Add nonce tracker to transactions controller

[adonesky1]

Resolves: #1070

• ADDED
  • Adds NonceTracker package to transaction approval flow to manage transaction nonces. This functionality was previously handled by middleware in `web3-provider-engine which is slated to be removed. #123

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	+/- Transitive Count	Publisher
nonce-tracker@1.1.0	None	+5	rekmarks

[adonesky1]

@metamaskbot publish-preview

[github-actions]

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask/address-book-controller": "2.0.0-preview.a96d64c",
  "@metamask/announcement-controller": "3.0.0-preview.a96d64c",
  "@metamask/approval-controller": "2.0.0-preview.a96d64c",
  "@metamask/assets-controllers": "5.0.0-preview.a96d64c",
  "@metamask/base-controller": "2.0.0-preview.a96d64c",
  "@metamask/composable-controller": "2.0.0-preview.a96d64c",
  "@metamask/controller-utils": "3.0.0-preview.a96d64c",
  "@metamask/ens-controller": "2.0.0-preview.a96d64c",
  "@metamask/gas-fee-controller": "4.0.0-preview.a96d64c",
  "@metamask/keyring-controller": "4.0.0-preview.a96d64c",
  "@metamask/message-manager": "2.0.0-preview.a96d64c",
  "@metamask/network-controller": "5.0.0-preview.a96d64c",
  "@metamask/notification-controller": "2.0.0-preview.a96d64c",
  "@metamask/permission-controller": "3.0.0-preview.a96d64c",
  "@metamask/phishing-controller": "3.0.0-preview.a96d64c",
  "@metamask/preferences-controller": "2.1.0-preview.a96d64c",
  "@metamask/rate-limit-controller": "2.0.0-preview.a96d64c",
  "@metamask/subject-metadata-controller": "2.0.0-preview.a96d64c",
  "@metamask/transaction-controller": "4.0.0-preview.a96d64c"
}

[adonesky1]

@metamaskbot publish-preview

[github-actions]

Preview builds have been published. See these instructions for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask/address-book-controller": "2.0.0-preview.1f288cd",
  "@metamask/announcement-controller": "3.0.0-preview.1f288cd",
  "@metamask/approval-controller": "2.0.0-preview.1f288cd",
  "@metamask/assets-controllers": "5.0.1-preview.1f288cd",
  "@metamask/base-controller": "2.0.0-preview.1f288cd",
  "@metamask/composable-controller": "2.0.0-preview.1f288cd",
  "@metamask/controller-utils": "3.1.0-preview.1f288cd",
  "@metamask/ens-controller": "3.0.0-preview.1f288cd",
  "@metamask/gas-fee-controller": "4.0.1-preview.1f288cd",
  "@metamask/keyring-controller": "4.0.0-preview.1f288cd",
  "@metamask/message-manager": "2.1.0-preview.1f288cd",
  "@metamask/network-controller": "6.0.0-preview.1f288cd",
  "@metamask/notification-controller": "2.0.0-preview.1f288cd",
  "@metamask/permission-controller": "3.1.0-preview.1f288cd",
  "@metamask/phishing-controller": "3.0.0-preview.1f288cd",
  "@metamask/preferences-controller": "3.0.0-preview.1f288cd",
  "@metamask/rate-limit-controller": "2.0.0-preview.1f288cd",
  "@metamask/subject-metadata-controller": "2.0.0-preview.1f288cd",
  "@metamask/transaction-controller": "4.0.1-preview.1f288cd"
}

[Gudahtt]

Great work! Left some minor comments but generally this all looks correct.

[adonesky1]

I opted to make this a utility function rather than a private method on the TransactionsController just so testing it made more sense... happy to move it to the controller if we think that makes more sense.

[Gudahtt]

Looks great! CI is failing due to a drop in test coverage though.

[adonesky1]

CI is failing due to a drop in test coverage though.

Yeah been mainly focusing on validating it works in mobile and still fighting the env. Also not totally sure how best to target these lines:

[Gudahtt]

Ah, for those lines I'd suggest we use a real nonce tracker instead of a mock one. We can mock the provider passed into the nonce tracker instead. Then those lines will be tested as part of the tests you've already written

[legobeat]

As this is now an exported type, doesn't it warrant constraining BlockTracker to something more specific than any?

[adonesky1]

Perhaps! But I don't believe that's appropriately scoped to this PR. As you can see directly above this we are doing the same with Provider:

type Provider = any;

export type ProviderProxy = SwappableProxy<Provider>;

[legobeat]

How does the type of Provider reduce the scope of this PR?

The impacts of the type being any is different for public and private interfaces. A type which is acceptable as any internally may require constraining before being appropriate for exposure.

[adonesky1]

How does the type of Provider reduce the scope of this PR?

On that point I was just noting that we're already exporting the ProviderProxy object with a Provider type parameter that is also typed as any.

[adonesky1]

Currently the BlockTracker is set here, where it is a property on the Provider. I believe there is an intention to follow back here and improve typing soon. cc @Gudahtt @mcmire

If we think it makes sense to add the types for both Provider and BlockTracker in this PR I'm open to that.

[mcmire]

Yes, that's right. We're using any at the moment because web3-provider-engine doesn't provide types at all, and we're about to replace it anyway (see #1116). Once the replacement is complete, then we can just use the correct types from @metamask/eth-json-rpc-provider and eth-block-tracker.

[adonesky1]

Ah, for those lines I'd suggest we use a real nonce tracker instead of a mock one. We can mock the provider passed into the nonce tracker instead. Then those lines will be tested as part of the tests you've already written

done here: 9f2662e

@Gudahtt

[adonesky1]

@Gudahtt I'm realizing that this isn't actually necessary in the current implementation since in this TransactionController we don't actually re-process/re-approve speedup and cancel transactions in this method as we do in the extension TransactionController. Rather we just modify the transaction and re-broadcast it directly in the speedup/cancel method, for instance here.

That said it may make sense to leave this logic to ensure correct nonce management in future uses of this method. And as it is currently there is no issue keeping this logic since nonceToUse should always be undefined on line 680.

[Gudahtt]

LGTM!