MetaMask
chore(runway): cherry-pick fix: sanitize token addresses before requesting a bridge quote cp-7.61.0
- fix: sanitize token addresses before requesting a bridge quote cp-7.61.0 (#23889)
Description
This PR fixes an issue where some bridge/swap quotes did not yield the best quote result with the lowest price impact, by sanitizing the token addresses.
Changelog
CHANGELOG entry: fix an issue where some bridge/swap quotes did not yield the best quote result with the lowest price impact.
Related issues
Fixes: #23891
Manual testing steps
Swap/bridge quotes should yield small price impacts and not extraordinary values like 25% for most cases.
Screenshots/Recordings
Before
After
Pre-merge author checklist
- [x] I’ve followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using JSDoc format if applicable
- [x] I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
Pre-merge reviewer checklist
- [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
[!NOTE] Formats source/destination token addresses to CAIP references before requesting bridge quotes.
- Bridge quote request (
app/components/UI/Bridge/hooks/useBridgeQuoteRequest/index.ts):
- Use
formatAddressToCaipReferenceforsrcTokenAddressanddestTokenAddressinGenericQuoteRequestparams.Written by Cursor Bugbot for commit 0eb24e243bf6b1c19b968e9f03b30e47ac84f5e0. This will update automatically on new commits. Configure here.
Co-authored-by: SteP-n-s [email protected] 28070d3
![runway-github[bot] avatar](https://avatars.githubusercontent.com/in/86225?v=4 "Published by a pub.dev verified publisher"){kind=small}
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
🔍 Smart E2E Test Selection
- Selected E2E tags: SmokeTrade
- Risk Level: medium
- AI Confidence: 90%
click to see 🤖 AI reasoning details
The changes are in the useBridgeQuoteRequest hook which handles bridge quote request updates. This is a critical hook for the Bridge functionality within the MetaMask Mobile app.
Changes Analysis:
-
Bug fix for infinite requests: Added a
useRefto trackinsufficientBalstate and prevent infinite request loops when users select max balance on source token input -
Address formatting: Changed to use
formatAddressToCaipReferencefor source and destination token addresses, indicating a protocol/format change for addresses -
Dependency array optimization: Removed
insufficientBalfrom theuseCallbackdependency array to prevent unnecessary re-renders
Impact Assessment:
- The hook is used in 2 main locations:
BridgeView/index.tsxandQuoteExpiredModal/QuoteExpiredModal.tsx - These changes directly affect the bridge quote request flow, which is tested by the E2E test
e2e/specs/swaps/bridge-action-smoke.spec.ts - The test is tagged with
SmokeTradeand covers bridge functionality from Ethereum Mainnet to Base Network - The bug fix addresses a specific issue with max balance selection that could cause infinite requests
- The address formatting change could affect how addresses are passed to the BridgeController and subsequently to bridge APIs
Why SmokeTrade:
- Bridge functionality is part of the SmokeTrade tag (Token swaps, bridge, DEX trading)
- There's a dedicated E2E test file
bridge-action-smoke.spec.tsthat tests bridge flows - The changes affect core bridge quote request logic that needs validation
Why Medium Risk:
- This is a bug fix combined with a protocol change (address formatting)
- The changes are in production code that directly affects user-facing bridge functionality
- The infinite loop prevention and address format changes need validation to ensure they work correctly
- However, the changes are localized to a specific hook and don't affect core engine or controller logic
Confidence: High confidence (90%) because:
- The changes are clearly scoped to bridge functionality
- There's a direct E2E test that covers this feature
- The impact is well-understood and limited to bridge quote requests
- The tag selection is straightforward based on the available tags
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarQube Cloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
No release label on PR. Adding release label release-7.61.0 on PR, as PR was cherry-picked in branch 7.61.0.
