Merge branch 'stable' into release/7.76.0

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: chloeYue

.github/workflows/build-android-e2e.yml

@@ -51,6 +51,12 @@ jobs:
           path: .metamask
           key: .metamask-${{ hashFiles('package.json', 'yarn.lock') }}
 
+      - name: Restore .metamask folder (Foundry download cache for install:foundryup)
+        uses: actions/cache@v4
+        with:
+          path: .metamask
+          key: .metamask-${{ hashFiles('package.json', 'yarn.lock') }}
+
       - name: Setup Android Build Environment
         timeout-minutes: 15
         uses: ./.github/actions/setup-e2e-env

.yarn/patches/@metamask-assets-controllers-npm-104.2.0-c375051533.patch

@@ -0,0 +1,52 @@
+diff --git a/dist/MultichainAssetsController/MultichainAssetsController.cjs b/dist/MultichainAssetsController/MultichainAssetsController.cjs
+index 0f74ce9c3200043c7c8fd121218e41790c55cc0e..ee449c44281ae3dd37e73ea0e9cc0b8ee18dea0e 100644
+--- a/dist/MultichainAssetsController/MultichainAssetsController.cjs
++++ b/dist/MultichainAssetsController/MultichainAssetsController.cjs
+@@ -493,7 +493,7 @@ async function _MultichainAssetsController_getAssetsMetadataFrom(assets, snapId)
+     });
+ }, _MultichainAssetsController_filterBlockaidSpamTokensOnAdd = 
+ /**
+- * Fail-closed Blockaid filter for newly detected `token:` assets (native/other namespaces unchanged).
++ * Fail-open Blockaid filter for newly detected `token:` assets (native/other namespaces unchanged).
+  *
+  * @param assets - CAIP assets to filter.
+  * @returns Filtered list, original order preserved.
+@@ -503,33 +503,25 @@ async function _MultichainAssetsController_filterBlockaidSpamTokensOnAdd(assets)
+     if (Object.keys(tokensByChain).length === 0) {
+         return [...assets];
+     }
+-    const keptTokenAssets = new Set();
++    const rejectedAssets = new Set();
+     for (const [chainName, tokenEntries] of Object.entries(tokensByChain)) {
+         const batchOutcomes = await __classPrivateFieldGet(this, _MultichainAssetsController_instances, "m", _MultichainAssetsController_runBatchedBulkTokenScans).call(this, chainName, tokenEntries);
+         for (const outcome of batchOutcomes) {
+             if (outcome.status === 'rejected') {
++                // Fail-open: if API fails, allow all tokens in this batch through
+                 continue;
+             }
+             for (const entry of outcome.entries) {
+                 const scanned = outcome.response[entry.address];
++                // Reject only if we have a definitive malicious result
+                 if (scanned?.result_type &&
+                     scanned.result_type !== phishing_controller_1.TokenScanResultType.Malicious) {
+-                    keptTokenAssets.add(entry.asset);
++                    rejectedAssets.add(entry.asset);
+                 }
+             }
+         }
+     }
+-    return assets.filter((asset) => {
+-        try {
+-            if ((0, utils_1.parseCaipAssetType)(asset).assetNamespace === 'token') {
+-                return keptTokenAssets.has(asset);
+-            }
+-        }
+-        catch {
+-            return false;
+-        }
+-        return true;
+-    });
++    return assets.filter((asset) => !rejectedAssets.has(asset));
+ }, _MultichainAssetsController_findMaliciousTokensAmong = 
+ /**
+  * SPL `token:` assets in state that Blockaid marks malicious (failed batches skipped).

CHANGELOG.md

@@ -7,6 +7,89 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [7.75.1]
+
+### Fixed
+
+- Fixed Hyperliquid withdraw showing $0 and being blocked for users on Unified Account mode. (#29492)
+
+## [7.75.0]
+
+### Added
+
+- Added support for ENS v2 (#29258)
+- Added a Rive-based animated fox splash screen in place of the static loading spinner for a smoother app launch experience (#29003)
+- Hid multichain Activity entries involving tokens flagged as malicious by security scanning, consistent with how malicious tokens are handled on the assets overview (#29239)
+- Added Suspicious and Malicious security badges to tokens in the Swaps and Bridge asset pickers (#29070)
+- Added security badges to the trending tokens list (#29112)
+- Added live mUSD and Veda vault USD balance display on the Money account home page (#28889)
+- Added a new hardware connection page (#28019)
+- Added an A/B-tested homepage layout that separates trending sections and tracks swap analytics attribution for actions launched from homepage trending sections (#28085)
+- Added follow/unfollow functionality for traders (#28843)
+- Added hold time to the trader profile view (#28873)
+- Extended notification account toggles to all wallet keyrings (#27254)
+- Enabled MetaMask Card Cashback for US users (#29138)
+- Added an Ondo campaign rewards stats page (#28734)
+- Added a migration that resets the native balance to 0 on Tempo chains (#28869)
+
+### Changed
+
+- Hid token warnings in the Swaps asset picker temporarily (#29278)
+- Improved MetaMask Card login fields to use the design-system `TextField` with correct username/password autocomplete hints for accessibility and password managers (#29215)
+- Moved the Cashback action on Card Home directly under Change asset; the Change asset row no longer shows a trailing chevron in the bottom sheet (#29219)
+- Updated the Tempo native token logo (#29105)
+- Only show the Transak verify-identity policy screen once on Unified Buy; later visits skip to email entry when not logged in to Transak (#28952)
+- Updated token avatars to use only asset image URLs, without a curated token list fallback (#28552)
+- Updated the perps section on the Explore screen to display horizontal tile cards with sparkline charts (#28512)
+- Stopped using the token list cache for asset overview token details; decimals, aggregators, and market data now come from the asset and token rates (#28533)
+- Improved scroll-back user experience in the advanced chart integration on the token details page (#28451)
+- Updated app typography and font assets to align with the latest MetaMask design system semibold bold-weight migration (#28363)
+- Updated perps chart volume bars to use 30% opacity, matching the transparency style of the spot token details chart (#29132)
+- Updated Settings copy so the IPFS gateway is described under Security and privacy instead of Advanced (#29045)
+
+### Fixed
+
+- Fixed featured carousel showing secondary markets instead of the match winner for sports events (#29001)
+- Fixed featured carousel showing sports games that had already ended (#29000)
+- Fixed Tempo transactions to fall back to a classic transaction when contract deployment is required (#29078)
+- Fixed the Confirmation button state by adding a gasless-loading guard, consistent with Extension (#29188)
+- Fixed rapid market switching triggering Hyperliquid rate-limit errors (#29056)
+- Fixed max mUSD conversion displaying an inflated receive amount (#29175)
+- Fixed the mUSD logo not displayed when opening mUSD swap from Rewards (#29194)
+- Fixed MetaMask Card home showing zero token balances when the user is not authenticated with the card provider (#29146)
+- Fixed a Perps position size formatting bug that stripped valid trailing zeros on whole-unit assets (szDecimals=0), e.g. displaying "1" instead of "100" (#29016)
+- Fixed SRP reveal QR code styling to display consistently across light and dark themes (#28969)
+- Fixed a visual alignment issue in the Top Traders list where double-digit ranks appeared to be missing their trailing dot (#29099)
+- Fixed an iOS-only bug where the header and web content overlapped in the in-app web view screen (#29020)
+- Fixed quote polling so the timer stops and interactions are blocked while a quote is being processed (#28862)
+- Fixed `wallet_watchAsset` failing with `"Expected a value of type JSON, but received: [object Object]"` when a dapp requested the wallet to watch a token (#29030)
+- Fixed bridge quotes showing a misleading 0% price impact when quote price data was unavailable (#28931)
+- Fixed incorrect TRX "locked for" value (#29038)
+- Fixed a layout shift that happened when following/unfollowing traders with high PnL (#29021)
+- Fixed NFT ownership status not refreshing across all enabled networks when pulling to refresh (#28655)
+- Fixed noisy Sentry error reports from expected candle fetch cancellations during navigation (#28953)
+- Fixed transient UI flashes on the Buy screen (stale "Powered by" text, brief quote-fetch error banner, and a disabled-looking Continue button) when the selected token isn't supported by the current provider and the app is silently switching to a supporting one (#29178)
+- Fixed missing error sheet on auth server and seedless login errors (#29227)
+- Fixed missing token icons in the predictions pay-with picker for zero-balance tokens (#27702)
+
+## [7.74.3]
+
+### Fixed
+
+- Fix polymarket adapter contract addresses for Android
+
+## [7.74.2]
+
+### Fixed
+
+- Updated Polymarket adapter contracts so Polymarket prediction transactions continue working after the relayer migration. (#29573)
+
+## [7.74.1]
+
+### Fixed
+
+- Fixed the environmental issue that push notifications not received on Android
+
 ## [7.74.0]
 
 ### Added
@@ -11288,7 +11371,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [#957](https://github.com/MetaMask/metamask-mobile/pull/957): fix timeouts (#957)
 - [#954](https://github.com/MetaMask/metamask-mobile/pull/954): Bugfix: onboarding navigation (#954)
 
-[Unreleased]: https://github.com/MetaMask/metamask-mobile/compare/v7.74.0...HEAD
+[Unreleased]: https://github.com/MetaMask/metamask-mobile/compare/v7.75.1...HEAD
+[7.75.1]: https://github.com/MetaMask/metamask-mobile/compare/v7.75.0...v7.75.1
+[7.75.0]: https://github.com/MetaMask/metamask-mobile/compare/v7.74.3...v7.75.0
+[7.74.3]: https://github.com/MetaMask/metamask-mobile/compare/v7.74.2...v7.74.3
+[7.74.2]: https://github.com/MetaMask/metamask-mobile/compare/v7.74.1...v7.74.2
+[7.74.1]: https://github.com/MetaMask/metamask-mobile/compare/v7.74.0...v7.74.1
 [7.74.0]: https://github.com/MetaMask/metamask-mobile/compare/v7.73.2...v7.74.0
 [7.73.2]: https://github.com/MetaMask/metamask-mobile/compare/v7.73.1...v7.73.2
 [7.73.1]: https://github.com/MetaMask/metamask-mobile/compare/v7.73.0...v7.73.1

app/components/UI/Bridge/components/TokenSelectorItem.config.ts

@@ -0,0 +1 @@
+export const SHOW_TOKEN_WARNINGS = false;

app/components/UI/Bridge/utils/tokenUtils.test.ts

@@ -3,6 +3,7 @@ import {
   getNativeSourceToken,
   getDefaultDestToken,
   tokenMatchesQuery,
+  getSecurityWarnings,
 } from './tokenUtils';
 import { getSecurityWarnings } from './tokenSecurityUtils';
 import { BridgeToken } from '../types';

app/components/UI/Bridge/utils/tokenUtils.ts

@@ -12,6 +12,15 @@ import { DefaultSwapDestTokens } from '../constants/default-swap-dest-tokens';
 import { IncludeAsset } from '../hooks/usePopularTokens';
 import { POLYGON_NATIVE_TOKEN } from '../constants/assets';
 
+/**
+ * Extracts security warning descriptions from a token's securityData metadata features.
+ * Returns an empty array when the token has no security warnings.
+ */
+export const getSecurityWarnings = (
+  token: BridgeToken | undefined | null,
+): string[] =>
+  token?.securityData?.metadata?.features?.map((f) => f.description) ?? [];
+
 /**
  * Normalizes chain-specific native token addresses to the zero address for the bridge flow.
  *

app/components/UI/Earn/Views/EarnMusdConversionEducationView/index.test.tsx

@@ -1301,68 +1301,6 @@ describe('EarnMusdConversionEducationView', () => {
       expect(mockTrackEvent).toHaveBeenCalledWith({ name: 'mock-built-event' });
     });
 
-    it('includes redirects_to money_hub when secondary button pressed with deeplink, Money Hub enabled, and geo-eligible', () => {
-      mockSelectMoneyHubEnabledFlag.mockReturnValue(true);
-      mockUseParams.mockReturnValue({ isDeeplink: true });
-
-      const { getByTestId } = renderWithProvider(
-        <EarnMusdConversionEducationView />,
-        { state: {} },
-      );
-
-      mockTrackEvent.mockClear();
-      mockCreateEventBuilder.mockClear();
-      mockAddProperties.mockClear();
-      mockBuild.mockClear();
-
-      fireEvent.press(
-        getByTestId(
-          EARN_TEST_IDS.MUSD.CONVERSION_EDUCATION_VIEW.SECONDARY_BUTTON,
-        ),
-      );
-
-      expect(mockCreateEventBuilder).toHaveBeenCalledWith(
-        MetaMetricsEvents.MUSD_FULLSCREEN_ANNOUNCEMENT_BUTTON_CLICKED,
-      );
-      expect(mockAddProperties).toHaveBeenCalledWith({
-        location:
-          MUSD_EVENTS_CONSTANTS.EVENT_LOCATIONS.CONVERSION_EDUCATION_SCREEN,
-        button_type: 'secondary',
-        button_text: strings('earn.musd_conversion.education.secondary_button'),
-        redirects_to: MONEY_EVENTS_CONSTANTS.EVENT_LOCATIONS.MONEY_HUB,
-      });
-    });
-
-    it('omits redirects_to when secondary button pressed in normal non-deeplink flow', () => {
-      mockUseParams.mockReturnValue({ isDeeplink: false });
-
-      const { getByTestId } = renderWithProvider(
-        <EarnMusdConversionEducationView />,
-        { state: {} },
-      );
-
-      mockTrackEvent.mockClear();
-      mockCreateEventBuilder.mockClear();
-      mockAddProperties.mockClear();
-      mockBuild.mockClear();
-
-      fireEvent.press(
-        getByTestId(
-          EARN_TEST_IDS.MUSD.CONVERSION_EDUCATION_VIEW.SECONDARY_BUTTON,
-        ),
-      );
-
-      expect(mockAddProperties).toHaveBeenCalledWith({
-        location:
-          MUSD_EVENTS_CONSTANTS.EVENT_LOCATIONS.CONVERSION_EDUCATION_SCREEN,
-        button_type: 'secondary',
-        button_text: strings('earn.musd_conversion.education.secondary_button'),
-      });
-      expect(mockAddProperties).not.toHaveBeenCalledWith(
-        expect.objectContaining({ redirects_to: expect.anything() }),
-      );
-    });
-
     it('tracks money_hub redirect when continue is pressed with returnTo', async () => {
       mockUseParams.mockReturnValue({
         returnTo: { screen: Routes.WALLET.CASH_TOKENS_FULL_VIEW },

app/components/UI/Earn/Views/EarnMusdConversionEducationView/index.tsx

@@ -48,7 +48,7 @@ import { selectMusdQuickConvertEnabledFlag } from '../../selectors/featureFlags'
 import { toChecksumAddress } from '../../../../../util/address';
 import { safeFormatChainIdToHex } from '../../../Card/util/safeFormatChainIdToHex';
 import { MONEY_EVENTS_CONSTANTS } from '../../../Money/constants/moneyEvents';
-import { selectMoneyHubEnabledFlag } from '../../../Money/selectors/featureFlags';
+import { selectMoneyHubEnabledFlag } from '../../../Money/selectors/featureFlags.ts';
 interface EarnMusdConversionEducationViewRouteParams {
   /**
    * Indicates if this navigation originated from a deeplink
@@ -224,8 +224,6 @@ const EarnMusdConversionEducationView = () => {
       : MUSD_EVENT_LOCATIONS.CUSTOM_AMOUNT_SCREEN;
     if (returnTo) {
       redirectsTo = MONEY_EVENT_LOCATIONS.MONEY_HUB;
-    } else if (deeplinkState?.action === 'navigate_money_hub') {
-      redirectsTo = MONEY_EVENT_LOCATIONS.MONEY_HUB;
     } else if (deeplinkState?.action === 'navigate_home') {
       redirectsTo = MUSD_EVENT_LOCATIONS.HOME_SCREEN;
     } else if (deeplinkState?.action === 'buy') {

app/components/UI/Predict/providers/polymarket/constants.ts

@@ -89,10 +89,10 @@ export const COLLATERAL_ONRAMP_ADDRESS =
   '0x93070a847efEf7F70739046A929D47a521F5B8ee';
 
 export const CTF_COLLATERAL_ADAPTER_ADDRESS =
-  '0xADa100874d00e3331D00F2007a9c336a65009718';
+  '0xAdA100Db00Ca00073811820692005400218FcE1f';
 
 export const NEG_RISK_CTF_COLLATERAL_ADAPTER_ADDRESS =
-  '0xAdA200001000ef00D07553cEE7006808F895c6F1';
+  '0xadA2005600Dec949baf300f4C6120000bDB6eAab';
 
 export const POLYGON_PUSD_CAIP_ASSET_ID =
   `${POLYGON_MAINNET_CAIP_CHAIN_ID}/erc20:${MATIC_CONTRACTS_V2.collateral}` as const;

app/components/UI/Rewards/Views/OndoCampaignDetailsView.tsx

@@ -211,7 +211,6 @@ const OndoCampaignDetailsView: React.FC = () => {
   );
 
   const {
-    leaderboard,
     selectedTier,
     selectedTierData,
     setSelectedTier,
@@ -298,6 +297,13 @@ const OndoCampaignDetailsView: React.FC = () => {
     });
   }, [navigation, effectiveCampaignId, campaign]);
 
+  const navigateToWinningView = useCallback(() => {
+    navigation.navigate(Routes.REWARDS_ONDO_CAMPAIGN_WINNING_VIEW, {
+      campaignId: effectiveCampaignId,
+      campaignName: campaign?.name ?? '',
+    });
+  }, [navigation, effectiveCampaignId, campaign]);
+
   return (
     <ErrorBoundary navigation={navigation} view="OndoCampaignDetailsView">
       <SafeAreaView