is, and makes
this controller more closely aligned with the core network controller.
All references to the provider configuration have been updated to
prefer `providerConfig` over `provider`, to make the distinction clear
between a provider and provider config.
Closes#18902
* Add migration
* use session storage, instead of chrome.runtime.onStartup and globalThis, for firstTimeLoaded architecture
* Ensure account tracker accounts remain defined upon service worker restart
* lint fix
* Simplify code
* Only call browser.storage.session in mv3
* Only call browser.storage.session.set after resetStates in mv3
* fix metamask controller reset states unit tests
* fix test
* fix test
* Actually fix tests
* lint fix
The `network` store of the network controller crams two types of data
into one place. It roughly tracks whether we have enough information to
make requests to the network and whether the network is capable of
receiving requests, but it also stores the ID of the network (as
obtained via `net_version`).
Generally we shouldn't be using the network ID for anything, as it has
been completely replaced by chain ID, which all custom RPC endpoints
have been required to support for over a year now. However, as the
network ID is used in various places within the extension codebase,
removing it entirely would be a non-trivial effort. So, minimally, this
commit splits `network` into two stores: `networkId` and
`networkStatus`. But it also expands the concept of network status.
Previously, the network was in one of two states: "loading" and
"not-loading". But now it can be in one of four states:
- `available`: The network is able to receive and respond to requests.
- `unavailable`: The network is not able to receive and respond to
requests for unknown reasons.
- `blocked`: The network is actively blocking requests based on the
user's geolocation. (This is specific to Infura.)
- `unknown`: We don't know whether the network can receive and respond
to requests, either because we haven't checked or we tried to check
and were unsuccessful.
This commit also changes how the network status is determined —
specifically, how many requests are used to determine that status, when
they occur, and whether they are awaited. Previously, the network
controller would make 2 to 3 requests during the course of running
`lookupNetwork`.
* First, if it was an Infura network, it would make a request for
`eth_blockNumber` to determine whether Infura was blocking requests or
not, then emit an appropriate event. This operation was not awaited.
* Then, regardless of the network, it would fetch the network ID via
`net_version`. This operation was awaited.
* Finally, regardless of the network, it would fetch the latest block
via `eth_getBlockByNumber`, then use the result to determine whether
the network supported EIP-1559. This operation was awaited.
Now:
* One fewer request is made, specifically `eth_blockNumber`, as we don't
need to make an extra request to determine whether Infura is blocking
requests; we can reuse `eth_getBlockByNumber`;
* All requests are awaited, which makes `lookupNetwork` run fully
in-band instead of partially out-of-band; and
* Both requests for `net_version` and `eth_getBlockByNumber` are
performed in parallel to make `lookupNetwork` run slightly faster.
The `HardwareKeyringTypes` constant has been renamed to `KeyringTypes`
and moved to a separate constants module, to reflect that it contains
more than just hardware wallet keyring types. This corrects a mistake
made recently during a TypeScript conversion.
* Use tokenList to get token details, when available, in getTokenStandardAndDetails
Previously, every call to getTokenStandardAndDetails would fetch data via the provider.
This would result in at least 3 network requests whenever that method is called for an
ERC20 token, contributing to unneccesary loading and lagging in multiple places.
This commit takes advantage of stored data we already have available to avoid the unnecessary
loading.
* Lint fix
* Fix build-quote test
* bump coverage targets
* Pass provider to token-util, for use in ethers Contract module
* Check all possible sources of ERC20 token data before async call to assetsContractController
* Add and update tests
* Update app/scripts/metamask-controller.js
Co-authored-by: Alex Donesky <adonesky@gmail.com>
* Update app/scripts/metamask-controller.js
Co-authored-by: Alex Donesky <adonesky@gmail.com>
* Remove unnecessary this.ethQuery changes
* Use metamask-eth-abis instead of human-standard-token-abi in token-util.ts
* Add explanatory comments to getTokenStandardAndDetails
* lint fix
* Cleanup
* fix test
* Update app/scripts/metamask-controller.js
Co-authored-by: Alex Donesky <adonesky@gmail.com>
* update error message
---------
Co-authored-by: Alex Donesky <adonesky@gmail.com>
The PhishingController has been updated to v2. This release should
dramatically reduce network traffic and double the update speed of the
phishing list.
This was accomplished by combining both of our phishing configurations
into one list (the "stalelist"), then creating a separate list of the
changes just the past few days (the "hotlist"). Now users will download
a smaller list more frequently (every 30 minutes rather than every
hour), whereas the full list is only updated every 4 days.
The combined configuration means that we no longer know which list was
responsible for each block. The phishing warning page has been updated
to dynamically look this information up, to ensure users are still
directed to the correct place to dispute a block. This update to the
phishing warning page also includes the recent redesign.
* Added translation for eth sign toggle
* Disabled the ability to call eth_sign by default. Added ability within advanced settings to renable support for eth_sign
* Add test case for eth_sign being enabled and disabled
* Modified copy
* Moved rpc method preference to its own object within store
* Complete work on moving rpc method preference into its own object within store
* Fix with prettier
* Fix lint
* Fix a unit test
* Fix test
* Renamed function and object keys to be more intuitive
* Fix e2e test
* Enabled eth_sign through preferences fixture
* Fix lint
* Fix e2e test
Wait for the notification popup to close, leaving 2 window handles the extension and the test dapp
* Fix e2e test
* Fix unit test
Enable eth_sign method
* Lint fix
---------
Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
The "MetaMask middleware" is the set of middleware for handling methods that
we don't send to the network. This includes signing, encryption, `getAccounts`,
and methods that rely on pending transaction state.
Previously this middleware was setup as part of the network client, despite
having nothing to do with the network. They have been moved into the main RPC
pipeline established in `metamask-controller.js` instead.
This is a pure refactor, and should have no functional changes. The middleware
are still run in exactly the same order with the same arguments.
The network state is now passed to the TransactionController via a
getter function and a subscription function, instead of passing one of
the network controller stores directly.
This way of passing the state makes further refactoring easier, as we
don't have to change the input when the store is changed or replaced.
It's also more aligned with our conventions today.
This change was made as part of a larger refactor of the network
controller, as part of the effort to merge the mobile and extension
network controllers.
* Simplify MV3 initialization
The MV3 initialization logic was complicated and introduced race
difficult-to-reproduce race conditions when dapps connect during
initialization.
It seems that problems were encountered after the UI tried to connect
before the background was initialized. To address this, the
initialization step was _delayed_ until after the first connection.
That first connection was then passed into the initialization function,
and setup properly after initialization had begun.
However, this special treatment is only given for the first connection.
Subsequent connections that still occur during initialization would
fail. This also results in the initialization being needlessly delayed,
which is concerning given that our main performance goal is to speed it
up.
* Setup connect listeners before controller initialization
* Add comments
* Add comment explaining isInitialized step
* Add all controllers in memstore to store
Add methods to controller to reset memstore
Reset memstore when popup or tab is closed.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* When profile is loaded, set isFirstTime to true..
After resetting the controllers, set the flag to false.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove console.logs
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* For some reason programmatically computing the store is not working.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Proper check for browser.storage
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* do a list of rest methods instead of reset controllers.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Mock controller resetStates and localstore get/set
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Comments about TLC
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* bind this.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* use globalThis instead of locastore to store first time state.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Test to check that resetStates is not called a second time
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Set init state in GasFeeController and other controllers so that their
state is persisted accross SW restarts
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Revert localstore changes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* wrap the reset states changes in MV3 flag
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove localstore from metamask-controller
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Always reset state on MMController start in MV2.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Use relative path for import of isManifestV3
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix unit test
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove 3box feature and delete ThreeBoxController
Lint locale messages
lavamoat policy updates
* Restore 3Box user trait with value `false`
The 3Box user trait has been restored and hard-coded as `false`. This
ensures that users don't get stuck in our metrics as having this trait.
A deprecation comment has been left in various places for this trait.
* Remove unused state
* Remove additional 3box-related things
* Run `yarn-deduplicate`
* Restore migration that was lost while rebasing
* Remove obsolete override
* Remove additional unused resolutions/dependencies
* Update LavaMoat policies
* Remove obsolete security advisory ignore entries
* Remove 3Box fixture builder method
* Update unit tests
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Deprecating Rinkeby, setting default debug network to Goerli
* Deprecating Ropsten and Kovan
* Conflict fix
* Remove unused localization, test fixes
* Add migration for moving used deprecated testnets to custom networks
* Fix migrator test
* Add more unit tests
* Migration updates provider type to rpc if deprecated network is selected
* Migration fully and correctly updates the provider if selected network is a deprecated testnet
* Continue to show deprecation warning on each of rinkeby, ropsten and kovan
* Add rpcUrl deprecation message to loading screen
* Removing mayBeFauceting prop
Co-authored-by: Dan Miller <danjm.com@gmail.com>
* deprecate extensionizer for webextension-polyfill
* fix tests
* remove extensionizer
* fix browser windows api calls
* fix broken on firefox
* fix getAcceptLanguages call
* update more browser apis that are now promisified
* remove unnecessary console error ignoring in e2e tests
The `nodeify` utility is no longer needed for the background API.
Instead each method is assumed to be either synchronous or Promise-
returning.
The error handling was updated to at least log the error in the case
where a method fall fails after the connection is broken.
# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Add support for eip-1559 on Trezor
* temp
* Lint fix
* Store trezor model type in background state instead attempting to get it in the frontend
* code simplification
* Temp update to eth-trezor-keyring version
* Tempory update to eth-trezor-keyring version
* Temp update to eth-trezor-keyring version
* Fix display of hdpath selector in connect hardware flow for trezor
* Updating the package version but we still need to run yarn setup and update the lockfile, once the package is updated
* Update yarn.lock
* Fix unit tests
* Fix#5039
* Converted function into async
* Added more explicit explanation of why the number of bits for EcSign
* eth_sign and eth_personalSign now report errors correctly back to the user
* Added leeway to unsigned message byte check
* Fix lint
* add command to debug unit tests
* remove extra zero balance account potentially created from seeking ahead
* Add PR 12074 to CHANGELOG
* Revert "Add PR 12074 to CHANGELOG"
This reverts commit 9f6f7eec1cac163c0ce1c711b1c205322aa5b2af.
* Remove test debug command
* bump @metamask/controllers to v15.0.1 and remove AbortController workaround in e2e tests
* remove old abortcontroller polyfill
* bump @metamask/controllers to v15.0.2
Adds the latest version of `@metamask/controllers`, and updates our usage of the `ApprovalController`, which has been migrated to `BaseControllerV2`. Of [the new `controllers` release](https://github.com/MetaMask/controllers/releases/tag/v15.0.0), only the `ApprovalController` migration should be breaking.
This is the first time we use events on the `ControllerMessenger` to update the badge, so I turned the messenger into a property on the main `MetaMaskController` in order to subscribe to events on it in `background.js`. I confirmed that the badge does indeed update during local QA.
As it turns out, [MetaMask/controllers#571](https://github.com/MetaMask/controllers/pull/571) was breaking for a single unit test case, which is now handled during setup and teardown for the related test suite (`metamask-controller.test.js`).
The CurrencyRateController has been migrated to the BaseControllerV2
API, which includes various API changes. These changes include:
* The constructor now expects to be passed a
`RestrictedControllerMessenger`.
* State changes are subscribed to via the `ControllerMessenger` now,
rather than via a `subscribe` function.
* The state and configration are passed in as one "options" object,
rather than as two separate parameters
* The polling needs to be started explicitly by calling `start`. It
can be stopped and started on-demand now as well.
* Changing the current currency or native currency will now throw an
error if we fail to update the conversion rate.
The `ComposableObservableStore` has been updated to accomodate these
new types of controllers. The constructor has been updated to use an
options bag pattern as well, to make the addition of the new required
`controllerMessenger` parameter a bit less unweildly.
The `assert` module has two modes: "Legacy" and "strict". When using
strict mode, the "strict" version of each assertion method is implied.
Whereas in legacy mode, by default it will use the deprecated, "loose"
version of each assertion.
We now use strict mode everywhere. A few tests required updates where
they were asserting the wrong thing, and it was passing beforehand due
to the loose matching.
