feat: require messenger and Blockaid bulk scan in TokenDataSource

[salimtb]

Explanation

Current state and why it changed

TokenDataSource used a minimum occurrence count (Tokens API occurrences) to drop likely spam before merging metadata. That heuristic is coarse: it can hide legitimate low-occurrence tokens and still allow tokens that security scanning flags as malicious.

Solution

• Blockaid bulk token scan — Before enriching metadata, TokenDataSource calls PhishingController:bulkScanTokens on the shared AssetsControllerMessenger, batches addresses (EVM by hex chain id; non-EVM token namespace by chain name, aligned with the multichain pattern), and drops assets whose scan result is malicious. Where scanning doesn’t apply or fails, behavior stays fail-open (keep the asset) as implemented.
• Constructor — TokenDataSource now takes (messenger, options) with a required AssetsControllerMessenger, consistent with other data sources and ensuring the phishing action is wired in production.

Non-obvious details

• numberToHex for EVM chain ids must come from @metamask/utils (not @metamask/controller-utils) so the Blockaid path does not throw and accidentally fail open.
• Public package index — AssetsControllerMethodActions and data-source *AllowedActions / *AllowedEvents were removed from the root export per repo ESLint/controller guidelines. TokenDataSourceAllowedActions remains exported from TokenDataSource as an explicit alias for messenger wiring.

---

References

• PR: feat: require messenger and Blockaid bulk scan in TokenDataSource #8329
• Updating changelogs
• Breaking changes

---

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Introduces a new dependency on PhishingController:bulkScanTokens and changes TokenDataSource construction/signature, which can break consumers and affects which tokens are persisted in balances/metadata if the scan or chain-mapping is incorrect.

Overview
Token metadata enrichment now performs a Blockaid malicious-token screen. TokenDataSource batches detected token addresses and calls PhishingController:bulkScanTokens, removing assets flagged malicious (and pruning them from assetsInfo, assetsBalance, and detectedAssets) before merging Tokens API v3 metadata; the previous minimum-occurrences spam heuristic was removed.

Breaking wiring changes: TokenDataSource now requires the shared AssetsControllerMessenger via a (messenger, options) constructor, AssetsController adds PhishingControllerBulkScanTokensAction to its allowed actions and passes its messenger through, and @metamask/phishing-controller is added as a dependency. Public root exports were also trimmed to stop re-exporting various *AllowedActions/*AllowedEvents types (including TokenDataSourceAllowedActions), and tests were updated accordingly.

^{Written by Cursor Bugbot for commit 5231be9. This will update automatically on new commits. Configure here.}

[salimtb]

@metamaskbot publish-preview

[salimtb]

@metamaskbot publish-preview

[salimtb]

@metamaskbot publish-preview

[github-actions]

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/account-tree-controller@7.0.0-preview-5231be986
@metamask-previews/accounts-controller@37.1.1-preview-5231be986
@metamask-previews/address-book-controller@7.1.1-preview-5231be986
@metamask-previews/ai-controllers@0.6.3-preview-5231be986
@metamask-previews/analytics-controller@1.0.1-preview-5231be986
@metamask-previews/analytics-data-regulation-controller@0.0.0-preview-5231be986
@metamask-previews/announcement-controller@8.1.0-preview-5231be986
@metamask-previews/app-metadata-controller@2.0.1-preview-5231be986
@metamask-previews/approval-controller@9.0.1-preview-5231be986
@metamask-previews/assets-controller@3.2.1-preview-5231be986
@metamask-previews/assets-controllers@103.0.0-preview-5231be986
@metamask-previews/base-controller@9.0.1-preview-5231be986
@metamask-previews/base-data-service@0.1.1-preview-5231be986
@metamask-previews/bridge-controller@69.2.3-preview-5231be986
@metamask-previews/bridge-status-controller@70.0.3-preview-5231be986
@metamask-previews/build-utils@3.0.4-preview-5231be986
@metamask-previews/chain-agnostic-permission@1.5.0-preview-5231be986
@metamask-previews/claims-controller@0.5.0-preview-5231be986
@metamask-previews/client-controller@1.0.1-preview-5231be986
@metamask-previews/compliance-controller@1.0.2-preview-5231be986
@metamask-previews/composable-controller@12.0.1-preview-5231be986
@metamask-previews/config-registry-controller@0.2.0-preview-5231be986
@metamask-previews/connectivity-controller@0.2.0-preview-5231be986
@metamask-previews/controller-utils@11.19.0-preview-5231be986
@metamask-previews/core-backend@6.2.1-preview-5231be986
@metamask-previews/delegation-controller@2.1.0-preview-5231be986
@metamask-previews/earn-controller@11.2.1-preview-5231be986
@metamask-previews/eip-5792-middleware@3.0.2-preview-5231be986
@metamask-previews/eip-7702-internal-rpc-middleware@0.1.0-preview-5231be986
@metamask-previews/eip1193-permission-middleware@1.0.3-preview-5231be986
@metamask-previews/ens-controller@19.1.1-preview-5231be986
@metamask-previews/eth-block-tracker@15.0.1-preview-5231be986
@metamask-previews/eth-json-rpc-middleware@23.1.1-preview-5231be986
@metamask-previews/eth-json-rpc-provider@6.0.1-preview-5231be986
@metamask-previews/foundryup@1.0.1-preview-5231be986
@metamask-previews/gas-fee-controller@26.1.1-preview-5231be986
@metamask-previews/gator-permissions-controller@3.0.0-preview-5231be986
@metamask-previews/geolocation-controller@0.1.2-preview-5231be986
@metamask-previews/json-rpc-engine@10.2.4-preview-5231be986
@metamask-previews/json-rpc-middleware-stream@8.0.8-preview-5231be986
@metamask-previews/keyring-controller@25.1.1-preview-5231be986
@metamask-previews/logging-controller@8.0.1-preview-5231be986
@metamask-previews/message-manager@14.1.1-preview-5231be986
@metamask-previews/messenger@1.0.0-preview-5231be986
@metamask-previews/multichain-account-service@8.0.1-preview-5231be986
@metamask-previews/multichain-api-middleware@2.0.0-preview-5231be986
@metamask-previews/multichain-network-controller@3.0.6-preview-5231be986
@metamask-previews/multichain-transactions-controller@7.0.4-preview-5231be986
@metamask-previews/name-controller@9.1.1-preview-5231be986
@metamask-previews/network-controller@30.0.1-preview-5231be986
@metamask-previews/network-enablement-controller@5.0.1-preview-5231be986
@metamask-previews/notification-services-controller@23.0.1-preview-5231be986
@metamask-previews/permission-controller@12.3.0-preview-5231be986
@metamask-previews/permission-log-controller@5.1.0-preview-5231be986
@metamask-previews/perps-controller@2.0.0-preview-5231be986
@metamask-previews/phishing-controller@17.1.0-preview-5231be986
@metamask-previews/polling-controller@16.0.4-preview-5231be986
@metamask-previews/preferences-controller@23.1.0-preview-5231be986
@metamask-previews/profile-metrics-controller@3.1.2-preview-5231be986
@metamask-previews/profile-sync-controller@28.0.2-preview-5231be986
@metamask-previews/ramps-controller@12.1.0-preview-5231be986
@metamask-previews/rate-limit-controller@7.0.1-preview-5231be986
@metamask-previews/react-data-query@0.2.0-preview-5231be986
@metamask-previews/remote-feature-flag-controller@4.2.0-preview-5231be986
@metamask-previews/sample-controllers@4.0.4-preview-5231be986
@metamask-previews/seedless-onboarding-controller@9.1.0-preview-5231be986
@metamask-previews/selected-network-controller@26.1.0-preview-5231be986
@metamask-previews/shield-controller@5.1.0-preview-5231be986
@metamask-previews/signature-controller@39.1.2-preview-5231be986
@metamask-previews/social-controllers@0.0.0-preview-5231be986
@metamask-previews/storage-service@1.0.1-preview-5231be986
@metamask-previews/subscription-controller@6.1.1-preview-5231be986
@metamask-previews/transaction-controller@63.3.1-preview-5231be986
@metamask-previews/transaction-pay-controller@19.0.0-preview-5231be986
@metamask-previews/user-operation-controller@41.1.1-preview-5231be986

[cryptodev-2s]

Some minimal suggestions: @metamask/assets-controller now depends on @metamask/phishing-controller.

Could you also update the root dependency graph in the README by running yarn update-readme-content?

[cryptodev-2s]

Nit: Should we also update tsconfig.json and tsconfig.build.json