feat: sanitize non-EVM account addresses from Sentry events (#43337)

## **Description**

Extend Sentry address sanitization beyond EVM addresses to cover Solana,
Tron, Stellar, and Bitcoin (bech32 + legacy) formats.

Also, sanitization now also runs over breadcrumb message/data and report
`extra`/`contexts`, with a recursive walk that handles cyclic references
and non-enumerable `Error` `message`/`stack` fields.

## **Changelog**

CHANGELOG entry: null

## **Related issues**

Fixes: MetaMask/MetaMask-planning#6680

## **Manual testing steps**

1. Update Extension code base to artificially include evm and non-evm
addresses in the different fields of `Capture UI Error`, like done on
branch
[feat/sanitize-non-evm-addresses-sentry-test](#43338)
2. Update `.metamaskrc`
  a. Set SENTRY_DSN_DEV=_dsn_of_your_personal_sentry_account_
  b. Set ENABLE_SETTINGS_PAGE_DEV_OPTIONS=true
3. Build Extension with `yarn start --sentry`
4. Go through Extension onboarding and enable metametrics
5. Go to Settings > Debug and click `Capture UI Error`
6. Go to Sentry and confirm the error got captured but all evm and
non-evm addresses are sanitized

<img width="374" height="550" alt="Screenshot 2026-06-08 at 17 14 24"
src="https://github.com/user-attachments/assets/18d27649-2a90-41b0-8040-1c23d0cd1209"
/>

## **Screenshots/Recordings**

### Error message

<img width="826" height="127" alt="Screenshot 2026-06-08 at 18 03 14"
src="https://github.com/user-attachments/assets/2170d929-944f-41ab-b3a7-f7082acfa2f4"
/>

### Stack trace

<img width="782" height="137" alt="Screenshot 2026-06-08 at 18 03 23"
src="https://github.com/user-attachments/assets/64465b98-d0d2-4c8b-a11b-6f0ce3d10002"
/>

### Breadcrumbs

<img width="786" height="864" alt="Screenshot 2026-06-08 at 18 04 40"
src="https://github.com/user-attachments/assets/c828f9d1-48a6-44e8-850b-0706f1d31611"
/>

### Additional data (extra)

<img width="777" height="606" alt="Screenshot 2026-06-08 at 17 28 08"
src="https://github.com/user-attachments/assets/6de88058-22af-47c1-85a9-f6d36c4d2274"
/>

### Context

<img width="778" height="651" alt="Screenshot 2026-06-08 at 19 27 16"
src="https://github.com/user-attachments/assets/bbb3ecc2-9f8b-433d-80dd-c7b4ea5361d6"
/>


## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Low Risk**
> Telemetry-only privacy hardening in `setupSentry`; broad base58
patterns may over-redact some strings but do not affect wallet or auth
flows.
> 
> **Overview**
> Expands **Sentry privacy scrubbing** so wallet addresses are stripped
from more payload shapes and chain formats, not only EVM hex in error
text.
> 
> **Address formats:** Error-message sanitization now routes through
`sanitizeAddressesFromString`, which masks EVM as `0x**` and adds
regexes for Tron, Stellar, Bitcoin (bech32 and legacy), and Solana (EVM
is applied first so masks are not re-matched).
> 
> **Broader coverage:** `rewriteReport` runs new
`sanitizeAddressesFromReportData` on `extra` and `contexts` before app
state is merged in. Breadcrumbs get the same treatment on `message` and
`data` via `sanitizeAddressesFromObject`, which deep-copies strings
(handles cycles, shared arrays, and `Error` `message`/`stack`) so live
console `arguments` are not mutated.
> 
> Tests cover each chain in messages, nested `extra`/`contexts`, shared
references, and non-mutating breadcrumb redaction.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
9c1292a. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: gauthierpetetin

app/scripts/lib/setupSentry.js

@@ -353,6 +353,14 @@ export function removeUrlsFromBreadCrumb(breadcrumb) {
   if (breadcrumb?.data?.from) {
     breadcrumb.data.from = hideUrlIfNotInternal(breadcrumb.data.from);
   }
+  // Sanitize any account addresses that may appear in the breadcrumb message or
+  // remaining data values.
+  if (typeof breadcrumb?.message === 'string') {
+    breadcrumb.message = sanitizeAddressesFromString(breadcrumb.message);
+  }
+  if (breadcrumb?.data) {
+    breadcrumb.data = sanitizeAddressesFromObject(breadcrumb.data);
+  }
   return breadcrumb;
 }
 
@@ -374,6 +382,10 @@ export function rewriteReport(report) {
     // but putting the code here as well gives public visibility to how we are handling
     // privacy with respect to sentry.
     sanitizeAddressesFromErrorMessages(report);
+    // Remove addresses from other error parameters (extra, contexts).
+    // Done before attaching appState below so the (already masked) appState is
+    // not re-walked.
+    sanitizeAddressesFromReportData(report);
     // modify report urls
     rewriteReportUrls(report);
 
@@ -442,10 +454,112 @@ function sanitizeUrlsFromErrorMessages(report) {
  * @param {object} report - the report to modify
  */
 function sanitizeAddressesFromErrorMessages(report) {
-  rewriteErrorMessages(report, (errorMessage) => {
-    const newErrorMessage = errorMessage.replace(/0x[A-Fa-f0-9]{40}/u, '0x**');
-    return newErrorMessage;
-  });
+  rewriteErrorMessages(report, (errorMessage) =>
+    sanitizeAddressesFromString(errorMessage),
+  );
+}
+
+// Patterns for sanitizing account addresses before sending events to Sentry.
+// EVM is handled separately so it can keep its `0x**` replacement form.
+const EVM_ADDRESS_REGEX = /0x[A-Fa-f0-9]{40}/gu;
+const NON_EVM_ADDRESS_REGEXES = [
+  // Tron (base58, starts with `T`, 34 chars total)
+  /\bT[1-9A-HJ-NP-Za-km-z]{33}\b/gu,
+  // Stellar / XLM (starts with `G`, 56 chars total)
+  /\bG[A-Z2-7]{55}\b/gu,
+  // Bitcoin bech32 / taproot (`bc1...`)
+  /\bbc1[02-9ac-hj-np-z]{6,87}\b/gu,
+  // Bitcoin legacy P2PKH / P2SH (base58, starts with `1` or `3`)
+  /\b[13][1-9A-HJ-NP-Za-km-z]{25,34}\b/gu,
+  // Solana (base58, 32-44 chars). Kept last as its range overlaps the others.
+  /\b[1-9A-HJ-NP-Za-km-z]{32,44}\b/gu,
+];
+
+/**
+ * Sanitizes EVM and non-EVM account addresses from a string.
+ *
+ * @param {string} text - The string to sanitize addresses from.
+ * @returns {string} The string with any addresses replaced by a mask.
+ */
+function sanitizeAddressesFromString(text) {
+  // Sanitize EVM addresses first so the resulting `0x**` cannot be re-matched by
+  // the base58 patterns below.
+  let sanitized = text.replace(EVM_ADDRESS_REGEX, '0x**');
+  for (const regex of NON_EVM_ADDRESS_REGEXES) {
+    sanitized = sanitized.replace(regex, '**');
+  }
+  return sanitized;
+}
+
+/**
+ * Recursively sanitizes account addresses from the string values of an object,
+ * returning a sanitized copy without mutating the input. Used to scrub addresses
+ * that may appear in error parameters such as `report.extra`/`report.contexts`
+ * and in breadcrumb data. Not mutating matters for breadcrumbs, whose
+ * `data.arguments` holds live references (e.g. the thrown `Error`) that the
+ * extension may still use after the event is sent.
+ *
+ * @param {*} value - The value to sanitize addresses from.
+ * @param {WeakMap} [seen] - Maps already-visited inputs to their sanitized copy,
+ * so shared references stay consistent and cyclic structures terminate.
+ * @returns {*} The sanitized value (a copy for objects/arrays).
+ */
+function sanitizeAddressesFromObject(value, seen = new WeakMap()) {
+  if (typeof value === 'string') {
+    return sanitizeAddressesFromString(value);
+  }
+  // Leave primitives (and null) untouched.
+  if (value === null || typeof value !== 'object') {
+    return value;
+  }
+  // Reuse the sanitized copy for any reference we've already processed, so shared
+  // references stay consistent and cyclic structures don't loop forever.
+  if (seen.has(value)) {
+    return seen.get(value);
+  }
+
+  if (Array.isArray(value)) {
+    const copy = [];
+    seen.set(value, copy);
+    for (let i = 0; i < value.length; i++) {
+      copy[i] = sanitizeAddressesFromObject(value[i], seen);
+    }
+    return copy;
+  }
+
+  const copy = {};
+  seen.set(value, copy);
+  // `Error` carries its address-bearing data on `message`/`stack`, which are
+  // non-enumerable and so invisible to the `Object.keys` walk below. These show
+  // up e.g. in console breadcrumbs, whose `data.arguments` holds the raw thrown
+  // error. Copy them across explicitly, sanitized.
+  if (value instanceof Error) {
+    if (typeof value.message === 'string') {
+      copy.message = sanitizeAddressesFromString(value.message);
+    }
+    if (typeof value.stack === 'string') {
+      copy.stack = sanitizeAddressesFromString(value.stack);
+    }
+  }
+  for (const key of Object.keys(value)) {
+    copy[key] = sanitizeAddressesFromObject(value[key], seen);
+  }
+  return copy;
+}
+
+/**
+ * Receives a Sentry event object and sanitizes account addresses from its
+ * error parameters (`extra` and `contexts`).
+ *
+ * @param {object} report - the report to modify
+ */
+function sanitizeAddressesFromReportData(report) {
+  if (report.extra) {
+    report.extra = sanitizeAddressesFromObject(report.extra);
+  }
+  if (report.contexts) {
+    report.contexts = sanitizeAddressesFromObject(report.contexts);
+  }
 }
 
 function simplifyErrorMessages(report) {

app/scripts/lib/setupSentry.test.js

@@ -157,6 +157,123 @@ describe('Setup Sentry', () => {
       rewriteReport(testReport);
       expect(testReport.message).toStrictEqual('This is a simple report');
     });
+
+    it('removes Solana addresses from error messages', () => {
+      const testReport = {
+        message:
+          'There is a Solana address 7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs in this message',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'There is a Solana address ** in this message',
+      );
+    });
+
+    it('removes Tron addresses from error messages', () => {
+      const testReport = {
+        message:
+          'There is a Tron address TJRyWwFs9wTFGZg3JbrVriFbNfCug5tDeC in this message',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'There is a Tron address ** in this message',
+      );
+    });
+
+    it('removes Stellar (XLM) addresses from error messages', () => {
+      const testReport = {
+        message:
+          'There is a Stellar address GDUKMGUGDZQK6YHYA5Z6AY2G4XDSZPSZ3SW5UN3ARVMO6QSRDWP5YLEX in this message',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'There is a Stellar address ** in this message',
+      );
+    });
+
+    it('removes Bitcoin bech32 addresses from error messages', () => {
+      const testReport = {
+        message:
+          'There is a Bitcoin address bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq in this message',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'There is a Bitcoin address ** in this message',
+      );
+    });
+
+    it('removes Bitcoin legacy addresses from error messages', () => {
+      const testReport = {
+        message:
+          'There is a Bitcoin address 17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem in this message',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'There is a Bitcoin address ** in this message',
+      );
+    });
+
+    it('removes multiple EVM addresses from a single error message', () => {
+      const testReport = {
+        message:
+          'Addresses 0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235 and 0x1234567890123456789012345678901234567890 failed',
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.message).toStrictEqual(
+        'Addresses 0x** and 0x** failed',
+      );
+    });
+
+    it('removes addresses from report.extra parameters', () => {
+      const testReport = {
+        message: 'An error occurred',
+        extra: {
+          accountAddress: '7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs',
+          nested: {
+            evmAddress: '0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235',
+          },
+        },
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.extra.accountAddress).toStrictEqual('**');
+      expect(testReport.extra.nested.evmAddress).toStrictEqual('0x**');
+    });
+
+    it('removes addresses from an array shared across multiple properties', () => {
+      const sharedAddresses = ['7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs'];
+      const testReport = {
+        message: 'An error occurred',
+        extra: {
+          first: sharedAddresses,
+          second: sharedAddresses,
+        },
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.extra.first).toStrictEqual(['**']);
+      expect(testReport.extra.second).toStrictEqual(['**']);
+    });
+
+    it('removes addresses from report.contexts parameters', () => {
+      const testReport = {
+        message: 'An error occurred',
+        contexts: {
+          account: {
+            address: 'TJRyWwFs9wTFGZg3JbrVriFbNfCug5tDeC',
+          },
+        },
+        request: {},
+      };
+      rewriteReport(testReport);
+      expect(testReport.contexts.account.address).toStrictEqual('**');
+    });
   });
 
   describe('shouldCreateSpanForRequest', () => {
@@ -350,5 +467,58 @@ describe('Setup Sentry', () => {
         from: 'chrome-extension://abcefg/home.html',
       });
     });
+
+    it('removes addresses from the breadcrumb message', () => {
+      const testBreadcrumb = {
+        message:
+          'Selected account 7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs',
+        data: {
+          address: '0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235',
+        },
+      };
+      const rewrittenBreadcrumb = removeUrlsFromBreadCrumb(testBreadcrumb);
+      expect(rewrittenBreadcrumb.message).toStrictEqual('Selected account **');
+    });
+
+    it('removes addresses from the breadcrumb data', () => {
+      const testBreadcrumb = {
+        message:
+          'Selected account 7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs',
+        data: {
+          address: '0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235',
+        },
+      };
+      const rewrittenBreadcrumb = removeUrlsFromBreadCrumb(testBreadcrumb);
+      expect(rewrittenBreadcrumb.data.address).toStrictEqual('0x**');
+    });
+
+    it('redacts the breadcrumb data without mutating the live source objects', () => {
+      const liveError = new Error(
+        'Failed for 0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235',
+      );
+      const liveArgs = [
+        liveError,
+        '7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs',
+      ];
+      const testBreadcrumb = {
+        message: 'console.error',
+        data: { arguments: liveArgs, logger: 'console' },
+      };
+
+      const rewrittenBreadcrumb = removeUrlsFromBreadCrumb(testBreadcrumb);
+
+      // The breadcrumb sent to Sentry is redacted...
+      expect(rewrittenBreadcrumb.data.arguments[0].message).toStrictEqual(
+        'Failed for 0x**',
+      );
+      expect(rewrittenBreadcrumb.data.arguments[1]).toStrictEqual('**');
+      // ...but the live Error and array the extension still holds are untouched.
+      expect(liveError.message).toStrictEqual(
+        'Failed for 0x790A8A9E9bc1C9dB991D8721a92e461Db4CfB235',
+      );
+      expect(liveArgs[1]).toStrictEqual(
+        '7EYnhQoR9YM3N7UoaKRoA44Uy8JeaZV3qyouov87awMs',
+      );
+    });
   });
 });