@ocap/tx-protocols 1.27.7 → 1.27.9

package/lib/protocols/account/migrate.js

@@ -15,6 +15,7 @@ const debug = require('debug')(`${require('../../../package.json').name}:migrate
 
 const EnsureTxGas = require('../../pipes/ensure-gas');
 const EnsureTxCost = require('../../pipes/ensure-cost');
+const { decodeAnySafe } = require('../../util');
 
 const runner = new Runner();
 
@@ -61,6 +62,15 @@ runner.use(
       return { create: 0, update: 0, payment: 0 };
     }
 
+    // Do not charge gas for connecting wallet from application
+    if (itx.data) {
+      const decoded = decodeAnySafe(itx.data);
+      if (decoded?.value && decoded.value.purpose === 'connect-wallet') {
+        Object.defineProperty(context, 'txBaseGas', { value: false });
+        return { create: 0, update: 0, payment: 0 };
+      }
+    }
+
     return {
       create: context.senderState ? 1 : 2,
       update: context.senderState ? getRelatedAddresses(context.senderState).length : 0,

package/lib/protocols/governance/stake.js

@@ -88,6 +88,15 @@ runner.use(pipes.VerifyAccountMigration({ stateKey: 'receiverState', addressKey:
 runner.use(pipes.ExtractState({ from: 'tokens', to: 'tokenStates', status: 'INVALID_TOKEN', table: 'token' }));
 runner.use(pipes.VerifyTokenBalance({ ownerKey: 'signerStates', conditionKey: 'inputs' }));
 
+// verify token spenders
+runner.use(
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenStates',
+    listFieldKey: 'spenders',
+    accountKeys: ['signerStates'],
+    errorMessage: 'Account {address} is not allowed to stake token {tokenAddress}',
+  })
+);
 // 7. verify asset state and ownership
 runner.use(pipes.ExtractState({ from: 'assets', to: 'assetStates', status: 'OK', table: 'asset' }));
 runner.use(pipes.VerifyTransferrable({ assets: 'assetStates' }));

package/lib/protocols/token/create.js

@@ -1,5 +1,6 @@
 const isEmpty = require('empty-value');
 const cloneDeep = require('lodash/cloneDeep');
+const uniq = require('lodash/uniq');
 const { Joi, schemas } = require('@arcblock/validator');
 const { CustomError: Error } = require('@ocap/util/lib/error');
 const { Runner, pipes } = require('@ocap/tx-pipeline');
@@ -35,16 +36,22 @@ const schema = Joi.object({
     .optional()
     .allow(null),
   foreignToken: schemas.foreignToken.optional().allow(null).default(null),
+  spendersList: Joi.array().items(Joi.DID().prefix()).max(30).optional().allow(null).default(null),
   tokenFactoryAddress: Joi.forbidden(),
   data: Joi.any().optional().allow(null),
 }).options({ stripUnknown: true, noDefaults: false });
 
 // 1. verify itx
 runner.use(({ itx }, next) => {
-  const { error } = schema.validate(itx);
+  const { error, value } = schema.validate(itx);
   if (error) {
     return next(new Error('INVALID_TX', `Invalid itx: ${error.message}`));
   }
+
+  // convert spendersList to spenders
+  itx.spenders = value.spendersList?.length ? uniq(value.spendersList) : null;
+  delete itx.spendersList;
+
   return next();
 });
 
@@ -152,7 +159,11 @@ runner.use(
         context
       ),
 
-      statedb.token.create(itx.address, token.create({ ...cloneDeep(itx), data, issuer: owner }, context), context),
+      statedb.token.create(
+        itx.address,
+        token.create({ ...cloneDeep(itx), data, issuer: owner, type: 'Token' }, context),
+        context
+      ),
 
       delegatorState
         ? statedb.account.update(

package/lib/protocols/token-factory/burn.js

@@ -29,6 +29,26 @@ runner.use(({ itx }, next) => {
   return next();
 });
 
+// verify token factory
+runner.use(
+  pipes.ExtractState({
+    from: 'itx.tokenFactory',
+    to: 'tokenFactoryState',
+    status: 'INVALID_TOKEN_FACTORY',
+    table: 'tokenFactory',
+  })
+);
+
+// ensure token state
+runner.use(
+  pipes.ExtractState({
+    from: 'tokenFactoryState.tokenAddress',
+    to: 'tokenState',
+    status: 'INVALID_TOKEN',
+    table: 'token',
+  })
+);
+
 // verify inputs
 runner.use(
   pipes.VerifyTxInput({
@@ -46,16 +66,6 @@ runner.use(pipes.VerifyListSize({ listKey: ['inputs', 'senders', 'tokens', 'asse
 // verify multi sig
 runner.use(pipes.VerifyMultiSigV2({ signersKey: 'senders' }));
 
-// verify token factory
-runner.use(
-  pipes.ExtractState({
-    from: 'itx.tokenFactory',
-    to: 'tokenFactoryState',
-    status: 'INVALID_TOKEN_FACTORY',
-    table: 'tokenFactory',
-  })
-);
-
 // verify inputs token
 runner.use((context, next) => {
   const { tokenFactoryState, inputs } = context;
@@ -98,13 +108,13 @@ runner.use(
   })
 );
 
-// ensure token state
+// verify minters restriction
 runner.use(
-  pipes.ExtractState({
-    from: 'tokenFactoryState.tokenAddress',
-    to: 'tokenState',
-    status: 'INVALID_TOKEN',
-    table: 'token',
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenState',
+    listFieldKey: 'minters',
+    accountKeys: ['signerStates', 'senderState'],
+    errorMessage: 'Account {address} is not allowed to burn token {tokenAddress}',
   })
 );
 
@@ -135,25 +145,29 @@ runner.use(
     feeKey: 'reserveFee',
     amountKey: 'burnAmount',
     direction: 'burn',
-  })
+  }),
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
 );
 
 // verify slippage
-runner.use((context, next) => {
-  const { reserveAmount, reserveFee } = context;
-  const { minReserve } = context.itx;
-
-  if (minReserve && new BN(reserveAmount).lt(new BN(minReserve).add(new BN(reserveFee || '0')))) {
-    return next(
-      new Error(
-        'SLIPPAGE_EXCEEDED',
-        `Burn token failed due to price movement. Expected minimum: ${fromUnitToToken(minReserve)}, actual: ${fromUnitToToken(reserveAmount)}. Try reducing your minReserve.`
-      )
-    );
-  }
+runner.use(
+  (context, next) => {
+    const { reserveAmount, reserveFee } = context;
+    const { minReserve } = context.itx;
+
+    if (minReserve && new BN(reserveAmount).lt(new BN(minReserve).add(new BN(reserveFee || '0')))) {
+      return next(
+        new Error(
+          'SLIPPAGE_EXCEEDED',
+          `Burn token failed due to price movement. Expected minimum: ${fromUnitToToken(minReserve)}, actual: ${fromUnitToToken(reserveAmount)}. Try reducing your minReserve.`
+        )
+      );
+    }
 
-  return next();
-});
+    return next();
+  },
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
+);
 
 // verify balance
 runner.use(pipes.ExtractState({ from: 'tokens', to: 'tokenStates', status: 'INVALID_TOKEN', table: 'token' }));
@@ -165,7 +179,7 @@ runner.use((context, next) => {
   if (new BN(tokenFactoryState.currentSupply).lt(new BN(context.burnAmount))) {
     return next(new Error('INSUFFICIENT_FUND', 'Token factory supply is not enough'));
   }
-  if (new BN(tokenFactoryState.reserveBalance).lt(new BN(context.reserveAmount))) {
+  if (new BN(tokenFactoryState.reserveBalance).lt(new BN(context.reserveAmount || '0'))) {
     return next(new Error('INSUFFICIENT_FUND', 'Token factory reserve balance is not enough'));
   }
   return next();
@@ -182,10 +196,12 @@ runner.use(
       result.create += 1;
     }
 
-    if (context.receiverState) {
-      result.update += 1;
-    } else {
-      result.create += 1;
+    if (context.tokenFactoryState.curve) {
+      if (context.receiverState) {
+        result.update += 1;
+      } else {
+        result.create += 1;
+      }
     }
 
     if (context.reserveFee) {
@@ -262,14 +278,17 @@ runner.use(
     }
 
     // update receiver
-    accountUpdates[receiver] = applyTokenChange(
-      accountUpdates[receiver] || receiverState || { address: receiver, tokens: {} },
-      {
-        address: receiver,
-        token: reserveAddress,
-        delta: new BN(reserveAmount).sub(new BN(reserveFee || '0')).toString(), // reserveAmount - reserveFee
-      }
-    );
+    // should not update receiver for credit token
+    if (tokenFactoryState.curve) {
+      accountUpdates[receiver] = applyTokenChange(
+        accountUpdates[receiver] || receiverState || { address: receiver, tokens: {} },
+        {
+          address: receiver,
+          token: reserveAddress,
+          delta: new BN(reserveAmount).sub(new BN(reserveFee || '0')).toString(), // reserveAmount - reserveFee
+        }
+      );
+    }
 
     // update sender
     if (senderChange) {
@@ -307,7 +326,7 @@ runner.use(
           tokenFactoryState,
           {
             currentSupply: new BN(tokenFactoryState.currentSupply).sub(new BN(burnAmount)).toString(),
-            reserveBalance: new BN(tokenFactoryState.reserveBalance).sub(new BN(reserveAmount)).toString(),
+            reserveBalance: new BN(tokenFactoryState.reserveBalance).sub(new BN(reserveAmount || '0')).toString(),
           },
           context
         ),

package/lib/protocols/token-factory/create.js

@@ -1,11 +1,12 @@
 const isEmpty = require('empty-value');
 const cloneDeep = require('lodash/cloneDeep');
+const uniq = require('lodash/uniq');
 const { Joi } = require('@arcblock/validator');
 const { CustomError: Error } = require('@ocap/util/lib/error');
 const { Runner, pipes } = require('@ocap/tx-pipeline');
 const { account, token, tokenFactory, delegation, stake } = require('@ocap/state');
 const { toTokenFactoryAddress, toTokenAddress, toStakeAddress } = require('@arcblock/did-util');
-const { BN, fromTokenToUnit } = require('@ocap/util');
+const { BN, fromTokenToUnit, fromUnitToToken } = require('@ocap/util');
 
 // eslint-disable-next-line global-require, import/order
 const debug = require('debug')(`${require('../../../package.json').name}:create-token-factory`);
@@ -26,7 +27,13 @@ runner.use(pipes.VerifyMultiSig(0));
 const schema = Joi.object({
   address: Joi.DID().prefix().role('ROLE_TOKEN_FACTORY').required(),
   feeRate: Joi.number().min(0).max(2000).required(),
-  curve: tokenFactory.curveSchema.required(),
+  curve: Joi.when('token.type', {
+    is: 'CreditToken',
+    then: Joi.valid(null).optional().messages({
+      'any.only': 'Should not provide curve for CreditToken',
+    }),
+    otherwise: tokenFactory.curveSchema.required(),
+  }),
   reserveAddress: Joi.DID().prefix().role('ROLE_TOKEN').required(),
   token: Joi.object({
     name: Joi.string().min(1).max(32).required(),
@@ -45,6 +52,9 @@ const schema = Joi.object({
       .optional()
       .allow(null, ''),
     metadata: Joi.any().required(),
+    spendersList: Joi.array().items(Joi.DID().prefix()).max(30).optional().allow(null).default(null),
+    mintersList: Joi.array().items(Joi.DID().prefix()).max(30).optional().allow(null).default(null),
+    type: Joi.string().valid('CreditToken', 'BondingCurveToken').required(),
   }).required(),
   data: Joi.any().optional().allow(null),
 }).options({ stripUnknown: true, noDefaults: false });
@@ -69,6 +79,14 @@ runner.use((context, next) => {
     context.itx.token.metadata = { ...metadata, value: metadataValue };
   }
 
+  // convert spendersList to spenders
+  context.itx.token.spenders = value.token.spendersList?.length ? uniq(value.token.spendersList) : null;
+  delete context.itx.token.spendersList;
+
+  // convert mintersList to minters
+  context.itx.token.minters = value.token.mintersList?.length ? uniq(value.token.mintersList) : null;
+  delete context.itx.token.mintersList;
+
   return next();
 });
 
@@ -162,19 +180,24 @@ runner.use(
   pipes.ExtractState({ from: 'stakeAddress', to: 'stakeState', status: 'INVALID_STAKE_STATE', table: 'stake' })
 );
 runner.use((context, next) => {
-  const { stakeState, config } = context;
+  const { stakeState, config, itx } = context;
 
   if (stakeState.revocable === false) {
     return next(new Error('INVALID_STAKE_STATE', `Staking for token creating already locked: ${stakeState.address}`));
   }
 
   const actualStake = new BN(stakeState.tokens[config.token.address] || 0);
-  const requiredStake = fromTokenToUnit(config.transaction.txStake.createToken, config.token.decimal);
+  const requiredStake = fromTokenToUnit(
+    itx.token.type === 'CreditToken'
+      ? config.transaction.txStake.createCreditToken
+      : config.transaction.txStake.createToken,
+    config.token.decimal
+  );
   if (actualStake.lt(requiredStake)) {
     return next(
       new Error(
         'INVALID_STAKE_STATE',
-        `Insufficient stake amount: required ${config.transaction.txStake.createToken} ${config.token.symbol}`
+        `Insufficient stake amount: required ${fromUnitToToken(requiredStake, config.token.decimal)} ${config.token.symbol}`
       )
     );
   }

package/lib/protocols/token-factory/mint.js

@@ -17,7 +17,7 @@ const schema = Joi.object({
   receiver: schemas.tokenHolder.required(),
   amount: Joi.BN().greater(0).required(),
   data: Joi.any().optional().allow(null),
-  inputsList: schemas.multiInput.min(1).required(),
+  inputsList: schemas.multiInput.optional(),
 }).options({ stripUnknown: true, noDefaults: false });
 
 // verify itx
@@ -29,7 +29,26 @@ runner.use(({ itx }, next) => {
   return next();
 });
 
-// verify inputs
+// ensure token factory state
+runner.use(
+  pipes.ExtractState({
+    from: 'itx.tokenFactory',
+    to: 'tokenFactoryState',
+    status: 'INVALID_TOKEN_FACTORY',
+    table: 'tokenFactory',
+  })
+);
+
+// ensure token state
+runner.use(
+  pipes.ExtractState({
+    from: 'tokenFactoryState.tokenAddress',
+    to: 'tokenState',
+    status: 'INVALID_TOKEN',
+    table: 'token',
+  })
+);
+
 runner.use(
   pipes.VerifyTxInput({
     fieldKey: 'itx.inputs',
@@ -37,47 +56,48 @@ runner.use(
     sendersKey: 'senders',
     tokensKey: 'tokens',
     assetsKey: null,
-  })
+  }),
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
 );
 
 // verify itx size: set hard limit here because more inputs leads to longer tx execute time
-runner.use(pipes.VerifyListSize({ listKey: ['inputs', 'senders', 'tokens', 'assets'] }));
+runner.use(pipes.VerifyListSize({ listKey: ['inputs', 'senders', 'tokens', 'assets'] }), {
+  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
+});
 
 // verify multi sig
-runner.use(pipes.VerifyMultiSigV2({ signersKey: 'senders' }));
-
-// verify token factory
-runner.use(
-  pipes.ExtractState({
-    from: 'itx.tokenFactory',
-    to: 'tokenFactoryState',
-    status: 'INVALID_TOKEN_FACTORY',
-    table: 'tokenFactory',
-  })
-);
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'senders' }), {
+  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
+});
 
 // verify inputs token
-runner.use((context, next) => {
-  const { tokenFactoryState, inputs } = context;
-
-  const isAccepted = inputs.every(
-    (input) =>
-      input.tokensList.length &&
-      input.tokensList.every((x) => x.address === tokenFactoryState.reserveAddress) &&
-      !input.assetsList.length
-  );
+runner.use(
+  (context, next) => {
+    const { tokenFactoryState, inputs } = context;
+
+    const isAccepted = inputs.every(
+      (input) =>
+        input.tokensList.length &&
+        input.tokensList.every((x) => x.address === tokenFactoryState.reserveAddress) &&
+        !input.assetsList.length
+    );
 
-  if (!isAccepted) {
-    return next(new Error('INVALID_TX', `Inputs only accept ${tokenFactoryState.reserveAddress}`));
-  }
+    if (!isAccepted) {
+      return next(new Error('INVALID_TX', `Inputs only accept ${tokenFactoryState.reserveAddress}`));
+    }
 
-  return next();
-});
+    return next();
+  },
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
+);
 
 // ensure sender
 runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'OK', table: 'account' }));
-runner.use(pipes.ExtractState({ from: 'senders', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })); // prettier-ignore
-runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', stateKey: 'senderState', addressKey: 'tx.from' }));
+runner.use(pipes.ExtractState({ from: 'senders', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' }), { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve, }); // prettier-ignore
+runner.use(
+  pipes.VerifyAccountMigration({ signerKey: 'signerStates', stateKey: 'senderState', addressKey: 'tx.from' }),
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
+);
 
 // ensure receiver
 runner.use(pipes.ExtractState({ from: 'itx.receiver', to: 'receiverState', status: 'OK', table: 'account' }));
@@ -96,13 +116,13 @@ runner.use(
   })
 );
 
-// ensure token state
+// verify minters restriction
 runner.use(
-  pipes.ExtractState({
-    from: 'tokenFactoryState.tokenAddress',
-    to: 'tokenState',
-    status: 'INVALID_TOKEN',
-    table: 'token',
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenState',
+    listFieldKey: 'minters',
+    accountKeys: ['senderState', 'receiverState', 'itx.receiver'],
+    errorMessage: 'Account {address} is not allowed to mint token {tokenAddress}',
   })
 );
 
@@ -113,7 +133,8 @@ runner.use(
     tokenStateKey: 'tokenState',
     reserveKey: 'reserveAmount',
     amountKey: 'itx.amount',
-  })
+  }),
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
 );
 
 // verify max supply
@@ -137,33 +158,38 @@ runner.use((context, next) => {
 });
 
 // verify slippage
-runner.use((context, next) => {
-  const { reserveAmount, reserveFee, inputs, tokenFactoryState } = context;
+runner.use(
+  (context, next) => {
+    const { reserveAmount, reserveFee, inputs, tokenFactoryState } = context;
+
+    const maxReserve = inputs.reduce((total, input) => {
+      const reserveToken = input.tokensList.find((x) => x.address === tokenFactoryState.reserveAddress);
+      if (reserveToken) {
+        return total.add(new BN(reserveToken.value));
+      }
+      return total;
+    }, new BN(0));
 
-  const maxReserve = inputs.reduce((total, input) => {
-    const reserveToken = input.tokensList.find((x) => x.address === tokenFactoryState.reserveAddress);
-    if (reserveToken) {
-      return total.add(new BN(reserveToken.value));
+    const actual = new BN(reserveAmount).add(new BN(reserveFee || '0'));
+    if (actual.gt(maxReserve)) {
+      return next(
+        new Error(
+          'SLIPPAGE_EXCEEDED',
+          `Mint token failed due to price movement. Expected maximum: ${fromUnitToToken(maxReserve)}, actual: ${fromUnitToToken(actual)}. Try increasing your inputs.`
+        )
+      );
     }
-    return total;
-  }, new BN(0));
-
-  const actual = new BN(reserveAmount).add(new BN(reserveFee || '0'));
-  if (actual.gt(maxReserve)) {
-    return next(
-      new Error(
-        'SLIPPAGE_EXCEEDED',
-        `Mint token failed due to price movement. Expected maximum: ${fromUnitToToken(maxReserve)}, actual: ${fromUnitToToken(actual)}. Try increasing your inputs.`
-      )
-    );
-  }
 
-  next();
-});
+    next();
+  },
+  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
+);
 
 // verify balance
 runner.use(pipes.ExtractState({ from: 'tokens', to: 'tokenStates', status: 'INVALID_TOKEN', table: 'token' }));
-runner.use(pipes.VerifyTokenBalance({ ownerKey: 'signerStates', conditionKey: 'inputs' }));
+runner.use(pipes.VerifyTokenBalance({ ownerKey: 'signerStates', conditionKey: 'inputs' }), {
+  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
+});
 
 // Ensure tx fee and gas
 runner.use(
@@ -210,17 +236,19 @@ runner.use(
       senderChange,
       updateVaults,
       tokenFactoryState,
-      signerStates,
       tokenState,
       reserveAmount,
       reserveFee,
       itx,
-      inputs,
     } = context;
     const { amount, receiver } = itx;
     const { reserveAddress, tokenAddress } = tokenFactoryState;
 
-    const totalReserveCost = new BN(reserveAmount).add(new BN(reserveFee || '0'));
+    // signerStates and inputs are not exist in context for credit token
+    const signerStates = tokenFactoryState.curve ? context.signerStates : [];
+    const inputs = tokenFactoryState.curve ? context.inputs : [];
+
+    const totalReserveCost = new BN(reserveAmount || '0').add(new BN(reserveFee || '0'));
     let currentReserveCost = new BN('0');
 
     const accountUpdates = {};
@@ -311,7 +339,7 @@ runner.use(
           tokenFactoryState,
           {
             currentSupply: new BN(tokenFactoryState.currentSupply).add(new BN(amount)).toString(),
-            reserveBalance: new BN(tokenFactoryState.reserveBalance).add(new BN(reserveAmount)).toString(),
+            reserveBalance: new BN(tokenFactoryState.reserveBalance).add(new BN(reserveAmount || '0')).toString(),
           },
           context
         ),

package/lib/protocols/token-factory/pipes/calc-reserve.js

@@ -28,10 +28,10 @@ module.exports =
     const { decimal } = tokenState;
 
     const reserveAmount = calcCost({ amount, decimal, currentSupply, direction, curve });
-    set(context, reserveKey, reserveAmount.toString());
+    set(context, reserveKey, reserveAmount?.toString());
 
     const reserveFee = calcFee({ reserveAmount, feeRate });
-    set(context, feeKey, reserveFee.toString());
+    set(context, feeKey, reserveFee?.toString());
 
     return next();
   };

package/lib/protocols/trade/exchange-v2.js

@@ -122,6 +122,14 @@ runner.use(pipes.VerifyTokenBalance({ ownerKey: 'receiverState', conditionKey: '
 
 runner.use(pipes.AntiLandAttack({ senderState: 'senderState', receiverState: 'receiverState' }));
 runner.use(pipes.VerifyBlocked({ stateKeys: ['senderState', 'receiverState'] }));
+runner.use(
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenStates',
+    listFieldKey: 'spenders',
+    accountKeys: ['senderState', 'receiverState'],
+    errorMessage: 'Account {address} is not allowed to exchange token {tokenAddress}',
+  })
+);
 
 runner.use(pipes.ExtractState({ from: 'senderAssets', to: 'priv.senderAssets', status: 'INVALID_ASSET', table: 'asset' })); // prettier-ignore
 runner.use(pipes.VerifyTransferrable({ assets: 'priv.senderAssets' }));

package/lib/protocols/trade/transfer-v2.js

@@ -142,6 +142,14 @@ runner.use(pipes.ExtractReceiver({ from: 'itx.to', to: 'receiver' }));
 runner.use(pipes.ExtractState({ from: 'receiver', to: 'receiverState', status: 'OK', table: 'account' }));
 runner.use(pipes.AntiLandAttack({ senderState: 'senderState', receiverState: 'receiverState' }));
 runner.use(pipes.VerifyBlocked({ stateKeys: ['senderState', 'receiverState'] }));
+runner.use(
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenStates',
+    listFieldKey: 'spenders',
+    accountKeys: ['senderState', 'receiverState', 'itx.to'],
+    errorMessage: 'Account {address} is not allowed to transfer token {tokenAddress}',
+  })
+);
 
 runner.use(pipes.ExtractState({ from: 'assets', to: 'assetStates', status: 'INVALID_ASSET', table: 'asset' }));
 runner.use(pipes.VerifyTransferrable({ assets: 'assetStates' }));

package/lib/protocols/trade/transfer-v3.js

@@ -134,6 +134,14 @@ runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', stateKey: '
 // 5. verify token state and balance
 runner.use(pipes.ExtractState({ from: 'inputTokens', to: 'tokenStates', status: 'INVALID_TOKEN', table: 'token' }));
 runner.use(pipes.VerifyTokenBalance({ ownerKey: 'signerStates', conditionKey: 'inputs' }));
+runner.use(
+  pipes.verifyTokenAccess({
+    statesKey: 'tokenStates',
+    listFieldKey: 'spenders',
+    accountKeys: ['signerStates', 'receiverStates'],
+    errorMessage: 'Account {address} is not allowed to transfer token {tokenAddress}',
+  })
+);
 
 // 6. verify asset state and transferrable, ownership
 runner.use(pipes.ExtractState({ from: 'inputAssets', to: 'assetStates', status: 'INVALID_ASSET', table: 'asset' }));

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.27.7",
+  "version": "1.27.9",
   "description": "Predefined tx pipeline sets to execute certain type of transactions",
   "main": "lib/index.js",
   "files": [
@@ -19,20 +19,20 @@
     "empty-value": "^1.0.1",
     "lodash": "^4.17.21",
     "url-join": "^4.0.1",
-    "@arcblock/did-util": "1.27.7",
-    "@arcblock/jwt": "1.27.7",
-    "@arcblock/vc": "1.27.7",
-    "@arcblock/did": "1.27.7",
-    "@ocap/asset": "1.27.7",
-    "@ocap/client": "1.27.7",
-    "@ocap/mcrypto": "1.27.7",
-    "@ocap/merkle-tree": "1.27.7",
-    "@ocap/message": "1.27.7",
-    "@ocap/state": "1.27.7",
-    "@ocap/tx-pipeline": "1.27.7",
-    "@ocap/util": "1.27.7",
-    "@ocap/wallet": "1.27.7",
-    "@arcblock/validator": "1.27.7"
+    "@arcblock/did": "1.27.9",
+    "@arcblock/did-util": "1.27.9",
+    "@arcblock/jwt": "1.27.9",
+    "@arcblock/validator": "1.27.9",
+    "@arcblock/vc": "1.27.9",
+    "@ocap/asset": "1.27.9",
+    "@ocap/client": "1.27.9",
+    "@ocap/mcrypto": "1.27.9",
+    "@ocap/merkle-tree": "1.27.9",
+    "@ocap/message": "1.27.9",
+    "@ocap/state": "1.27.9",
+    "@ocap/tx-pipeline": "1.27.9",
+    "@ocap/util": "1.27.9",
+    "@ocap/wallet": "1.27.9"
   },
   "resolutions": {
     "bn.js": "5.2.2",
@@ -41,8 +41,8 @@
   "devDependencies": {
     "jest": "^29.7.0",
     "start-server-and-test": "^1.14.0",
-    "@ocap/e2e-test": "1.27.7",
-    "@ocap/statedb-memory": "1.27.7"
+    "@ocap/e2e-test": "1.27.9",
+    "@ocap/statedb-memory": "1.27.9"
   },
   "scripts": {
     "lint": "eslint tests lib",