Stop blocking display of transaction approval window on resolution of ppom security alert response

[danjm]

Description

Solves this problem:

For people on slow networks, the amount of time it takes from "Dapp button click" -> "Popup notification window appears" might be a problem. When blockaid is toggled off, and the network is throttled to slow via the chrome dev tools, I see a ~3 second worse case for this time, but when blockaid is toggled on, I see a 12 second (or even a bit longer) worst case scenario for this time.

The risk here is that users unexpectedly see a longer delay then usual, and so think they need to click the button again, and then get shown multiple confirmation requests and confirm all of them, leading to fund loss.

This can happen on either slow internet connections, or if an infura request is taking longer than usual (which could effect people regardless of internet connection). Yesterday when I first saw this issue, I wasn't slowing down my connection, but it still took ~20 seconds to open. Probably a somewhat rare case (because as I mentioned I didn't notice any problems again until I intentionally throttled the network requests), but even if it only affected 10% of users only once a month, that would be enough to get plenty of "why did metamask just take 20 seconds to open a confirmation window?!?" complaints.

Related issues

Fixes:

Manual testing steps

1. Go to this page...

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I’ve properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[jpuri]

Not important in this PR, but later we can refactor out validation from here as middleware is not needed for async validation - validation can now be done in controllers.

[jpuri]

This files does not seems to be present in 11.9 branch.

[jpuri]

If we move validation from middleware I think we can avoid above logic for search confirmation.

[digiwand]

🙌🏼

Works as expected and displays the LoadingIndicator while validation is in progress. Left a couple of non-blocking comments

[digiwand]

Suggested change

	const { signatureSecurityAlertResponses } = currentState; //
	const { signatureSecurityAlertResponses } = currentState;

[digiwand]

[nit] we could define these as local values in shared/constants/security-provider.ts

[digiwand]

we spoke with the Blockaid team about removing validation for 'personal_sign' types. We can do this here or another PR

Suggested change

'personal_sign',

[danjm]

let's do this in a separate PR

[jpuri]

LGTM

[seaona]

QA findings

1. Error when initiating Send from inside the Wallet

Note: this issue is not happening on develop.

Whenever initiating a send from inside the wallet, I see the error TypeError: Cannot read properties of undefined (reading 'securityAlertId') when I land into the lasy Confirmation screen and the validation stays loading indefinetly

reading-security-alerts.mp4

2. e2e failures: Spinner stays loading indefinitely in failed validation case

Whenever we are in the case where the validation will fail, we now see the spinner loading indefinitely instead of displaying the Validation Failed warning

This is what's happening with the e2e failures: we simulated a failed validation by using this mock

  await mockServer
    .forPost()
    .withJsonBodyIncluding({
      method: 'debug_traceCall',
      params: [{ accessList: [], data: '0x00000000' }],
    })
    .thenCallback(() => {
      return {
        statusCode: 500,
      };
    });
}

and we can see on the screenshot that thet Failed Validation warning never appeared. Instead, the spinner stayed there

validation-failed.mp4

[metamaskbot]

Builds ready [a9f4524]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6, 7
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (751 ± 29 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	83	165	109	20	9
		domContentLoaded	9	32	17	6	3
		load	686	940	751	61	29
		domInteractive	9	32	17	6	3

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 2.46 KiB (0.07%)
• ui: 418 Bytes (0.01%)
• common: 262 Bytes (0.01%)

[metamaskbot]

Missing release label release-11.9.0 on PR. Adding release label release-11.9.0 on PR and removing other release labels(release-11.11.0), as PR was cherry-picked in branch 11.9.0.