fix: ensure no duplicate accounts are persisted#5710
Merged
Conversation
4 tasks
Member
Author
|
@metamaskbot publish-preview |
Contributor
|
Preview builds have been published. See these instructions for more information about preview builds. Expand for full list of packages and versions. |
mcmire
reviewed
Apr 24, 2025
mcmire
left a comment
Contributor
There was a problem hiding this comment.
One little typo I noticed.
Other than that, I had a question. Is something catching the error that we now throw here? How does this unbrick the wallet if there are duplicate accounts? Or maybe I'm misunderstanding the effects here.
mikesposito
commented
Apr 24, 2025
| #updateVault(): Promise<boolean> { | ||
| return this.#withVaultLock(async () => { | ||
| // Ensure no duplicate accounts are persisted. | ||
| await this.#assertNoDuplicateAccounts(); |
Member
Author
There was a problem hiding this comment.
An eventual error thrown here will trigger a rollback in all public functions that mutate the vault. That is, any new account added before this line and after the last vault update will be discarded
Contributor
There was a problem hiding this comment.
Also, just quoting you here: #5710 (comment)
(the vault is not updated during login, only decrypted to restore keyrings).
Thus, even if a user already have duplicated accounts in its state (prior to that change), this won't brick his wallet 👍
Member
Author
The wallet was bricked because the duplicate check was being done on keyring create and restore, which also happens on login. With these changes we will instead enforce the check only right before updating the vault, so we will catch all possible scenarios of duplication before making them persistent - while also allowing users that have duplicates already to login again (the vault is not updated during login, only decrypted to restore keyrings).
The error thrown there will trigger a rollback of the last operation that called the vault update (See https://github.com/MetaMask/core/blob/main/packages/keyring-controller/src/KeyringController.ts#L2670) |
Co-authored-by: Elliot Winkler <elliot.winkler@gmail.com>
Contributor
|
@mikesposito Aha, very cool. Thanks for the explanation! |
ccharly
approved these changes
Apr 25, 2025
ccharly
left a comment
Contributor
There was a problem hiding this comment.
Didn't test it, but the logic looks nice (and that's probably the best option to prevent those duplicated addresses 💪). Good job!
github-merge-queue Bot
pushed a commit
to MetaMask/metamask-extension
that referenced
this pull request
Apr 25, 2025
… `^21.0.4` (#32287) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Bumping `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ``` [](https://codespaces.new/MetaMask/metamask-extension/pull/32287?quickstart=1) ## **Related issues** Fixes: #32097 ## **Manual testing steps** ### In order to test the fix, you first need a wallet bricked because of a duplicate account: - Checkout on the v12.16.0 release branch and build locally (a version with multi-srp support) - Import or create an SRP (I used `child guilt hollow arrive average popular nasty soon summer like scheme diary pill country rapid`) - Import an account that is part of the mnemonic (e.g. I used `0x80842b7e3cfb1118e86a427cdec418e3b4179ef5bbbfd71c02a76349831c8a8b` which is the account at index 2 of the above SRP) - Add a new account on the main HD - note that you'll be able to add the account, but (1) the account is the same as the imported one (expectable) and (2) the newly added account is wrongly labeled as "imported" - Lock the wallet - Unlock it with the right password - you will see the reported error: ``` Error: KeyringController - The account you are trying to import is a duplicate await in withLock submitPassword @ metamask-controller.js:4343 await in submitPassword (anonymous) @ createMetaRPCHandler.js:23 ``` ### Testing the fix - Without removing the extension from the browser, switch to this PR branch and build again - Visit [chrome://extensions/](chrome://extensions/) and reload the extension - Try to login again, you should be able to access the wallet again ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
github-merge-queue Bot
pushed a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 25, 2025
…4702) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Updating `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ## [21.0.3] ### Changed - `ExportableKeyEncryptor` is now a generic type with a type parameter `EncryptionKey` ([#5395](MetaMask/core#5395)) - The type parameter defaults to `unknown` ### Fixed - Fixed wrong error message thrown when using the wrong password ([#5627](MetaMask/core#5627)) ## [21.0.2] ### Changed - Bump `@metamask/keyring-api` from `^17.2.0` to `^17.4.0` ([#5565](MetaMask/core#5565)) - Bump `@metamask/keyring-internal-api` from `^6.0.0` to `^6.0.1` ([#5565](MetaMask/core#5565)) ### Fixed - Ignore cached encryption key when the vault needs to upgrade its encryption parameters ([#5601](MetaMask/core#5601)) ``` ## **Related issues** Fixes: #14228 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Nico MASSART <NicolasMassart@users.noreply.github.com>
DDDDDanica
pushed a commit
to MetaMask/metamask-extension
that referenced
this pull request
Apr 25, 2025
… `^21.0.4` (#32287) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Bumping `@metamask/keyring-controller` to `^21.0.4` ```markdown - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ``` [](https://codespaces.new/MetaMask/metamask-extension/pull/32287?quickstart=1) Fixes: #32097 a duplicate account: - Checkout on the v12.16.0 release branch and build locally (a version with multi-srp support) - Import or create an SRP (I used `child guilt hollow arrive average popular nasty soon summer like scheme diary pill country rapid`) - Import an account that is part of the mnemonic (e.g. I used `0x80842b7e3cfb1118e86a427cdec418e3b4179ef5bbbfd71c02a76349831c8a8b` which is the account at index 2 of the above SRP) - Add a new account on the main HD - note that you'll be able to add the account, but (1) the account is the same as the imported one (expectable) and (2) the newly added account is wrongly labeled as "imported" - Lock the wallet - Unlock it with the right password - you will see the reported error: ``` Error: KeyringController - The account you are trying to import is a duplicate await in withLock submitPassword @ metamask-controller.js:4343 await in submitPassword (anonymous) @ createMetaRPCHandler.js:23 ``` - Without removing the extension from the browser, switch to this PR branch and build again - Visit [chrome://extensions/](chrome://extensions/) and reload the extension - Try to login again, you should be able to access the wallet again <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> <!-- [screenshots/recordings] --> <!-- [screenshots/recordings] --> - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
runway-github Bot
pushed a commit
to MetaMask/metamask-extension
that referenced
this pull request
Apr 25, 2025
…ntroller` from `^21.0.3` to `^21.0.4` (#32287) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Bumping `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ``` [](https://codespaces.new/MetaMask/metamask-extension/pull/32287?quickstart=1) ## **Related issues** Fixes: #32097 ## **Manual testing steps** ### In order to test the fix, you first need a wallet bricked because of a duplicate account: - Checkout on the v12.16.0 release branch and build locally (a version with multi-srp support) - Import or create an SRP (I used `child guilt hollow arrive average popular nasty soon summer like scheme diary pill country rapid`) - Import an account that is part of the mnemonic (e.g. I used `0x80842b7e3cfb1118e86a427cdec418e3b4179ef5bbbfd71c02a76349831c8a8b` which is the account at index 2 of the above SRP) - Add a new account on the main HD - note that you'll be able to add the account, but (1) the account is the same as the imported one (expectable) and (2) the newly added account is wrongly labeled as "imported" - Lock the wallet - Unlock it with the right password - you will see the reported error: ``` Error: KeyringController - The account you are trying to import is a duplicate await in withLock submitPassword @ metamask-controller.js:4343 await in submitPassword (anonymous) @ createMetaRPCHandler.js:23 ``` ### Testing the fix - Without removing the extension from the browser, switch to this PR branch and build again - Visit [chrome://extensions/](chrome://extensions/) and reload the extension - Try to login again, you should be able to access the wallet again ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.
DDDDDanica
added a commit
to MetaMask/metamask-extension
that referenced
this pull request
Apr 25, 2025
… `^21.0.4`(#32287) cp-12.17.0 (#32291) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** Cherry-pick #32287 <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Bumping `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ``` [](https://codespaces.new/MetaMask/metamask-extension/pull/32287?quickstart=1) ## **Related issues** Fixes: #32097 ## **Manual testing steps** ### In order to test the fix, you first need a wallet bricked because of a duplicate account: - Checkout on the v12.16.0 release branch and build locally (a version with multi-srp support) - Import or create an SRP (I used `child guilt hollow arrive average popular nasty soon summer like scheme diary pill country rapid`) - Import an account that is part of the mnemonic (e.g. I used `0x80842b7e3cfb1118e86a427cdec418e3b4179ef5bbbfd71c02a76349831c8a8b` which is the account at index 2 of the above SRP) - Add a new account on the main HD - note that you'll be able to add the account, but (1) the account is the same as the imported one (expectable) and (2) the newly added account is wrongly labeled as "imported" - Lock the wallet - Unlock it with the right password - you will see the reported error: ``` Error: KeyringController - The account you are trying to import is a duplicate await in withLock submitPassword @ metamask-controller.js:4343 await in submitPassword (anonymous) @ createMetaRPCHandler.js:23 ``` ### Testing the fix - Without removing the extension from the browser, switch to this PR branch and build again - Visit [chrome://extensions/](chrome://extensions/) and reload the extension - Try to login again, you should be able to access the wallet again ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/32291?quickstart=1) ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com>
runway-github Bot
added a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 30, 2025
#14702) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Updating `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ## [21.0.3] ### Changed - `ExportableKeyEncryptor` is now a generic type with a type parameter `EncryptionKey` ([#5395](MetaMask/core#5395)) - The type parameter defaults to `unknown` ### Fixed - Fixed wrong error message thrown when using the wrong password ([#5627](MetaMask/core#5627)) ## [21.0.2] ### Changed - Bump `@metamask/keyring-api` from `^17.2.0` to `^17.4.0` ([#5565](MetaMask/core#5565)) - Bump `@metamask/keyring-internal-api` from `^6.0.0` to `^6.0.1` ([#5565](MetaMask/core#5565)) ### Fixed - Ignore cached encryption key when the vault needs to upgrade its encryption parameters ([#5601](MetaMask/core#5601)) ``` ## **Related issues** Fixes: #14228 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Nico MASSART <NicolasMassart@users.noreply.github.com>
runway-github Bot
pushed a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 30, 2025
…ontroller` to `^21.0.4` (#14702) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Updating `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ## [21.0.3] ### Changed - `ExportableKeyEncryptor` is now a generic type with a type parameter `EncryptionKey` ([#5395](MetaMask/core#5395)) - The type parameter defaults to `unknown` ### Fixed - Fixed wrong error message thrown when using the wrong password ([#5627](MetaMask/core#5627)) ## [21.0.2] ### Changed - Bump `@metamask/keyring-api` from `^17.2.0` to `^17.4.0` ([#5565](MetaMask/core#5565)) - Bump `@metamask/keyring-internal-api` from `^6.0.0` to `^6.0.1` ([#5565](MetaMask/core#5565)) ### Fixed - Ignore cached encryption key when the vault needs to upgrade its encryption parameters ([#5601](MetaMask/core#5601)) ``` ## **Related issues** Fixes: #14228 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Nico MASSART <NicolasMassart@users.noreply.github.com>
runway-github Bot
added a commit
to MetaMask/metamask-mobile
that referenced
this pull request
Apr 30, 2025
#14702) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Updating `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ## [21.0.3] ### Changed - `ExportableKeyEncryptor` is now a generic type with a type parameter `EncryptionKey` ([#5395](MetaMask/core#5395)) - The type parameter defaults to `unknown` ### Fixed - Fixed wrong error message thrown when using the wrong password ([#5627](MetaMask/core#5627)) ## [21.0.2] ### Changed - Bump `@metamask/keyring-api` from `^17.2.0` to `^17.4.0` ([#5565](MetaMask/core#5565)) - Bump `@metamask/keyring-internal-api` from `^6.0.0` to `^6.0.1` ([#5565](MetaMask/core#5565)) ### Fixed - Ignore cached encryption key when the vault needs to upgrade its encryption parameters ([#5601](MetaMask/core#5601)) ``` ## **Related issues** Fixes: #14228 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Nico MASSART <NicolasMassart@users.noreply.github.com>
EtherWizard33
pushed a commit
to MetaMask/metamask-mobile
that referenced
this pull request
May 2, 2025
…4702) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Updating `@metamask/keyring-controller` to `^21.0.4` ```markdown ## [21.0.4] ### Fixed - Ensure no duplicate accounts are persisted ([#5710](MetaMask/core#5710)) ## [21.0.3] ### Changed - `ExportableKeyEncryptor` is now a generic type with a type parameter `EncryptionKey` ([#5395](MetaMask/core#5395)) - The type parameter defaults to `unknown` ### Fixed - Fixed wrong error message thrown when using the wrong password ([#5627](MetaMask/core#5627)) ## [21.0.2] ### Changed - Bump `@metamask/keyring-api` from `^17.2.0` to `^17.4.0` ([#5565](MetaMask/core#5565)) - Bump `@metamask/keyring-internal-api` from `^6.0.0` to `^6.0.1` ([#5565](MetaMask/core#5565)) ### Fixed - Ignore cached encryption key when the vault needs to upgrade its encryption parameters ([#5601](MetaMask/core#5601)) ``` ## **Related issues** Fixes: #14228 ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. --------- Co-authored-by: Nico MASSART <NicolasMassart@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
Current checks for duplicate accounts only work for imported private keys, and only enforced when creating and restoring keyrings. That is, we don't have proper checks in place to avoid duplicates, and the few checks we have are locking out users instead of ensuring no duplicate is persisted in the vault altogether.
More info on the issue referenced below.
References
Checklist