feat: filter malicious non-evm activity transactions (#42176)

## **Description**

Filter non-EVM activity when a token in the transaction is already
marked Malicious in tokenScanCache

## **Changelog**

<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`

If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`

(This helps the Release Engineer do their job more quickly and
accurately)
-->

CHANGELOG entry: feat: filter malicious non-evm activity transactions

## **Related issues**

Fixes:

## **Manual testing steps**

Go to this Activity tab of a known account with scam transactions

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes which non-EVM transactions are shown by filtering activity
based on `tokenScanCache` trust results, which could unintentionally
hide legitimate transactions if scan keys or cache entries are wrong.
Scope is limited to UI selectors/rendering and adds test coverage.
> 
> **Overview**
> Non-EVM activity rows are now **filtered out when any fungible token
in the transaction is already marked `Malicious` in `tokenScanCache`**.
`ActivityList` switches to a new selector
(`selectNonEvmTransactionsForActivity`) so the merged activity feed
excludes flagged Solana token movements while leaving native-only and
unscanned transactions visible.
> 
> This introduces a shared `token-scan` utility for generating
normalized cache keys and extracting token scan keys from non-EVM
transaction movements/fees, plus a new `selectTokenScanResults` selector
and exports `getTokenScanCache` for reuse. Adds unit/integration tests
covering key generation, key collection, selector filtering behavior,
and ActivityList rendering for malicious vs non-malicious non-EVM
transactions.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
ecf4d30. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Copilot <copilot@github.com>

Author: n3ps

ui/components/multichain/activity-v2/activity-list.test.tsx

@@ -69,11 +69,21 @@ mockUseVirtualizer.mockReturnValue(defaultVirtualizer);
 
 function createStore({
   nonEvmTransactions = {},
+  tokenScanCache = {},
 }: {
   nonEvmTransactions?: Record<
     string,
     Record<string, { transactions: unknown[] }>
   >;
+  tokenScanCache?: Record<
+    string,
+    {
+      data?: {
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        result_type?: string;
+      };
+    }
+  >;
 } = {}) {
   return configureMockStore()({
     metamask: {
@@ -114,6 +124,7 @@ function createStore({
         transactionsByAccount: {},
       },
       nonEvmTransactions,
+      tokenScanCache,
       smartTransactionsState: { smartTransactions: {} },
       transactions: [],
     },
@@ -207,6 +218,125 @@ describe('ActivityList', () => {
     expect(screen.getByTestId('non-evm-item')).toBeInTheDocument();
   });
 
+  it('filters malicious non-evm token transactions from the activity list', () => {
+    const maliciousNonEvmTx = {
+      chain: 'solana:mainnet',
+      id: 'non-evm-malicious',
+      timestamp: 1735689601000,
+      from: [
+        {
+          address: 'BadMintHolder',
+          asset: {
+            fungible: true,
+            type: 'solana:mainnet/token:BadMint111',
+            unit: 'SPAM',
+            amount: '1000',
+          },
+        },
+      ],
+      to: [],
+    };
+    const benignNonEvmTx = {
+      chain: 'solana:mainnet',
+      id: 'non-evm-benign',
+      timestamp: 1735689602000,
+      from: [
+        {
+          address: 'GoodMintHolder',
+          asset: {
+            fungible: true,
+            type: 'solana:mainnet/token:GoodMint222',
+            unit: 'USDC',
+            amount: '10',
+          },
+        },
+      ],
+      to: [],
+    };
+
+    mockUseTransactionsQuery.mockReturnValue({
+      data: { pages: [] },
+      fetchNextPage: jest.fn(),
+      hasNextPage: false,
+      isFetchingNextPage: false,
+    });
+
+    enableVisibleVirtualItems();
+
+    const store = createStore({
+      nonEvmTransactions: {
+        '1': {
+          'solana:mainnet': {
+            transactions: [maliciousNonEvmTx, benignNonEvmTx],
+          },
+        },
+      },
+      tokenScanCache: {
+        'solana:mainnet:badmint111': {
+          data: {
+            // eslint-disable-next-line @typescript-eslint/naming-convention
+            result_type: 'Malicious',
+          },
+        },
+      },
+    });
+
+    render(
+      <Provider store={store}>
+        <ActivityList />
+      </Provider>,
+    );
+
+    expect(screen.getAllByTestId('non-evm-item')).toHaveLength(1);
+  });
+
+  it('keeps non-evm token transactions visible when no malicious scan result exists', () => {
+    const benignNonEvmTx = {
+      chain: 'solana:mainnet',
+      id: 'non-evm-benign',
+      timestamp: 1735689602000,
+      from: [
+        {
+          address: 'GoodMintHolder',
+          asset: {
+            fungible: true,
+            type: 'solana:mainnet/token:GoodMint222',
+            unit: 'USDC',
+            amount: '10',
+          },
+        },
+      ],
+      to: [],
+    };
+
+    mockUseTransactionsQuery.mockReturnValue({
+      data: { pages: [] },
+      fetchNextPage: jest.fn(),
+      hasNextPage: false,
+      isFetchingNextPage: false,
+    });
+
+    enableVisibleVirtualItems();
+
+    const store = createStore({
+      nonEvmTransactions: {
+        '1': {
+          'solana:mainnet': {
+            transactions: [benignNonEvmTx],
+          },
+        },
+      },
+    });
+
+    render(
+      <Provider store={store}>
+        <ActivityList />
+      </Provider>,
+    );
+
+    expect(screen.getByTestId('non-evm-item')).toBeInTheDocument();
+  });
+
   it('applies tokenAddress filter and shows empty state when no transaction matches', () => {
     const evmTx = {
       amounts: {

ui/components/multichain/activity-v2/activity-list.tsx

@@ -9,9 +9,11 @@ import { useScrollContainer } from '../../../contexts/scroll-container';
 import { TransactionActivityEmptyState } from '../../app/transaction-activity-empty-state';
 import { TabEmptyState } from '../../ui/tab-empty-state';
 import { PENDING_STATUS_HASH } from '../../../helpers/constants/transactions';
-import { selectLocalTransactions } from '../../../selectors/activity';
+import {
+  selectNonEvmTransactionsForActivity,
+  selectLocalTransactions,
+} from '../../../selectors/activity';
 import { selectEvmAddress } from '../../../selectors/accounts';
-import { selectCurrentAccountNonEvmTransactions } from '../../../selectors/multichain-transactions';
 import { selectEnabledNetworksAsCaipChainIds } from '../../../selectors/multichain/networks';
 import { useEarliestNonceByChain } from '../../../hooks/useEarliestNonceByChain';
 import type { TransactionViewModel } from '../../../../shared/lib/multichain/types';
@@ -77,12 +79,10 @@ export const ActivityList = ({ filter }: Props) => {
   const localTransactions = useSelector(selectLocalTransactions);
 
   // Non-EVM transactions - not in API
-  const nonEvmTransactions = useSelector(
-    selectCurrentAccountNonEvmTransactions,
-  );
+  const nonEvmTransactions = useSelector(selectNonEvmTransactionsForActivity);
 
-  // Merge and flatten for virtualization
-  const flattenedItems = useMemo(() => {
+  // Prepare the filtered transaction sources before merging them for rendering.
+  const transactionSources = useMemo(() => {
     let evmTransactions = data?.pages?.flatMap((page) => page.data ?? []) ?? [];
 
     // Filter local transactions by converting hex chainId to CAIP-2
@@ -120,15 +120,24 @@ export const ActivityList = ({ filter }: Props) => {
       );
     }
 
-    // Merge all three types by time
-    const mergedByTime = mergeAllTransactionsByTime(
-      filteredLocalTransactions,
+    return {
       evmTransactions,
+      filteredLocalTransactions,
       filteredNonEvmTransactions,
+    };
+  }, [data, nonEvmTransactions, localTransactions, enabledNetworks, filter]);
+
+  // Merge and flatten for virtualization
+  const flattenedItems = useMemo(() => {
+    // Merge all three types by time
+    const mergedByTime = mergeAllTransactionsByTime(
+      transactionSources.filteredLocalTransactions,
+      transactionSources.evmTransactions,
+      transactionSources.filteredNonEvmTransactions,
     );
 
     return groupAndFlattenMergedTransactions(mergedByTime);
-  }, [data, nonEvmTransactions, localTransactions, enabledNetworks, filter]);
+  }, [transactionSources]);
 
   const [scrollMargin, setScrollMargin] = useState(0);
 

ui/helpers/utils/token-cache-utils.ts

@@ -0,0 +1,109 @@
+import type { Transaction } from '@metamask/keyring-api';
+import {
+  collectTransactionTokenScanKeys,
+  filterMaliciousTransactions,
+  generateTokenCacheKey,
+  type MultichainTokenScanKey,
+} from './token-scan';
+
+describe('token-scan', () => {
+  describe('generateTokenCacheKey', () => {
+    it('normalizes chain ID and token address casing', () => {
+      expect(generateTokenCacheKey('Solana:Mainnet', 'BadMint111')).toBe(
+        'solana:mainnet:badmint111',
+      );
+    });
+  });
+
+  describe('non-EVM malicious token filtering', () => {
+    const maliciousTokenKeys = new Set<MultichainTokenScanKey>([
+      'solana:mainnet:badmint111',
+    ]);
+
+    it('collects unique token scan keys from token movements and fees', () => {
+      const tx = {
+        from: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/token:BadMint111',
+            },
+          },
+        ],
+        to: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/token:BadMint111',
+            },
+          },
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/slip44:501',
+            },
+          },
+        ],
+        fees: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/token:GoodMint222',
+            },
+          },
+        ],
+      } as unknown as Transaction;
+
+      expect(collectTransactionTokenScanKeys(tx)).toEqual([
+        'solana:mainnet:badmint111',
+        'solana:mainnet:goodmint222',
+      ]);
+    });
+
+    it('filters out only malicious non-EVM transactions', () => {
+      const maliciousTx = {
+        id: 'malicious-tx',
+        from: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/token:BadMint111',
+            },
+          },
+        ],
+        to: [],
+      } as unknown as Transaction;
+      const benignTx = {
+        id: 'benign-tx',
+        from: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/token:GoodMint222',
+            },
+          },
+        ],
+        to: [],
+      } as unknown as Transaction;
+      const nativeOnlyTx = {
+        id: 'native-only-tx',
+        from: [
+          {
+            asset: {
+              fungible: true,
+              type: 'solana:mainnet/slip44:501',
+            },
+          },
+        ],
+        to: [],
+      } as unknown as Transaction;
+
+      expect(
+        filterMaliciousTransactions(
+          [maliciousTx, benignTx, nativeOnlyTx],
+          maliciousTokenKeys,
+        ),
+      ).toEqual([benignTx, nativeOnlyTx]);
+    });
+  });
+});