fix: reject pending confirmations when app locks

[vinistevam]

Description

If the user is on a send confirmation and the app goes idle until the device and MetaMask lock, after unlocking they no longer see that confirmation. If they then start a new send, the UI can show the previous confirmation instead of the new one, because the old approval was never rejected and remains first in the pending list.

Solution
When the app locks, reject all pending approvals by calling ApprovalController.clear(providerErrors.userRejectedRequest()) in the lock saga, before navigating to the lock screen. That way there are no stale confirmations after unlock, and any new send shows the correct confirmation.

Changes

• app/store/sagas/index.ts: In appLockStateMachine, after handling LOCKED_APP, clear pending approvals via Engine.context.ApprovalController.clear(...) inside try/catch, then navigate to LOCK_SCREEN. Log and ignore errors so navigation still runs.
• app/store/sagas/sagas.test.ts: Add ApprovalController with clear to the Engine mock; add tests that clear is called with userRejectedRequest() when the app locks and that navigation to LOCK_SCREEN still happens when clear throws.

Changelog

CHANGELOG entry: Fixed issue of confirmation not rejecting when app locks

Related issues

Fixes: #26320

Manual testing steps

Feature: Transaction Confirmation Persistence After Lock

  Scenario: Stale confirmation displayed after device lock timeout and new transaction
    Given the user has MetaMask open and unlocked on the home screen
    # First transaction
    When user initiates a send transaction
    And user reaches the confirmation screen
    # Lock timeout
    And user allows the phone to idle until device and MetaMask lock
    And user unlocks the phone
    And user unlocks MetaMask
    Then the confirmation screen should no longer be open
    # Second transaction - bug occurs
    When user initiates a different send transaction
    And user reaches the confirmation screen
    Then the confirmation shown should be for the previous transaction instead of the current one

Screenshots/Recordings

reject-approval-app-locks.webm

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes approval/confirmation lifecycle by clearing all pending approvals on app lock, which could inadvertently reject legitimate in-flight requests if triggered unexpectedly. Guarded with try/catch and covered by new saga tests, but behavior impacts transaction confirmations.

Overview
Prevents stale transaction/permission confirmations after unlocking by clearing any pending approvals when UserActionType.LOCKED_APP fires, rejecting them with providerErrors.userRejectedRequest() before navigating to Routes.LOCK_SCREEN.

Updates saga tests to mock ApprovalController.clear and assert it is invoked on lock, and that navigation to the lock screen still occurs even if clearing approvals throws.

^{Written by Cursor Bugbot for commit 2f1c2d3. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeConfirmations
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 80%

click to see 🤖 AI reasoning details

E2E Test Selection:
The PR adds logic to clear pending approvals via ApprovalController.clear() when the app is locked. This is a defensive change to prevent users from seeing stale confirmation dialogs after unlocking the app.

Key observations:

1. The change modifies the appLockStateMachine saga to call ApprovalController.clear() with a userRejectedRequest error when LOCKED_APP action is dispatched
2. The change is wrapped in a try-catch block, so it won't break the lock flow if clearing fails
3. Unit tests are added to verify the new behavior

Impact analysis:

• The ApprovalController handles all pending confirmations (transactions, signatures, approvals)
• This change affects how pending confirmations are handled during app lock
• SmokeConfirmations is the appropriate tag as it covers transaction and signature confirmation UI

The change is well-contained and defensive in nature, with proper error handling. The unit tests provide good coverage of the new functionality.

Performance Test Selection:
This change adds a simple controller method call (ApprovalController.clear()) during the app lock flow. It doesn't affect UI rendering, data loading, list performance, or app startup. The change is a defensive measure to clear pending approvals and has no performance implications.

View GitHub Actions results

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[github-actions]

⚠️ E2E Fixture Validation — Structural changes detected

Category	Count
New keys	68
Missing keys	11
Type mismatches	0
Value mismatches	7 (informational)

The committed fixture schema is out of date. To update, comment:

@metamaskbot update-mobile-fixture

View full details | Download diff report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
85.7% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud