feat: Mitigate risk for distracted users on queued transactions from different dApps #25852
Conversation
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
0b238e8
to
c82d5fd
Compare
| @@ -1920,6 +1920,9 @@ | |||
| "etherscanViewOn": { | |||
| "message": "View on Etherscan" | |||
| }, | |||
| "existingRequestsBannerAlertDesc": { | |||
| "message": "To view and confirm your most recent request, you'll need to approve or reject existing requests first." | |||
There was a problem hiding this comment.
Is this a sample or final?
Is the fundamental risk here not the fact that the dApp or chain could have changed without the user realising?
Should that be referenced also?
There was a problem hiding this comment.
Raising this with @bschorchit
There was a problem hiding this comment.
Is the fundamental risk here not the fact that the dApp or chain could have changed without the user realising?
Wouldn't that be this issue here: https://github.com/MetaMask/MetaMask-planning/issues/2759 , @matthewwalsh0 ?
There was a problem hiding this comment.
The current one that Pedro is working on is regarding queued requests initially not showing up until the user rejects or confirms the first. https://github.com/MetaMask/MetaMask-planning/issues/2758
There was a problem hiding this comment.
I understand that, but does it not seem obvious to say you have to approve or reject existing requests first? Is the confusion we are trying to address that requests from another dApp aren't yet visible in the navigation?
...e-container/confirm-page-container-navigation/confirm-page-container-navigation.component.js
Outdated
Show resolved
Hide resolved
...e-container/confirm-page-container-navigation/confirm-page-container-navigation.component.js
Outdated
Show resolved
Hide resolved
...e-container/confirm-page-container-navigation/confirm-page-container-navigation.component.js
Outdated
Show resolved
Hide resolved
pedronfigueiredo
force-pushed
the
pnf/2758
branch
2 times, most recently
from
d8d480c
to
ea183e5
Compare
pedronfigueiredo
changed the title
pedronfigueiredo
force-pushed
the
pnf/2758
branch
4 times, most recently
from
ce44b26
to
7d0c605
Compare
| }); | ||
| } | ||
| }, [JSON.stringify(properties), queuedRequestCount]); | ||
| }; |
There was a problem hiding this comment.
It looks bit unusual to have hook which does not return anything but itself performs task, an option could be we return a callback from this hook which user can invoke.
There was a problem hiding this comment.
It's rare, but it feels like a good usage since we can automate the metrics based on dependencies and encapsulate that logic, rather than it being a component problem.
We do something similar in useSimulationMetrics already.
Concerning the documentation, it feels suitable since we are still synchronizing with an external system, in this case Segment.
| @@ -54,6 +54,10 @@ export function getPendingApprovals(state: ApprovalsMetaMaskState) { | |||
| return Object.values(state.metamask.pendingApprovals ?? []); | |||
| } | |||
|
|
|||
| export function pendingApprovalsSortedSelector(state: ApprovalsMetaMaskState) { | |||
| return getPendingApprovals(state).sort((a1, a2) => a1.time - a2.time); | |||
| } | |||
There was a problem hiding this comment.
This may be duplicate:
There was a problem hiding this comment.
Does the one in confirm.ts not filter to specific types?
There was a problem hiding this comment.
Exactly, I opted to create a new one that wouldn't filter any pending approvals.
| } from '../../../selectors'; | ||
|
|
||
| export const useQueuedConfirmationsEvent = (queueType: QueueType) => { | ||
| const pendingApprovals = useSelector(pendingApprovalsSortedSelector); |
There was a problem hiding this comment.
This selector may be useful here:
There was a problem hiding this comment.
Thanks Jyoti. However, this selector uses pendingConfirmationsSortedSelector which in turn filters the approval types. We want to show this banner for all confirmation types, including switch ethereum chain and others.
|
|
||
| describe('<QueuedRequestsBannerAlert />', () => { | ||
| beforeEach(() => { | ||
| jest.resetAllMocks(); |
There was a problem hiding this comment.
test case does not seems to have mocks
| ); | ||
|
|
||
| expect(container).toMatchSnapshot(); | ||
| }); |
There was a problem hiding this comment.
Will be nice to test scenario when alerts are present
| await mockedTrackedQueueControllerEvent(server), | ||
| await mockedTrackedQueueControllerEvent(server), | ||
| ]; | ||
| } |
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
7d0c605
to
1c2a951
Compare
ui/pages/confirmations/hooks/alerts/transactions/useQueuedConfirmationsAlerts.ts
Show resolved
Hide resolved
| @@ -54,6 +54,10 @@ export function getPendingApprovals(state: ApprovalsMetaMaskState) { | |||
| return Object.values(state.metamask.pendingApprovals ?? []); | |||
| } | |||
|
|
|||
| export function pendingApprovalsSortedSelector(state: ApprovalsMetaMaskState) { | |||
| return getPendingApprovals(state).sort((a1, a2) => a1.time - a2.time); | |||
| } | |||
There was a problem hiding this comment.
Does the one in confirm.ts not filter to specific types?
pedronfigueiredo
force-pushed
the
pnf/2758
branch
5 times, most recently
from
9158c9d
to
69f936c
Compare
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
(updates since last review)
The pull request introduces a new banner alert and corresponding metrics event to mitigate risks for distracted users handling queued transactions from different dApps.
- New Banner Alert: Added
QueuedRequestsBannerAlertcomponent in multiple files to notify users about queued transactions. - Metrics Event: Introduced
ConfirmationQueuedevent andQueueTypeenum inshared/constants/metametrics.ts. - End-to-End Tests: Added
test/e2e/tests/confirmations/alerts/queued-confirmations.spec.tsto cover new alert scenarios. - Localization: Added
existingRequestsBannerAlertDescmessage inapp/_locales/en/messages.json. - Type Safety: Updated type definitions in various test files for better maintainability and clarity.
No major changes found since the last review.
39 file(s) reviewed, 2 comment(s)
Edit PR Review Bot Settings
| const queuedRequestCount = useSelector(getQueuedRequestCount); | ||
| const isQueuedConfirmation = queuedRequestCount > 0; |
There was a problem hiding this comment.
Style: Consider renaming isQueuedConfirmation to hasQueuedConfirmations for better readability.
| }); | ||
| } | ||
| }, [ | ||
| JSON.stringify(pendingApprovals), |
There was a problem hiding this comment.
Style: Using JSON.stringify in the dependency array can cause performance issues. Consider using a more efficient method to track changes in pendingApprovals.
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
8e02757
to
0ca4905
Compare
There was a problem hiding this comment.
PR Summary
(updates since last review)
The pull request introduces a new banner alert and corresponding metrics event to mitigate risks for distracted users handling queued transactions from different dApps.
- New Banner Alert: Added
QueuedRequestsBannerAlertcomponent in multiple files to notify users about queued transactions. - Metrics Event: Introduced
ConfirmationQueuedevent andQueueTypeenum inshared/constants/metametrics.ts. - End-to-End Tests: Added
test/e2e/tests/confirmations/alerts/queued-confirmations.spec.tsto cover new alert scenarios. - Localization: Added
existingRequestsBannerAlertDescmessage inapp/_locales/en/messages.json. - Type Safety: Updated type definitions in various test files for better maintainability and clarity.
No major changes found since the last review.
82 file(s) reviewed, 2 comment(s)
Edit PR Review Bot Settings
| const queuedRequestCount = useSelector(getQueuedRequestCount); | ||
| const isQueuedConfirmation = queuedRequestCount > 0; |
There was a problem hiding this comment.
Style: Consider renaming isQueuedConfirmation to hasQueuedConfirmations for better readability.
| }); | ||
| } | ||
| }, [ | ||
| JSON.stringify(pendingApprovals), |
There was a problem hiding this comment.
Style: Using JSON.stringify in the dependency array can cause performance issues. Consider using a more efficient method to track changes in pendingApprovals.
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
0ca4905
to
bcfb8ce
Compare
There was a problem hiding this comment.
PR Summary
(updates since last review)
The pull request introduces a new banner alert and corresponding metrics event to mitigate risks for distracted users handling queued transactions from different dApps.
- New Banner Alert: Added
QueuedRequestsBannerAlertcomponent in multiple files to notify users about queued transactions. - Metrics Event: Introduced
ConfirmationQueuedevent andQueueTypeenum inshared/constants/metametrics.ts. - End-to-End Tests: Added
test/e2e/tests/confirmations/alerts/queued-confirmations.spec.tsto cover new alert scenarios. - Localization: Added
existingRequestsBannerAlertDescmessage inapp/_locales/en/messages.json. - Type Safety: Updated type definitions in various test files for better maintainability and clarity.
37 file(s) reviewed, 2 comment(s)
Edit PR Review Bot Settings
| const queuedRequestCount = useSelector(getQueuedRequestCount); | ||
| const isQueuedConfirmation = queuedRequestCount > 0; |
There was a problem hiding this comment.
Style: Consider renaming isQueuedConfirmation to hasQueuedConfirmations for better readability.
| }); | ||
| } | ||
| }, [ | ||
| JSON.stringify(pendingApprovals), |
There was a problem hiding this comment.
Style: Using JSON.stringify in the dependency array can cause performance issues. Consider using a more efficient method to track changes in pendingApprovals.
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
bcfb8ce
to
95bbcd3
Compare
Builds ready [95bbcd3]
Page Load Metrics (81 ± 10 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
There was a problem hiding this comment.
PR Summary
(updates since last review)
The pull request introduces a new banner alert and corresponding metrics event to mitigate risks for distracted users handling queued transactions from different dApps.
- New Banner Alert: Added
QueuedRequestsBannerAlertcomponent in multiple files to notify users about queued transactions. - Metrics Event: Introduced
ConfirmationQueuedevent andQueueTypeenum inshared/constants/metametrics.ts. - End-to-End Tests: Added
test/e2e/tests/confirmations/alerts/queued-confirmations.spec.tsto cover new alert scenarios. - Localization: Added
existingRequestsBannerAlertDescmessage inapp/_locales/en/messages.json. - Type Safety: Updated type definitions in various test files for better maintainability and clarity.
102 file(s) reviewed, 2 comment(s)
Edit PR Review Bot Settings
| const queuedRequestCount = useSelector(getQueuedRequestCount); | ||
| const isQueuedConfirmation = queuedRequestCount > 0; |
There was a problem hiding this comment.
Style: Consider renaming isQueuedConfirmation to hasQueuedConfirmations for better readability.
| }); | ||
| } | ||
| }, [ | ||
| JSON.stringify(pendingApprovals), |
There was a problem hiding this comment.
Style: Using JSON.stringify in the dependency array can cause performance issues. Consider using a more efficient method to track changes in pendingApprovals.
pedronfigueiredo
force-pushed
the
pnf/2758
branch
from
95bbcd3
to
e05d762
Compare
|
There was a problem hiding this comment.
PR Summary
(updates since last review)
The pull request introduces a new banner alert and corresponding metrics event to mitigate risks for distracted users handling queued transactions from different dApps.
- New Banner Alert: Added
QueuedRequestsBannerAlertcomponent in multiple files to notify users about queued transactions. - Metrics Event: Introduced
ConfirmationQueuedevent andQueueTypeenum inshared/constants/metametrics.ts. - End-to-End Tests: Added
test/e2e/tests/confirmations/alerts/queued-confirmations.spec.tsto cover new alert scenarios. - Localization: Added
existingRequestsBannerAlertDescmessage inapp/_locales/en/messages.json. - Type Safety: Updated type definitions in various test files for better maintainability and clarity.
49 file(s) reviewed, 2 comment(s)
Edit PR Review Bot Settings
| const queuedRequestCount = useSelector(getQueuedRequestCount); | ||
| const isQueuedConfirmation = queuedRequestCount > 0; |
There was a problem hiding this comment.
Style: Consider renaming isQueuedConfirmation to hasQueuedConfirmations for better readability.
| }); | ||
| } | ||
| }, [ | ||
| JSON.stringify(pendingApprovals), |
There was a problem hiding this comment.
Style: Using JSON.stringify in the dependency array can cause performance issues. Consider using a more efficient method to track changes in pendingApprovals.
There was a problem hiding this comment.
PR Summary
(updates since last review)
Enhanced test coverage for the useSimulationMetrics hook to ensure robust behavior under various conditions.
- Test Coverage: Expanded scenarios in
ui/pages/confirmations/components/simulation-details/useSimulationMetrics.test.ts. - Mock Implementations: Utilized mocks for hooks and functions to simulate different simulation responses and asset types.
- Unused Code Removal: Cleaned up unused mock return values to streamline the test suite.
No major changes found since the last review.
1 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings
Builds ready [907a000]
Page Load Metrics (63 ± 8 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
metamaskbot
added
the
release-12.3.0
Description
Adds new Banner alert and corresponding metrics event. Also adds metric to navigation when there's are queued confirmations.
Related issues
Fixes: https://github.com/MetaMask/MetaMask-planning/issues/2758
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist