feat!: Add Multichain API support #3759
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
FrederikBolding
force-pushed
the
fb/multichain-api
branch
2 times, most recently
from
917fc58 to
491f06d
Compare
packages/snaps-simulation/src/middleware/internal-methods/chain-id.ts
Outdated
Show resolved
Hide resolved
packages/snaps-simulation/src/middleware/multichain/create-session.ts
Outdated
Show resolved
Hide resolved
packages/snaps-simulation/src/middleware/multichain/invoke-method.ts
Outdated
Show resolved
Hide resolved
packages/examples/packages/multichain-provider/src/modules/base.ts
Outdated
Show resolved
Hide resolved
FrederikBolding
changed the title
FrederikBolding
force-pushed
the
fb/multichain-api
branch
from
ef6f3be to
559f0ff
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3759 +/- ##
========================================
Coverage 98.33% 98.34%
========================================
Files 422 430 +8
Lines 12082 12250 +168
Branches 1876 1904 +28
========================================
+ Hits 11881 12047 +166
- Misses 201 203 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
packages/examples/packages/multichain-provider/src/modules/base.ts
Outdated
Show resolved
Hide resolved
| export const DEFAULT_ACCOUNTS: SimulationAccount[] = [ | ||
| { | ||
| address: '0x1234567890abcdef1234567890abcdef12345678', | ||
| address: '0xc6d5a3c98ec9073b54fa0969957bd582e8d874bf', |
There was a problem hiding this comment.
I guess this may be breaking, but it makes a lot more sense for this to return the address of the default account in the simulation IMO
There was a problem hiding this comment.
Yeah, this should be considered breaking.
There was a problem hiding this comment.
Added note to the description
FrederikBolding
force-pushed
the
fb/multichain-api
branch
from
afdf778 to
a35de5f
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
packages/examples/packages/multichain-provider/src/modules/evm.ts
Outdated
Show resolved
Hide resolved
FrederikBolding
changed the title
| case 'signTypedData': { | ||
| const params = request.params as SignTypedDataParams; | ||
| const accounts = await getAccounts(scope); | ||
| return await scopeModule.signTypedData(accounts[0], params.message); |
There was a problem hiding this comment.
Undefined account passed when accounts array is empty
Low Severity
The signMessage and signTypedData handlers use accounts[0] without checking if the array from getAccounts(scope) is empty. Since getAccounts returns session.sessionScopes[scope]?.accounts ?? [] (an empty array when no accounts exist), accounts[0] will be undefined when no session exists or the scope has no accounts. This undefined value gets passed to parseCaipAccountId() in the module methods, which will throw a confusing parsing error rather than a clear "no accounts available" message.
| case 'signTypedData': { | ||
| const params = request.params as SignTypedDataParams; | ||
| const accounts = await getAccounts(scope); | ||
| return await scopeModule.signTypedData(accounts[0], params.message); |
There was a problem hiding this comment.
Missing params validation causes crash on undefined access
Low Severity
The signMessage and signTypedData handlers cast request.params to SignMessageParams/SignTypedDataParams without validating that params exists. If a caller invokes these methods without providing params (valid in JSON-RPC), params will be undefined and accessing params.message will throw a TypeError: Cannot read properties of undefined. This is distinct from the previously reported empty accounts issue—here the crash occurs when no request params are provided at all.
Adds support for using the multichain API in Snaps. This is accomplished by setting up a separate provider and substream called
metamask-multichain-provider. Whensnap.requestis called with a multichain request, this provider and substream is used. The clients will need to route to the proper JSON-RPC pipeline based on the substream and verify that the Snap has the proper permission.Additionally this PR adds a example Snap for usage of this API, that can leverage Ethereum and Solana APIs at once. It also adds limited simulation support for the multichain API. The simulation framework implements a basic version of the multichain API where sessions are tracked and requests are routed to supported EVM providers. There are no underlying providers for non-EVM request, but they can be mocked.
Breaking: This PR changes the default accounts used in
snaps-jestto match the accounts derived from the default SRP.Note: TBD if we hold off merging this until some bugs are squashed on extension that prevent non-EVM multichain API requests
Note
Adds first-class Multichain API support across runtime, RPC, SDK, simulation, and examples.
snap.requestmultichain calls via newmetamask-multichain-providersubstream; addisMultichainRequestand stream wiring inBaseSnapExecutor.endowment:multichain-providerand register builder; expose in permissions listing/tests.wallet_createSession,wallet_getSession,wallet_invokeMethod,wallet_revokeSessionrequest/response types.wallet_invokeMethodrouting; provider now respects CAIP-2scope(EVM) and ignores non‑EVM; integrates CAIP‑25 caveat validation and simulated accounts; updates tests and defaults.@metamask/multichain-provider-example-snap(EVM + Solana) with E2E tests; added UI in test-snaps to create/revoke sessions, switch chains, and sign.Written by Cursor Bugbot for commit 17795ea. This will update automatically on new commits. Configure here.