* Version v10.18.4
* Fix default currency symbol for `wallet_addEthereumChain` + improve warnings for data that doesn't match our validation expectations (#15201)
* set more appropriate default for ticker symbol when wallet_addEthereumChain is called
* throw error to dapp when site suggests network with same chainId but different ticker symbol from already added network, instead of showing error and disabled notification to user
* Fix Provider Tracking Metrics (#15082)
* fix filetype audit (#15334)
* Remove decentralized 4byte function signature registry since it contains incorrect signatures and we can't algorithmically check for best option when 4byte.directory is down (#15300)
* remove decentralized 4byte function signature registry since it is griefed and we can't algorithmically check for best option when 4byte is down
* add migration
* remove nock of on chain registry call in getMethodDataAsync test
* remove audit exclusion (#15346)
* Updates `eth-lattice-keyring` to v0.10.0 (#15261)
This is mainly associated with an update in GridPlus SDK and enables
better strategies for fetching calldata decoder data.
`eth-lattice-keyring` changes:
GridPlus/eth-lattice-keyring@v0.7.3...v0.10.0
`gridplus-sdk` changes (which includes a codebase rewrite):
GridPlus/gridplus-sdk@v1.2.3...v2.2.2
* Fix 'block link explorer on custom networks' (#13870)
* Created a logic for the 'Add a block explorer URL'
Removed unused message
Message logic rollback
Modified history push operation
WIP: Pushing before rebasing
Applied requested changes
Removed unintenionally added code
* Lint fix
* Metrics fixed
* Stop injecting provider on docs.google.com (#15459)
* Fix setting of gasPrice when on non-eip 1559 networks (#15628)
* Fix setting of gasPrice when on non-eip 1559 networks
* Fix unit tests
* Fix logic
* Update ui/ducks/send/send.test.js
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* [GridPlus] Bumps `eth-lattice-keyring` to v0.11.0 (#15490)
* [GridPlus] Bumps `gridplus-sdk` to v2.2.4 (#15561)
* remove exclusions for mismatched object jsdoc type casing (#15351)
* Improve `tokenId` parsing and clean up `useAssetDetails` hook (#15304)
* Fix state creation in setupSentryGetStateGlobal (#15635)
* filter breadcrumbs for improved clarity while debugging sentry errors (#15639)
* Update v10.18.4 changelog (#15645)
* Auto generated changelog
* Update 10.18.4 changelog
* Run lavamoat:auto
* Call metrics event for wallet type selection at the right time (#15591)
* Fix Sentry in LavaMoat contexts (#15672)
Our Sentry setup relies upon application state, but it wasn't able to
access it in LavaMoat builds because it's running in a separate
Compartment.
A patch has been introduced to the LavaMoat runtime to allow the root
Compartment to mutate the `rootGlobals` object, which is accessible
from outside the compartment as well. This lets us expose application
state to our Sentry integration.
* Fix Sentry deduplication of events that were never sent (#15677)
The Sentry `Dedupe` integration has been filtering out our events, even
when they were never sent due to our `beforeSend` handler. It was
wrongly identifying them as duplicates because it has no knowledge of
`beforeSend` or whether they were actually sent or not.
To resolve this, the filtering we were doing in `beforeSend` has been
moved to a Sentry integration. This integration is installed ahead of
the `Dedupe` integration, so `Dedupe` should never find out about any
events that we filter out, and thus will never consider them as sent
when they were not.
* Replace `lavamoat-runtime.js` patch (#15682)
A patch made in #15672 was found to be unnecessary. Instead of setting
a `rootGlobals` object upon construction of the root compartment, we
are now creating a `sentryHooks` object in the initial top-level
compartment. I hadn't realized at the time that the root compartment
would inherit all properties of the initial compartment `globalThis`.
This accomplishes the same goals as #15672 except without needing a
patch.
* Update v10.18.4 changelog
* Fix lint issues
* Update yarn.lock
* Update `depcheck` to latest version (#15690)
`depcheck` has been updated to the latest version. This version pins
`@babel/parser` to v7.16.4 because of unresolved bugs in v7.16.5 that
result in `depcheck` failing to parse TypeScript files correctly.
We had a Yarn resolution in place to ensure `@babel/parser@7.16.4` was
being used already. That resolution is no longer needed so it has been
removed. This should resove the issue the dev team has been seeing
lately where `yarn` and `yarn-deduplicate` disagree about the state the
lockfile should be in.
* Update yarn.lock
* Update LavaMoat policy
* deduplicate
* Update LavaMoat build policy
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
Co-authored-by: Alex Donesky <adonesky@gmail.com>
Co-authored-by: Brad Decker <bhdecker84@gmail.com>
Co-authored-by: Alex Miller <asmiller1989@gmail.com>
Co-authored-by: Filip Sekulic <filip.sekulic@consensys.net>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
Co-authored-by: Dan J Miller <danjm.com@gmail.com>
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
Co-authored-by: seaona <54408225+seaona@users.noreply.github.com>
Co-authored-by: seaona <mariona@gmx.es>
Co-authored-by: PeterYinusa <peter.yinusa@consensys.net>
When the gas API is down, the logic we use will no longer compute all of
the data that the gas API returns in order to reduce the burden on
Infura. Specifically, only estimated fees for different priority levels,
as well as the latest base fee, will be available; all other data
points, such as the latest and historical priority fee range and network
stability, will be missing. This commit updates the frontend logic to
account for this lack of data by merely hiding the relevant pieces of
the UI that would otherwise be shown.
This PR adds `snaps` under Flask build flags to the extension. This branch is mostly equivalent to the current production version of Flask, excepting some bug fixes and tweaks.
Closes#11626
ESLint rules have been added to enforce our JSDoc conventions. These
rules were introduced by updating `@metamask/eslint-config` to v9.
Some of the rules have been disabled because the effort to fix all lint
errors was too high. It might be easiest to enable these rules one
directory at a time, or one rule at a time.
Most of the changes in this PR were a result of running
`yarn lint:fix`. There were a handful of manual changes that seemed
obvious and simple to make. Anything beyond that and the rule was left
disabled.
The ESLint config for the extension explicitly includes support for
Prettier. However, this is already being provided by our global ESLint
config (`@metamask/eslint-config`). Therefore there is no need to
include it here. In fact, this is causing weird issues where the `curly`
option is getting overridden somehow. After this change, these syntaxes
are invalid:
``` javascript
if (foo) return;
```
``` javascript
if (foo) return 'bar';
```
* Premilimary Sanitize data logic.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* sanitizeData v2
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* sanitizeData: take 3
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Sanitize Data take 4
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Check that version is v4 before sanitizing.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* sanitize arrays.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Tests to check that typeless data are not shwon
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint Fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Do not check value types, Iterate through the message, and ensure each property of the message is declared as a type
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Check that if data type is not defined, it is a solidity type.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint Fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Code cleanup
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Move sanitizeData to utils
Tests for sanitizeData in utils
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Fix unit tests for signaturerequest
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Remove unused type
include fixedMxN and ufixedMxN checks.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* move fixtures to before each
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* invert if condition to avoid indentations.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Lint fixes
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* We should exclude types with [] at the beginning or middle as well:
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* cache nestedType
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Throw error for undefined/invalid types definition
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
* Throw if base type and types are not defined.
Signed-off-by: Akintayo A. Olusegun <akintayo.segun@gmail.com>
# Permission System 2.0
## Background
This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.
With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.
Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.
The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.
## Changes in Detail
First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.
- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.
Reviewers should focus their attention on the following files:
- `app/scripts/`
- `metamask-controller.js`
- This is where most of the integration work for the new `PermissionController` occurs.
Some functions that were internal to the original controller were moved here.
- `controllers/permissions/`
- `selectors.js`
- These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
- `specifications.js`
- The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
See the `PermissionController` readme for details.
- `migrations/068.js`
- The new state should be cross-referenced with the controllers that manage it.
The accompanying tests should also be thoroughly reviewed.
Some files may appear new but have just moved and/or been renamed:
- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
- This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
- A truncated version of `test/mocks/permission-controller.js`.
Co-authored-by: Mark Stacey <markjstacey@gmail.com>
* Clear the clipboard after the seed phrase is pasted
On the "Import" page of the import onboarding flow, we now clear the
clipboard after the secret recovery phrase is pasted. This ensures that
the SRP isn't accidentally pasted somewhere else by the user, which can
be an easy and disastrous mistake to make.
* Clear clipboard during new onboarding flow as well
