fix: batch NFT ownership checks via Multicall3

[juanmigdr]

Explanation

• Replace individual AssetsContractController messenger calls (getERC721OwnerOf, getERC1155BalanceOf) with a new getNftOwnershipForMultipleNfts utility that batches ERC-721 ownerOf and ERC-1155 balanceOf calls through Multicall3's aggregate3, falling back to individual RPC calls on unsupported chains or when multicall fails.
• Remove checkAndUpdateSingleNftOwnershipStatus in favor of checkAndUpdateAllNftsOwnershipStatus, which now batches all NFTs in a single pass.
• Add an optional standard parameter to isNftOwner so callers that already know the token standard skip redundant subcalls.

Breaking Changes

• checkAndUpdateSingleNftOwnershipStatus removed — use checkAndUpdateAllNftsOwnershipStatus instead.
• AllowedActions narrowed — AssetsContractController:getERC721OwnerOf and AssetsContractController:getERC1155BalanceOf are no longer required by NftController's messenger. Consumers constructing the messenger must remove these from their allowed actions list.

References

https://consensyssoftware.atlassian.net/browse/ASSETS-2959

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Changes NFT ownership verification paths (watchNft, isNftOwner, and ownership-status refresh) to use a new batching utility and different RPC/provider plumbing, which could affect correctness on edge-case contracts and unsupported chains despite fallbacks and added tests.

Overview
NftController now batches ERC-721 ownerOf and ERC-1155 balanceOf ownership checks via Multicall3 (with per-call fallback to individual RPC calls), reducing RPC request volume and adding an optional standard hint to skip redundant subcalls.

This removes the AssetsContractController:getERC721OwnerOf/getERC1155BalanceOf messenger dependencies (and deletes checkAndUpdateSingleNftOwnershipStatus), updating checkAndUpdateAllNftsOwnershipStatus and tests to rely on the new getNftOwnershipForMultipleNfts helper, including handling for explicitly unknown-standard NFTs that would otherwise break multicall batches.

^{Written by Cursor Bugbot for commit 10d305c. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[cursor]

Undefined standard silently skips NFT ownership checks

Medium Severity

The filter to exclude NFTs with unrecognized standards (hasExplicitNonStandard) incorrectly treats undefined the same as an explicitly unrecognized standard like "UNKNOWN". NftMetadata.standard can be undefined at runtime (e.g., NFTs from the API when kind is falsy, or older persisted state), even though TypeScript types it as string | null. Since undefined !== null is true and normalizeNftStandard(undefined) returns null, these NFTs are silently excluded from ownership checks — they'll never be marked as no-longer-owned. The guard nft.standard !== null needs to also account for undefined (e.g., nft.standard != null using loose equality).

Additional Locations (1)

• packages/assets-controllers/src/multicall.ts#L1208-L1223