Fix 10517 - Prevent tokens without addresses from being added to token list

[darkwing]

Fixes: #10517

Explanation:

ToDo:

• Add migration
• Throw error in addToken to prevent this from happening again
• Explore ui/app/ducks/swaps/swaps.js to see if this is truly the place it's happening, and if selectedFromToken and selectedToToken are the true culprits.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[darkwing]

This is necessary because the next two lines would allow const selectedToToken = {} to add a token, which we definitely don't want.

[danjm]

This looks like a fine change to protect against errors. However, we should never be in a situation where there is no toTokenAddress. If so, requesting quotes should fail.

In the issue description, it was described how editing the code so that toTokenAddress is undefined results in the described bug, which occurs after confirming the swap. So it sounds like requesting quotes succeeded (otherwise there wouldn't be a quote to submit on the view quote screen).

So that leads me to believe that there is some other value that is being used for the token address in the request for quote. Or swapsTokens contains a token that has an undefined address.

const destinationTokenInfo =
      swapsTokens?.find(({ address }) => address === toTokenAddress) ||
      selectedToToken;

It would be good if we could verify exactly how the request for quotes succeeds when const selectedToToken = {} and what the address is in that case.

[darkwing]

We could remove the {} fallback from selectedFromToken and selectedToToken that existed from the initial swaps merge, and remove the toTokenAddress and fromTokenAddress checks in this PR.

If we should never get there without these properties, we should probably throw an error here, right?

[danjm]

If we should never get there without these properties, we should probably throw an error here, right?

Right, but what I want to know is how was it possible to request quotes without these properties? Requesting quotes when from or two are empty strings or undefined would return 0 quotes.

[danjm]

I think this can be addressed in another PR, as the change to actions.js handles the objectives of this PR.

[darkwing]

@danjm Since you have the most knowledge about the swaps codebase, could you take a look at this?

[danjm]

To fully address #10593, should a change also be made on the 'Add Token' screen so that typing a single character does not result in an error state when there is a flawed token in the users data?

[Gudahtt]

when there is a flawed token in the users data?

Doesn't this PR prevent this circumstance? I don't quite understand what situation you're referring to.

[danjm]

Doesn't this PR prevent this circumstance?

Right, but suppose such a token does somehow get added. The add token screen shouldn't error during typing right? I mean, add token functionality should continue to work regardless of what the data is like for already added tokens.

[Gudahtt]

Right, but suppose such a token does somehow get added. The add token screen shouldn't error during typing right? I mean, add token functionality should continue to work regardless of what the data is like for already added tokens.

I don't think we should expect UI to be tolerant of invalid state, no. Handling that everywhere would add a huge amount of complexity to our UI, and might obscure what the real expectations of the component are.

[darkwing]

This if is required because neither PreferencesController.tokens or PreferencesController. hiddenTokens exists in the migration data to this point.

[danjm]

What do you mean by "neither PreferencesController.tokens or PreferencesController. hiddenTokens exists in the migration data to this point"? If they don't exist, is this forEach necessary? Will the code inside the if block ever run?

Perhaps you meant that it is possible for PreferencesController.tokens or PreferencesController.hiddenTokens to not exist at this point.

[darkwing]

This if is required because neither PreferencesController. accountHiddenTokens or PreferencesController. accountTokens exists in the migration data to this point.

[darkwing]

assetImages isn't in our migration data to this point.

[darkwing]

@danjm One thing I notice is:

0. Open the extension in full screen mode
1. Click "Swap" from the home screen -- "ETH" is the selected "from" token
2. Refresh the page
3. No "From" token is selected.

We should probably default to ETH, since that's what the home screen does. Maybe we do this in a separate PR?

[brad-decker]

LGTM, though would like @danjm to revisit his comment and subsequent changes before merge.

[danjm]

I left a couple comments on the migration that should be addressed

[brad-decker]

changes LGTM @danjm can you give this another pass, please 🙏🏻

[brad-decker]

@darkwing you'll need to move your migration test into the migrations folder alongside 054.js, and then apply your changes to test/unit/ui/app/ations.test.js to ui/app/store/actions.test.js. Let me know if I can help.

[darkwing]

Rebased per @brad-decker's directives. I also removed a test that I had added, as since ....

const addTokenStub = sinon
        .stub()
        .callsFake((_, __, ___, ____, cb) => cb(new Error('error')));

... makes addToken fail regardless of arguments, it doesn't make sense to test that not providing a token address and pretend it represents anything.

[darkwing]

@Gudahtt @danjm @brad-decker Since this is my first migration, I'd love a deep dive on it, especially test data approval.

[brad-decker]

I walked through and ran this test a few times, I only have one minor NIT. I think this is a fine migration and test/data set.

[darkwing]

Good idea Brad, updated! I also added Array.isArray checks for increased type checking security.

[brad-decker]

LGTM

[darkwing]

In the interest of keeping migrations as tight as possible, I've removed checks on hiddenTokens and accountHiddenTokens, as a review of the affected user's state logs show that those properties weren't affected.

[Gudahtt]

LGTM!

[danjm]

LGTM