Jl/caip multichain/fix connection flow for permitted chains

[jiexi]

Description

Connects the new AmonHenV2 Connection Flow to CAIP Multichain:

• Preserves and syncs eth accounts across eip155 scopes when permitted chains are changed
• Grants full methods and notifications to scopeObject when a new chain is permitted
• ConnectPage Approval now uses the caveat values from eth_accounts and endowment:permitted-chains as the default selected account and chains
• wallet_createSession passes a list of supported eth accounts and eth chainIds based on the supported scopes to be used as the preselected/default values in the ConnectPage Approval
• wallet_createSession removes supported eip155 scopes that were not approved and adds ones that were not in the original request but were approved

Related issues

Fixes:

Manual testing steps

Replace the account addresses below with your own addresses to test the preselected accounts. This request should preselect mainnet and sepolia (which is different from the default which preselects all non testnet networks)

const EXTENSION_ID = 'nonfpcflonapegmnfeafnddgdniflbnk';
const extensionPort = chrome.runtime.connect(EXTENSION_ID)
extensionPort.onMessage.addListener((msg) => console.log('extensionPort on message', msg))
extensionPort.postMessage({
    type: 'caip-x',
    data: {
        "jsonrpc": "2.0",
        method: 'wallet_createSession',
        params: {
            requiredScopes: {
                'eip155': {
                    references: ['1', '11155111'],
                    methods: [
                        'eth_sendTransaction',
                        'eth_getBalance',
                        'eth_subscribe'
                    ],
                    notifications: ['eth_subscription'],
                    accounts: ['eip155:1:0x5bA08AF1bc30f17272178bDcACA1C74e94955cF4', 'eip155:1:0xdeadbeef', 'eip155:1:0x398fC6Ec25889e7373310dC4c3491b18575d5d6B']
                }
            },
            optionalScopes: {
            },
            sessionProperties: {
                'caip154-mandatory': 'true',
            },
        },
    }
})

replace this with your own address to test preselected accounts.

 "method": "wallet_requestPermissions",
 "params": [
  {
    eth_accounts: {
        caveats: [
            {
              type: 'restrictReturnedAccounts',
                value: ['0x5bA08AF1bc30f17272178bDcACA1C74e94955cF4']
            }
            ]
    }
  }
],
});

This one works for preselecting chains

 "method": "wallet_requestPermissions",
 "params": [
  {
    'endowment:permitted-chains': {
        caveats: [
            {
              type: 'restrictNetworkSwitching',
                value: ['0x1']
            }
            ]
    }
  }
],
});

You can also combine the params of these two wallet_requestPermissions examples

One for eth_requestAccounts

await window.ethereum.request({
 "method": "eth_requestAccounts",
 "params": [],
});

And of course you can connect via the wallet UI directly.

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[jiexi]

might be worth making this change against develop?

[adonesky1]

Yeah makes sense. Even just a bit less code in the feature branch too is good! 😅

[jiexi]

#27517

[adonesky1]

Video of a bug where requests are failing after permissions are granted through wallet UI:

Screen.Recording.2024-09-30.at.12.18.12.PM.mov

Looks like the permissions are there but probably failing because the permission is marked as isMultichainOrigin = false?

This seems like another reason why having even partial lockout will be very challenging

[adonesky1]

I believe this change may be breaking something about the UI in the wallet_switchEthereumChain permissions flow on the legacy API?

Screen.Recording.2024-09-30.at.3.07.51.PM.mov

[jiexi]

I don' think I understand what is broken here. If I am correct, you start without Ethereum mainnet permissioned, and then switch to it. After approving the switch, Ethereum mainnet is checked inside the EditNetworkModal. I assume this dapp has EIP-1193 granted permissions, otherwise the switch chain call would have failed (rather than prompting the user to approve or not)

[adonesky1]

Oh sorry I'm specifically highlighting that that switch chain permission UI no longer shows the ethereum avatar or network name

[jiexi]

ahh gotcha. missed that

[jiexi]

Fixed here 60f7518

will pull into PR against dev as well

[jiexi]

#27518

[adonesky1]

What does "all eip155 accounts synced" mean?

[jiexi]

From the eip155 scopeObjects, gather the unique list of eip155 accounts, and then assign that list back to each eip155 scopeObject (overwriting any accounts array value that was previous there)

[sonarcloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
83.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[adonesky1]

LGTM!