feat: adding support for postQuote transactions with paymentOverride defined#8967
feat: adding support for postQuote transactions with paymentOverride defined#8967jpuri wants to merge 14 commits into
Conversation
jpuri
force-pushed
the
paymentoverride_postquote
branch
from
eaea3f1 to
dfa88a2
Compare
jpuri
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
…sk/core into paymentoverride_postquote
|
|
||
| ### Added | ||
|
|
||
| - Adding processing for postQuote transactions with paymentProvider defined ([#8967](https://github.com/MetaMask/core/pull/8967)) |
There was a problem hiding this comment.
Do you mean paymentOverride, same for PR description? 😅
There was a problem hiding this comment.
My bad, changelog and PR description are updated.
|
|
||
| const transactionData = transactionDataList[transaction.id]; | ||
| const amountHuman = transactionData?.tokens?.[0]?.amountHuman ?? '0'; | ||
| const amountRaw = |
There was a problem hiding this comment.
Why do we have to check the state directly? Shouldn't this always be the sourceTokenAmount in request?
There was a problem hiding this comment.
I changed it for amountRaw.
There was a problem hiding this comment.
We do not have amountHuman available, an option is that we send amountHuman to callback rather than amountHuman also. That may be more accurate.
| }); | ||
|
|
||
| if (!overrideCalls.length) { | ||
| log('No payment override calls for money account post-quote'); |
There was a problem hiding this comment.
Should we throw in this case as something has gone wrong?
There was a problem hiding this comment.
Here it is possible in a future use case the callback conditionally returns calls. Thus we should not throw if there are no calls.
jpuri
changed the title
…verride_postquote
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 4311eec. Configure here.
| { | ||
| to: request.targetTokenAddress, | ||
| data: buildTokenTransferData(fundingRecipient, request.sourceTokenAmount), | ||
| value: '0x0', |
There was a problem hiding this comment.
Wrong ERC20 contract on transfer
High Severity
In post-quote flows, originCurrency is the source token on the origin chain, but the prepended funding transfer sets txs[0].to to request.targetTokenAddress (the destination payment token). That can target the wrong contract on the origin chain and produce invalid or incorrect transfer calldata.
Reviewed by Cursor Bugbot for commit 4311eec. Configure here.
2 participants
Explanation
Adding support for postQuote transactions with paymentOverride defined. This is done by calling getPaymentOverrideData when and adding additional transactions to quote request.
References
Related to https://consensyssoftware.atlassian.net/browse/CONF-1407
Checklist
Note
Medium Risk
Changes how Relay quote bodies are built for Money Account post-quote flows (transfers, delegation, and client-provided override calls), which affects payment execution though behavior is gated and covered by new tests.
Overview
Adds Money Account handling for Relay quotes when
isPostQuoteandpaymentOverride === PaymentOverride.MoneyAccount. Instead of skipping transaction embedding like other post-quote flows, the Relay strategy now callsgetPaymentOverrideData, builds anEXACT_OUTPUTquote with a funding token transfer plus override batch calls, and optionally applies EIP-7702authorizationListand a custom fundingrecipient.GetPaymentOverrideDataResponsegains optionalrecipientandauthorizationListso clients can steer the transfer target and delegation. Authorization normalization is shared vianormalizeAuthorizationList(also used by the existing delegation path inprocessTransactions).Changelog and a dedicated
processMoneyAccountPostQuotetest suite cover trade type,txscomposition, empty override calls, and defaults for amount/value.Reviewed by Cursor Bugbot for commit 4311eec. Bugbot is set up for automated code reviews on this repo. Configure here.