Multichain: Audit MetaMaskController's getApi usages for chain ID

[darkwing]

What is this about?

Work was done months ago to bring Controllers to a multichain architecture. That said, there could be regression. All of the methods that app/scripts/metamask-controller.js 's getApi method should be audited to ensure they are passed a chainId and not assume the global chain Id.

Per Mark:

Back to your question, the general area of concern I had was "every background operation that assumes it's for the globally selected chain ID". I had mentioned in a previous meeting something about auditing controller method calls or background API calls. It should be the case that all controller operations pertaining to a given chain accept a chainId parameter (apart from TokenBalancesController maybe, which someone is handling). But in many cases it's optional, and the globally selected chain is used as a default. Once we enable multichain, that would be a bug. The chain ID needs to be passed through everywhere.

Some subset of them accept an optional chainId or networkClientId. We could read each one to come up with that smaller list, then look at the callsites to ensure that it's always passed in.

Scenario

No response

Design

No response

Technical Details

No response

Threat Modeling Framework

No response

Acceptance Criteria

No response

Stakeholder review needed before the work gets merged

• Engineering (needed in most cases)
• Design
• Product
• QA (automation tests are required to pass before merging PRs but not all changes are covered by automation tests - please review if QA is needed beyond automation tests)
• Security
• Legal
• Marketing
• Management (please specify)
• Other (please specify)

References

No response