refactor: Replace DetectTokensController with core monorepo's TokenDetectionController

[MajorLift]

Description

This commit replaces DetectTokensController with the core repo's TokenDetectionController.

This represents the final step of Shared Libraries' initiative to a) consolidate the core repo's TokenDetectionController, the extension's DetectTokensController, and relevant mobile patches to @metamask/assets-controllers, with the goal of b) migrating both extension and mobile to use the consolidated controller in core.

This also represents a full conversion to TypeScript for DetectTokensController and its unit tests.

Related issues

• Contributes to:
  • Merge extension and mobile controllers core#700
  • Merge TokenDetectionController with DetectTokensController (from extension), and migrate to this repo core#1812
• Closes:
  • Replace DetectTokensController with consolidated TokenDetectionController from core repo #23127
  • Convert detect-tokens.js to typescript #23322
• Blocked by:
  • Bring TokenDetectionController up-to-date and release new version of assets-controllers core#3916
    • [token-detection-controller] Apply recent DetectTokensController updates core#3923
    • Release 123.0.0 core#4007 (@metamask/assets-controllers v26)

Manual testing steps

• Check whether issue no. 4 in this comment Replace useSafeGasEstimatePolling with usePolling #23010 (comment) can be reproed in this branch.

Changelog

metamask-extension

• MetamaskController class:
  • Define a preferencesControllerMessenger instance which only allows the PreferencesController:getState action and PreferencesController:stateChange event.
  • Add a subscription to the preferences-controller observable store, with a listener that publishes a PreferencesController:stateChange event.
• PreferencesController:
  • Add messenger as an optional constructor options object property.
  • Register a PreferencesController:getState action handler.
• BREAKING: Replace all imports of toChecksumHexAddress from @metamask/controller-utils with imports from the internal shared/modules/hexstring-utils module.
• BREAKING: Bump @metamask/assets-controllers to ^26.0.0.
  • Remove patch.
• BREAKING: Bump @metamask/accounts-controller to ^11.0.0.
  • Remove unused diff in patch.
• BREAKING: Bump @metamask/keyring-controller to ^13.0.0.
  • Remove patch.
• BREAKING: Remove @metamask/polling-controller as a dependency.
  • Required by test-yarn-dedupe CI run.
• Bump @metamask/controller-utils to ^8.0.4.

TokenDetectionController (compared to DetectTokensController)

• BREAKING: Inherit from StaticIntervalPollingController instead of StaticIntervalPollingControllerOnly

• Constructor and class fields:

  • BREAKING: Remove preferences, network, tokenList, tokensController, assetsContractController, getCurrentSelectedAccount, getNetworkClientById as constructor options, and add required option getBalancesInSingleCall.
  • BREAKING: Remove disableLegacyInterval class field and constructor option.
    • #restartTokenDetection always resets polling interval to default regardless of whether legacy or new polling is being used.
  • BREAKING: Add a #disabled private class field, which blocks all network requests if set to true, and add disabled as an optional constructor option, which defaults to 'true' if omitted.
  • BREAKING: Remove isOpen class field, and replace by adding enable, disable public methods.
  • Add optional constructor option selectedAddress. If omitted, its value is populated by calling the AccountsController:getSelectedAccount action.

• Messenger:

  • BREAKING: Newly subscribe to the PreferencesController:stateChange, AccountsController:selectedAccountChange, KeyringController:lock, KeyringController:unlock events.
  • BREAKING: Newly allow messenger actions AccountsController:getSelectedAccount, NetworkController:getNetworkClientById, NetworkController:getNetworkConfigurationByNetworkClientId, NetworkController:getState, KeyringController:getState, PreferencesController:getState, TokenListController:getState, TokensController:getState, and TokensController:addDetectedTokens.

• BREAKING: detectTokens replaces the detectNewTokens method.

  • BREAKING: Now expects an options object with optional properties selectedAddress, networkClientId, removing the chainId option.
  • BREAKING: Passes lists of full Token types to TokensController:addDetectedTokens instead of objects containing only { address, decimals, symbol }.
  • Processes an arbitrary number of tokens in batches of 1000.
    • Previously, detectTokens was limited to two batches, with the first batch being limited to 1000 tokens.
    • If the getBalancesInSingleCall callback fails, it does not throw an error or exit early, and the method continues processing the next batch of tokens.

• BREAKING: #restartTokenDetection is a private method instead of public.

• BREAKING: Replace the getChainIdFromNetworkStore method with the private method #getCorrectChainIdAndNetworkClientId.

• BREAKING: #trackMetaMetricsEvents is a private method instead of protected.

  • Passes string literals instead of extension shared constants into _trackMetaMetricsEvent.

TokensController

• BREAKING: Newly allows NetworkController:getNetworkClientById messenger action.
• BREAKING: Newly subscribes to NetworkController:networkDidChange, PreferencesController:stateChange, TokenListController:stateChange events.
• BREAKING: Unsubscribes from NetworkController:stateChange event.

Screenshots/Recordings

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I’ve properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
New author	npm/rfdc@1.3.1	New Author: matteo.collina Previous Author: davidmarkclements

Ignoring: npm/@metamask/accounts-controller@11.0.0, npm/@metamask/assets-controllers@26.0.0, npm/@metamask/eth-json-rpc-infura@9.1.0, npm/@metamask/keyring-controller@13.0.0, npm/@metamask/preferences-controller@8.0.0

View full report↗︎

Next steps

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/rfdc@1.3.1

[mcmire]

LGTM!

[bergeron]

I'm not super familiar with the controller messaging patterns to determine if they're all correct. But I don't see anything that looks wrong! 🚀

[metamaskbot]

Builds ready [17dde59]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1048 ± 461 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	69	223	128	40	19
		domContentLoaded	9	89	37	23	11
		load	62	2252	1048	960	461
		domInteractive	9	89	37	23	11

Bundle size diffs [🚀 Bundle size reduced!]

• background: -73.33 KiB (-2.00%)
• ui: 48 Bytes (0.00%)
• common: -3.47 KiB (-0.07%)

[mcmire]

Looks good!