Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Security Alerts API - GET request to get supportedChains blocks the Send Flow until resolved #28255

Closed
seaona opened this issue Nov 4, 2024 · 0 comments · Fixed by #28313
Closed

[Bug]: Security Alerts API - GET request to get supportedChains blocks the Send Flow until resolved #28255

seaona opened this issue Nov 4, 2024 · 0 comments · Fixed by #28313
Assignees
@vinistevam
Labels
regression-RC-12.7.0 release-12.8.0 Issue or pull request that will be included in release 12.8.0 release-blocker This bug is blocking the next release Sev2-normal Normal severity; minor loss of service or inconvenience. team-confirmations Push issues to confirmations team type-bug

Comments

@seaona
Copy link
Contributor

seaona commented Nov 4, 2024

Describe the bug

Whenever we start a Send flow, there is a request send to the host security-alerts.api.cx.metamask.io to get the supportedChains. The problem is that the Send flow is blocked until this request is resolved (either success or failed).

Expected behavior

We shouldn't block the Send flow until this API request is resolved. If the API is slow, this impacts the overall user experience.
We might want to have an initial value for that array, so this is non blocking, and update it when we get the response?

Screenshots/Recordings

security-alerts-api-block.mp4

Steps to reproduce

  1. Use a proxy to intercept requests (ie Burpsuite)
  2. Start a Send flow
  3. Intercep the request to security-alerts.api.cx.metamask.io
  4. See send flow cannot be initiated until we have a response to this request

Error messages or log output

No response

Detection stage

During release testing

Version

12.7.0

Build type

None

Browser

Chrome

Operating system

Linux

Hardware wallet

No response

Additional context

No response

Severity

No response
@seaona seaona added type-bug Sev2-normal Normal severity; minor loss of service or inconvenience. team-confirmations Push issues to confirmations team regression-RC-12.7.0 labels Nov 4, 2024
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by team Nov 4, 2024
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by severity Nov 4, 2024
@bschorchit bschorchit added the release-blocker This bug is blocking the next release label Nov 4, 2024
@vinistevam vinistevam mentioned this issue Nov 6, 2024
Merged
7 tasks
github-merge-queue bot pushed a commit that referenced this issue Nov 12, 2024
@vinistevam
fix: get supportedChains to avoid blocking the confirmation process (
e54f555 
…#28313)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
This PR addresses the blocking behaviour in the confirmation process
caused by the synchronous `supportedChains` check. Previously, the Send
flow was halted until a response from the
`security-alerts.api.cx.metamask.io` API was received. This created
delays and negatively impacted the user experience, especially when the
API response was slow.

**Key Changes:**
**Asynchronous Chain Validation:** The `supportedChains` check is now
performed asynchronously within the non-awaited
`validateRequestWithPPOM` function. This ensures that the Send flow is
not blocked while waiting for the API response.
**Introduction of CheckingChain Result Type:** A new result type,
`CheckingChain`, is introduced to represent the intermediate state
before a definitive result is obtained. This state is used before the
`loading` status in both middleware and transaction utility functions.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28313?quickstart=1)

## **Related issues**

Fixes: #28255
#28257

## **Manual testing steps**

1. Use a proxy to intercept requests
2. Start a Send flow
3. Intercept the request to `security-alerts.api.cx.metamask.io`
4. See send flow cannot be initiated until we have a response to this
request

## **Screenshots/Recordings**


[supported-chains-.webm](https://github.com/user-attachments/assets/4e9e495a-10f3-4bb1-8d05-8045a735b655)


[unsupported-chains.webm](https://github.com/user-attachments/assets/e5767bc1-2eab-44bd-83c3-777d34c23ff6)

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
@github-project-automation github-project-automation bot moved this from To be fixed to Fixed in Bugs by team Nov 12, 2024
@github-project-automation github-project-automation bot moved this from To be fixed to Fixed in Bugs by severity Nov 12, 2024
@metamaskbot metamaskbot added the release-12.8.0 Issue or pull request that will be included in release 12.8.0 label Nov 12, 2024
vinistevam added a commit that referenced this issue Nov 12, 2024
@vinistevam
fix: get supportedChains to avoid blocking the confirmation process (
3b9d84c 
…#28313)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

This PR addresses the blocking behaviour in the confirmation process
caused by the synchronous `supportedChains` check. Previously, the Send
flow was halted until a response from the
`security-alerts.api.cx.metamask.io` API was received. This created
delays and negatively impacted the user experience, especially when the
API response was slow.

**Key Changes:**
**Asynchronous Chain Validation:** The `supportedChains` check is now
performed asynchronously within the non-awaited
`validateRequestWithPPOM` function. This ensures that the Send flow is
not blocked while waiting for the API response.
**Introduction of CheckingChain Result Type:** A new result type,
`CheckingChain`, is introduced to represent the intermediate state
before a definitive result is obtained. This state is used before the
`loading` status in both middleware and transaction utility functions.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28313?quickstart=1)

Fixes: #28255
#28257

1. Use a proxy to intercept requests
2. Start a Send flow
3. Intercept the request to `security-alerts.api.cx.metamask.io`
4. See send flow cannot be initiated until we have a response to this
request

[supported-chains-.webm](https://github.com/user-attachments/assets/4e9e495a-10f3-4bb1-8d05-8045a735b655)

[unsupported-chains.webm](https://github.com/user-attachments/assets/e5767bc1-2eab-44bd-83c3-777d34c23ff6)

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

<!-- [screenshots/recordings] -->

<!-- [screenshots/recordings] -->

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
@vinistevam vinistevam mentioned this issue Nov 12, 2024
Merged
7 tasks
danjm pushed a commit that referenced this issue Nov 13, 2024
@vinistevam
fix (cherry-pick): get supportedChains to avoid blocking the confir…
f042d84 
…mation process (#28422)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**
Cherry-pick of #28313 for release `12.7.0`.
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28422?quickstart=1)

## **Related issues**

Fixes: #28255
#28257

## **Manual testing steps**

1. Use a proxy to intercept requests
2. Start a Send flow
3. Intercept the request to `security-alerts.api.cx.metamask.io`
4. See send flow cannot be initiated until we have a response to this
request

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**


[supported-chains-.webm](https://github.com/user-attachments/assets/4e9e495a-10f3-4bb1-8d05-8045a735b655)


[unsupported-chains.webm](https://github.com/user-attachments/assets/e5767bc1-2eab-44bd-83c3-777d34c23ff6)

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vinistevam vinistevam

Labels
regression-RC-12.7.0 release-12.8.0 Issue or pull request that will be included in release 12.8.0 release-blocker This bug is blocking the next release Sev2-normal Normal severity; minor loss of service or inconvenience. team-confirmations Push issues to confirmations team type-bug
Projects
Bugs by severity
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: get supportedChains to avoid blocking the confirmation process MetaMask/metamask-extension
4 participants
@bschorchit @metamaskbot @vinistevam @seaona