feat: Add WCv2 session amount limit

[jiexi]

Description

Enforces the previously defined LIMIT_SESSIONS limit for WCv2 connections. When this limit (20 connections) is exceeded, the oldest connection is dropped.

Changelog

CHANGELOG entry: null

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/WAPI-1356

Manual testing steps

1. Modify this constant to be 2
2. Use the ios expo build
3. Using native browser or QR code, connect to https://react-app.walletconnect.com/
4. Using native browser or QR code, connect to https://wagmi-app.vercel.app/
5. In the wallet, go to settings, experimental, wallet connect, and check that you have these two sessions
6. Using native browser or QR code, connect to https://rainbowkit.com/ (using WC)
7. In the wallet, go to settings, experimental, wallet connect, and check that you only have 2 sessions with the first one you connected no longer in the list of active sessions

Screenshots/Recordings

Before

After

Screen.Recording.2026-03-26.at.11.58.43.AM.mov

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds automatic disconnection of an existing WalletConnect v2 session when new approvals push the active session count over a configured limit, which could unexpectedly drop a user’s oldest connection. Logic is small and covered by unit tests, but it affects live connection management.

Overview
Enforces a WalletConnect v2 session cap. After approving a new session, WC2Manager now calls enforceSessionLimit() to ensure active sessions stay under AppConstants.WALLET_CONNECT.LIMIT_SESSIONS by disconnecting the oldest session (based on smallest expiry).

Adds test coverage for the new behavior, including cases where the limit is exceeded (oldest session is disconnected) and where the session count is at/under the limit (no disconnections).

^{Written by Cursor Bugbot for commit bf6c451. This will update automatically on new commits. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeConfirmations, SmokeMultiChainAPI, SmokeNetworkAbstractions, SmokeNetworkExpansion
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 82%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes introduce a session limit enforcement mechanism in WalletConnectV2.ts. A new private method enforceSessionLimit() is added that removes the oldest WalletConnect session when the active session count exceeds 20 (AppConstants.WALLET_CONNECT.LIMIT_SESSIONS). This is called during onSessionProposal after a new session is approved.

Why these tags:

• SmokeConfirmations: WalletConnect V2 is the primary transport for dApp-initiated transaction and signature requests. The session management change could affect how confirmations are triggered from dApps.
• SmokeMultiChainAPI: WalletConnect V2 underpins CAIP-25 multi-chain sessions (wallet_createSession, wallet_getSession, wallet_revokeSession). Session limit enforcement could interact with multi-chain session management.
• SmokeNetworkAbstractions: Chain permissions for dApps are managed through WalletConnect sessions. Session removal could affect chain permission state.
• SmokeNetworkExpansion: Multi-chain provider connections (EVM + Solana) use WalletConnect V2 sessions. Session limit enforcement could affect multi-chain dApp connections.

Why not other tags: The change is isolated to WalletConnect session lifecycle management and doesn't touch account management (SmokeAccounts), identity/sync (SmokeIdentity), trading (SmokeTrade), ramps (SmokeRamps), card (SmokeCard), perps (SmokePerps), predictions (SmokePredictions), snaps (FlaskBuildTests), or wallet platform features (SmokeWalletPlatform).

Risk level: Medium - the change is well-tested with unit tests, has a high limit (20 sessions) that is unlikely to be hit in normal E2E test scenarios, but it modifies the session proposal flow which is critical for dApp connectivity.

Performance Test Selection:
The changes are limited to WalletConnect session lifecycle management - specifically adding a session limit enforcement check during session proposal. This is a control flow addition (checking session count and potentially removing one session) that does not affect UI rendering, data loading, account/network list components, or app startup. The operation is O(n) over active sessions but with a hard cap of 20, making performance impact negligible. No performance tests are warranted.

View GitHub Actions results

[adonesky1]

Very clean! LGTM!

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
16 value mismatches detected (expected — fixture represents an existing user).
View details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
92.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud