Migrate MetaMask Connector to use new SDK (MMConnect)#2326
Migrate MetaMask Connector to use new SDK (MMConnect)#2326tanguyenvn merged 39 commits intoWeb3Auth:feat/metamask-connectfrom
Conversation
|
@adonesky1 is attempting to deploy a commit to the Consensys Team on Vercel. A member of the Team first needs to authorize it. |
| this.metamaskInstance = await this.metamaskPromise; | ||
| // TODO: Remove this hack | ||
| // Hack to ensure the ConnectEvm instance has fully resumed the connection | ||
| await new Promise((resolve) => setTimeout(resolve, 2000)); |
There was a problem hiding this comment.
Note this awful delay to ensure that this async call in the ConnectEvm constructor has fully resolved. We need to fix this on the connect-monorepo side
There was a problem hiding this comment.
What is your understanding of how we resolve this on the connect-evm side of things?
There was a problem hiding this comment.
There was a problem hiding this comment.
we need to release connect-evm again, bump the version in web3auth, and then remove this setTimeout
| // if (options.autoConnect) { | ||
| // this.rehydrated = false; | ||
| // this.emit(CONNECTOR_EVENTS.REHYDRATION_ERROR, new Error("Failed to resume existing MetaMask Connect session.") as Web3AuthError); | ||
| // } else { |
There was a problem hiding this comment.
i think this commented code can be dropped?.. Not sure if it's more appropriate to throw an error if we fail to resume a previous session OR if we just say the connector is ready for new connections
There was a problem hiding this comment.
I would think it makes more sense to just say the connector is ready for new connections. But perhaps we should speak with @chaitanyapotti to see what patterns they recommend for their connectors
packages/no-modal/src/connectors/metamask-connector/metamaskConnector.ts
Outdated
Show resolved
Hide resolved
adonesky1
changed the title
| /** | ||
| * Configuration options for the MetaMask connector using @metamask/connect-evm | ||
| */ | ||
| export interface MetaMaskConnectorSettings { | ||
| /** Dapp identification and branding settings */ | ||
| dapp?: { | ||
| name?: string; | ||
| url?: string; | ||
| }; | ||
| /** Enable debug logging for the MetaMask SDK */ | ||
| debug?: boolean; | ||
| } | ||
|
|
||
| export interface MetaMaskConnectorOptions extends BaseConnectorSettings { | ||
| connectorSettings?: Partial<MetaMaskSDKOptions>; | ||
| connectorSettings?: MetaMaskConnectorSettings; |
There was a problem hiding this comment.
reminder to document this breaking change and include migration instructions where appropriate
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
packages/no-modal/src/connectors/metamask-connector/metamaskConnector.ts
Show resolved
Hide resolved
packages/no-modal/src/connectors/metamask-connector/metamaskConnector.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
this needs to be undone before merge again
There was a problem hiding this comment.
this needs to be undone before merge again
…-connector # Conflicts: # demo/react-app-no-modal/package-lock.json # demo/vue-app-new/package-lock.json # package-lock.json # packages/no-modal/package.json # packages/no-modal/src/connectors/metamask-connector/metamaskConnector.ts
| mode, | ||
| server: { | ||
| port: 8080, | ||
| host: true, |
There was a problem hiding this comment.
Dev server exposed on all network interfaces
Low Severity
host: true exposes the Vite dev server on all network interfaces (0.0.0.0), which is inconsistent with every other demo app in the repo. This was likely added temporarily to enable mobile device testing (the PR shows mobile browser testing videos) and appears to be one of the items @jiexi flagged as needing to be "undone before merge again."
Reviewed by Cursor Bugbot for commit 60f3609. Configure here.
tanguyenvn
merged commit 595e646
into
Web3Auth:feat/metamask-connect
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
There are 4 total unresolved issues (including 1 from previous review).
Reviewed by Cursor Bugbot for commit 8e26a9a. Configure here.
| } catch (error) { | ||
| this.emit(CONNECTOR_EVENTS.REHYDRATION_ERROR, error as Web3AuthError); | ||
| initReject(WalletLoginError.connectionError("Failed to initialize MetaMask Connect SDK", error)); | ||
| } |
There was a problem hiding this comment.
Partial init failure leaves connector falsely ready
High Severity
When createMultichainClient succeeds but createEVMClient or createSolanaClient throws, initReject rejects initializationPromise but execution continues past the catch block. Since this.multichainClient is non-null, the null guard at line 266 passes and the connector status is set to READY based on multichainClient.status. The connector now appears ready to consumers, but any call to connect() will always fail because ensureInitialized() awaits the already-rejected initializationPromise.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 8e26a9a. Configure here.
| // if (currentChainId !== chainId) { | ||
| // await this.switchChain(chainConfig, true); | ||
| // } | ||
| // } |
There was a problem hiding this comment.
Commented-out chain switching skips requested chain selection
Medium Severity
The EVM chain-switching logic after connect is entirely commented out. After connecting via the multichain client, the connector never switches to the chainId the caller requested. If the wallet is on a different EVM chain than expected, users will silently operate on the wrong chain.
Reviewed by Cursor Bugbot for commit 8e26a9a. Configure here.
| "node_modules/ox": { | ||
| "version": "0.11.3", | ||
| "resolved": "https://registry.npmjs.org/ox/-/ox-0.11.3.tgz", | ||
| "resolved": "https://consensys.jfrog.io/artifactory/api/npm/npm/ox/-/ox-0.11.3.tgz", |
There was a problem hiding this comment.
Package lock resolves from private Artifactory registry
Medium Severity
Third-party packages ox, @adraffy/ens-normalize, and @noble/curves have their resolved URLs changed from the public npm registry to consensys.jfrog.io. This is a private Artifactory proxy that other contributors and CI won't have access to, and is flagged in the PR discussion as needing to be undone before merge.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 8e26a9a. Configure here.
5 participants
Summary
@metamask/sdkto@metamask/connect-evmfor improved connection handlingMetaMaskConnectorto use the new SDK'screateEVMClient()API with built-in event handlers and automatic chain managementswitchChain()Videos
Extension:
https://drive.google.com/file/d/1r_lDBvwHWQhP-J4yFfqVHsqRR7bIS6Z1/view?usp=sharing
Mobile (native browser):
https://drive.google.com/file/d/1XECLgCOqa9VEeIK4gp1nUf0cs6RRg2V1/view?usp=sharing
Note
Medium Risk
Replaces the MetaMask connection stack and chain switching flow, which can affect wallet connection/rehydration behavior across EVM and Solana. Also adds new auth-token signing paths via EVM
personal_signand Solana wallet-standard signing, which may break login/authorization if provider behaviors differ.Overview
Migrates the
MetaMaskConnectorfrom@metamask/sdkto the MetaMask Connect stack (@metamask/connect-multichain,@metamask/connect-evm,@metamask/connect-solana), changing it to a multichain connector that can surface both an EVM provider and a Solana wallet from one connection.Updates initialization/connection/disconnection to use the multichain client (including
display_urihandling for QR flows), revises connector configuration to a newMetaMaskConnectorSettingsshape (dapp,ui,debug), and changesswitchChainto use the new EVM client (dropping the old manual add-chain logic and disallowingswitchChainwhen multiple namespaces are configured).Adds a connector-level
getAuthTokenInfo()implementation that creates a challenge and signs it via EVMpersonal_signor SolanawalletSignMessagedepending on the active chain.Demo/package updates: adjusts
no-modaldependencies and lockfiles accordingly, tweaksnoModal.tsto passui.headless, and enablesserver.hostin the Vue demo Vite config.Reviewed by Cursor Bugbot for commit 8e26a9a. Bugbot is set up for automated code reviews on this repo. Configure here.