metamask-extension
metamask-extension copied to clipboard
MetaMask
feat: Migrate eth_accounts and permittedChains to CAIP-25 endowment
Description
This PR replaces the replaces the internal eth_accounts and endowment:permittedChains permission structure with a CAIP-25 endowment. It adds adapter logic to translate to and from the new internal CAIP-25 permissions. This change should be transparent to wallet users and to dapps except for one case, see below. This change is required in order to support CAIP-25 and CAIP-27 requests in a follow-up PR that enables the Multichain API.
Related issues
Related: https://github.com/MetaMask/core/pull/4784
Manual testing steps
There should be no user or dapp facing difference in behavior except in wallet_revokePermissions, see below.
When calling wallet_revokePermissions and specifying either eth_accounts or endowment:permitted-chains, the entire CAIP-25 permission will be revoked. It will appear to the dapp as if both eth_accounts and endowment:permitted-chains were revoked.
await window.ethereum.request({
"method": "wallet_revokePermissions",
"params": [
{
eth_accounts: {}
}
],
});
await window.ethereum.request({
"method": "wallet_revokePermissions",
"params": [
{
'endowment:permitted-chains': {}
}
],
});
await window.ethereum.request({
"method": "wallet_getPermissions",
"params": [],
});
Screenshots/Recordings
Before
After
Pre-merge author checklist
- [ ] I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using JSDoc format if applicable
- [ ] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@metamask/[email protected] 🔁 npm/@metamask/[email protected] | None | 0 |
270 kB | metamaskbot |
| npm/@metamask/[email protected] | None | 0 |
318 kB | metamaskbot |
| npm/@open-rpc/[email protected] 🔁 npm/@open-rpc/[email protected] | None | 0 |
38.4 kB | belfordz |
🚮 Removed packages: npm/@json-schema-spec/[email protected], npm/@json-schema-tools/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎
This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
@SocketSecurity ignore npm/@metamask/[email protected]
the fetch isn't new, but even then it's fine because it fetches caller supplied url
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Quality Gate passed
Issues
15 New issues
0 Accepted issues
Measures
0 Security Hotspots
83.8% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Policies updated.
👀 Please review the diff for suspicious new powers.
🧠 Learn how: https://lavamoat.github.io/guides/policy-diff/#what-to-look-for-when-reviewing-a-policy-diff
Builds ready [25bfb4f]
- builds: chrome, firefox
- builds (beta): chrome
- builds (flask): chrome, firefox
- builds (MMI): chrome, firefox
- builds (test): chrome, firefox
- builds (test-flask): chrome, firefox
- build viz: Build System
- mv3: Background Module Init Stats
- mv3: UI Init Stats
- mv3: Module Load Stats
- mv3: Bundle Size Stats
- mv2: E2e Actions Stats
- code coverage: Report
- storybook: Storybook
- typescript migration: Dashboard
- all artifacts
Page Load Metrics (1840 ± 119 ms)
| Platform | Page | Metric | Min (ms) | Max (ms) | Average (ms) | StandardDeviation (ms) | MarginOfError (ms) |
|---|---|---|---|---|---|---|---|
| Chrome | Home | firstPaint | 353 | 2589 | 1673 | 465 | 223 |
| domContentLoaded | 1595 | 2318 | 1793 | 186 | 89 | ||
| load | 1605 | 2709 | 1840 | 248 | 119 | ||
| domInteractive | 16 | 125 | 57 | 26 | 13 | ||
| backgroundConnect | 8 | 293 | 43 | 63 | 30 | ||
| firstReactRender | 48 | 206 | 92 | 48 | 23 | ||
| getState | 5 | 196 | 33 | 43 | 21 | ||
| initialActions | 0 | 0 | 0 | 0 | 0 | ||
| loadScripts | 1139 | 1753 | 1342 | 147 | 71 | ||
| setupStore | 11 | 163 | 35 | 36 | 17 | ||
| uiStartup | 1768 | 3708 | 2105 | 406 | 195 |
Bundle size diffs [🚀 Bundle size reduced!]
- background: -25.19 KiB (-0.50%)
- ui: 593 Bytes (0.01%)
- common: -120.86 KiB (-1.53%)
@SocketSecurity ignore npm/@metamask/[email protected] @SocketSecurity ignore npm/@metamask/[email protected]
author is known. access is acceptable
Builds ready [7f70c0b]
- builds: chrome, firefox
- builds (beta): chrome
- builds (flask): chrome, firefox
- builds (MMI): chrome, firefox
- builds (test): chrome, firefox
- builds (test-flask): chrome, firefox
- build viz: Build System
- mv3: Background Module Init Stats
- mv3: UI Init Stats
- mv3: Module Load Stats
- mv3: Bundle Size Stats
- mv2: E2e Actions Stats
- code coverage: Report
- storybook: Storybook
- typescript migration: Dashboard
- all artifacts
Page Load Metrics (2111 ± 140 ms)
| Platform | Page | Metric | Min (ms) | Max (ms) | Average (ms) | StandardDeviation (ms) | MarginOfError (ms) |
|---|---|---|---|---|---|---|---|
| Chrome | Home | firstPaint | 1675 | 2746 | 2110 | 296 | 142 |
| domContentLoaded | 1661 | 2675 | 2074 | 282 | 135 | ||
| load | 1676 | 2766 | 2111 | 291 | 140 | ||
| domInteractive | 21 | 109 | 53 | 22 | 11 | ||
| backgroundConnect | 9 | 92 | 35 | 25 | 12 | ||
| firstReactRender | 47 | 289 | 105 | 56 | 27 | ||
| getState | 4 | 68 | 28 | 23 | 11 | ||
| initialActions | 0 | 1 | 0 | 0 | 0 | ||
| loadScripts | 1210 | 2028 | 1522 | 241 | 116 | ||
| setupStore | 11 | 86 | 34 | 24 | 12 | ||
| uiStartup | 1855 | 3373 | 2364 | 369 | 177 |
Bundle size diffs [🚀 Bundle size reduced!]
- background: -25.19 KiB (-0.57%)
- ui: 593 Bytes (0.01%)
- common: -120.86 KiB (-1.53%)