mppx 0.4.6 → 0.4.8

package/src/tempo/server/Charge.ts

@@ -1,4 +1,5 @@
-import { decodeFunctionData, isAddressEqual, parseEventLogs, type TransactionReceipt } from 'viem'
+import type { TempoAddress as TempoAddress_types } from 'ox/tempo'
+import { decodeFunctionData, keccak256, parseEventLogs, type TransactionReceipt } from 'viem'
 import {
   getTransactionReceipt,
   sendRawTransaction,
@@ -11,8 +12,10 @@ import { Abis, Transaction } from 'viem/tempo'
 import { PaymentExpiredError } from '../../Errors.js'
 import type { LooseOmit } from '../../internal/types.js'
 import * as Method from '../../Method.js'
+import * as Store from '../../Store.js'
 import * as Client from '../../viem/Client.js'
 import * as Account from '../internal/account.js'
+import * as TempoAddress from '../internal/address.js'
 import * as defaults from '../internal/defaults.js'
 import * as FeePayer from '../internal/fee-payer.js'
 import * as Selectors from '../internal/selectors.js'
@@ -41,6 +44,7 @@ export function charge<const parameters extends charge.Parameters>(
     memo,
     waitForConfirmation = true,
   } = parameters
+  const store = (parameters.store ?? Store.memory()) as Store.Store<charge.StoreItemMap>
 
   const { recipient, feePayer, feePayerUrl } = Account.resolve(parameters)
 
@@ -119,74 +123,45 @@ export function charge<const parameters extends charge.Parameters>(
       switch (payload.type) {
         case 'hash': {
           const hash = payload.hash as `0x${string}`
+          await assertHashUnused(store, hash)
+
           const receipt = await getTransactionReceipt(client, {
             hash,
           })
 
-          if (memo) {
-            const memoLogs = parseEventLogs({
-              abi: Abis.tip20,
-              eventName: 'TransferWithMemo',
-              logs: receipt.logs,
-            })
-
-            const match = memoLogs.find(
-              (log) =>
-                isAddressEqual(log.address, currency) &&
-                isAddressEqual(log.args.to, recipient) &&
-                log.args.amount.toString() === amount &&
-                log.args.memo.toLowerCase() === memo.toLowerCase(),
-            )
-
-            if (!match)
-              throw new MismatchError(
-                'Payment verification failed: no matching transfer with memo found.',
-                {
-                  amount,
-                  currency,
-                  memo,
-                  recipient,
-                },
-              )
-          } else {
-            const transferLogs = parseEventLogs({
-              abi: Abis.tip20,
-              eventName: 'Transfer',
-              logs: receipt.logs,
-            })
-
-            const memoLogs = parseEventLogs({
-              abi: Abis.tip20,
-              eventName: 'TransferWithMemo',
-              logs: receipt.logs,
-            })
-
-            const match = [...transferLogs, ...memoLogs].find(
-              (log) =>
-                isAddressEqual(log.address, currency) &&
-                isAddressEqual(log.args.to, recipient) &&
-                log.args.amount.toString() === amount,
-            )
+          assertTransferLog(receipt, {
+            amount,
+            currency,
+            from: receipt.from,
+            memo,
+            recipient,
+          })
 
-            if (!match)
-              throw new MismatchError('Payment verification failed: no matching transfer found.', {
-                amount,
-                currency,
-                recipient,
-              })
-          }
+          await markHashUsed(store, hash)
 
           return toReceipt(receipt)
         }
 
         case 'transaction': {
           const serializedTransaction = payload.signature as Transaction.TransactionSerializedTempo
-          const transaction = Transaction.deserialize(serializedTransaction)
 
-          const calls = transaction.calls ?? []
+          // Pre-broadcast dedup: catch exact byte-for-byte replays early.
+          const hash = keccak256(serializedTransaction)
+          await assertHashUnused(store, hash)
+          await markHashUsed(store, hash)
+
+          if (!FeePayer.isTempoTransaction(serializedTransaction))
+            throw new MismatchError('Only Tempo (0x76/0x78) transactions are supported.', {})
+
+          const transaction = Transaction.deserialize(serializedTransaction)
+          if (!transaction.signature || !transaction.from)
+            throw new MismatchError(
+              'Transaction must be signed by the sender before fee payer co-signing.',
+              {},
+            )
 
-          const call = calls.find((call) => {
-            if (!call.to || !isAddressEqual(call.to, currency)) return false
+          const call = transaction.calls.find((call) => {
+            if (!call.to || !TempoAddress.isEqual(call.to, currency)) return false
             if (!call.data) return false
 
             const selector = call.data.slice(0, 10)
@@ -197,7 +172,7 @@ export function charge<const parameters extends charge.Parameters>(
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_, memo_] = args as [`0x${string}`, bigint, `0x${string}`]
                 return (
-                  isAddressEqual(to, recipient) &&
+                  TempoAddress.isEqual(to, recipient) &&
                   amount_.toString() === amount &&
                   memo_.toLowerCase() === memo.toLowerCase()
                 )
@@ -210,7 +185,7 @@ export function charge<const parameters extends charge.Parameters>(
               try {
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_] = args as [`0x${string}`, bigint]
-                return isAddressEqual(to, recipient) && amount_.toString() === amount
+                return TempoAddress.isEqual(to, recipient) && amount_.toString() === amount
               } catch {
                 return false
               }
@@ -220,7 +195,7 @@ export function charge<const parameters extends charge.Parameters>(
               try {
                 const { args } = decodeFunctionData({ abi: Abis.tip20, data: call.data })
                 const [to, amount_] = args as [`0x${string}`, bigint, `0x${string}`]
-                return isAddressEqual(to, recipient) && amount_.toString() === amount
+                return TempoAddress.isEqual(to, recipient) && amount_.toString() === amount
               } catch {
                 return false
               }
@@ -237,7 +212,7 @@ export function charge<const parameters extends charge.Parameters>(
             })
 
           if ((feePayer || feePayerUrl) && methodDetails?.feePayer !== false)
-            FeePayer.validateCalls(calls, { amount, currency, recipient })
+            FeePayer.validateCalls(transaction.calls, { amount, currency, recipient })
 
           const resolvedFeeToken =
             transaction.feeToken ?? defaults.currency[chainId as keyof typeof defaults.currency]
@@ -258,6 +233,21 @@ export function charge<const parameters extends charge.Parameters>(
             const receipt = await sendRawTransactionSync(client, {
               serializedTransaction: serializedTransaction_final,
             })
+            assertTransferLog(receipt, {
+              amount,
+              currency,
+              from: transaction.from,
+              memo,
+              recipient,
+            })
+            // Post-broadcast dedup: catch malleable input variants
+            // (different serialized bytes, same underlying tx) that
+            // bypass the pre-broadcast check. Skip if the broadcast
+            // hash matches the input hash (already stored above).
+            if (receipt.transactionHash.toLowerCase() !== hash.toLowerCase()) {
+              await assertHashUnused(store, receipt.transactionHash)
+              await markHashUsed(store, receipt.transactionHash)
+            }
             return toReceipt(receipt)
           } else {
             // Optimistic path: simulate to catch obvious reverts, then broadcast
@@ -267,16 +257,21 @@ export function charge<const parameters extends charge.Parameters>(
               ...transaction,
               account: transaction.from,
               feeToken: resolvedFeeToken,
-              calls,
+              calls: transaction.calls,
             } as never)
-            const hash = await sendRawTransaction(client, {
+            const reference = await sendRawTransaction(client, {
               serializedTransaction: serializedTransaction_final,
             })
+            // Post-broadcast dedup: same
+            if (reference.toLowerCase() !== hash.toLowerCase()) {
+              await assertHashUnused(store, reference)
+              await markHashUsed(store, reference)
+            }
             return {
               method: 'tempo',
               status: 'success',
               timestamp: new Date().toISOString(),
-              reference: hash,
+              reference,
             } as const
           }
         }
@@ -289,11 +284,20 @@ export function charge<const parameters extends charge.Parameters>(
 }
 
 export declare namespace charge {
+  type StoreItemMap = { [key: `mppx:charge:${string}`]: number }
+
   type Defaults = LooseOmit<Method.RequestDefaults<typeof Methods.charge>, 'feePayer' | 'recipient'>
 
   type Parameters = {
     /** Testnet mode. */
     testnet?: boolean | undefined
+    /**
+     * Store for transaction hash replay protection.
+     *
+     * Use a shared store in multi-instance deployments so consumed hashes are
+     * visible across all server instances.
+     */
+    store?: Store.Store | undefined
     /**
      * Whether to wait for the charge transaction to confirm on-chain before
      * responding. @default true
@@ -318,6 +322,97 @@ export declare namespace charge {
   }
 }
 
+/** @internal */
+function assertTransferLog(
+  receipt: TransactionReceipt,
+  parameters: {
+    amount: string
+    currency: TempoAddress_types.Address
+    from: TempoAddress_types.Address
+    memo: `0x${string}` | undefined
+    recipient: TempoAddress_types.Address
+  },
+): void {
+  const { amount, currency, from, memo, recipient } = parameters
+
+  if (memo) {
+    const memoLogs = parseEventLogs({
+      abi: Abis.tip20,
+      eventName: 'TransferWithMemo',
+      logs: receipt.logs,
+    })
+
+    const match = memoLogs.find(
+      (log) =>
+        TempoAddress.isEqual(log.address, currency) &&
+        TempoAddress.isEqual(log.args.from, from) &&
+        TempoAddress.isEqual(log.args.to, recipient) &&
+        log.args.amount.toString() === amount &&
+        log.args.memo.toLowerCase() === memo.toLowerCase(),
+    )
+
+    if (!match)
+      throw new MismatchError(
+        'Payment verification failed: no matching transfer with memo found.',
+        {
+          amount,
+          currency,
+          memo,
+          recipient,
+        },
+      )
+  } else {
+    const transferLogs = parseEventLogs({
+      abi: Abis.tip20,
+      eventName: 'Transfer',
+      logs: receipt.logs,
+    })
+
+    const memoLogs = parseEventLogs({
+      abi: Abis.tip20,
+      eventName: 'TransferWithMemo',
+      logs: receipt.logs,
+    })
+
+    const match = [...transferLogs, ...memoLogs].find(
+      (log) =>
+        TempoAddress.isEqual(log.address, currency) &&
+        TempoAddress.isEqual(log.args.from, from) &&
+        TempoAddress.isEqual(log.args.to, recipient) &&
+        log.args.amount.toString() === amount,
+    )
+
+    if (!match)
+      throw new MismatchError('Payment verification failed: no matching transfer found.', {
+        amount,
+        currency,
+        recipient,
+      })
+  }
+}
+
+/** @internal */
+function getHashStoreKey(hash: `0x${string}`): `mppx:charge:${string}` {
+  return `mppx:charge:${hash.toLowerCase()}`
+}
+
+/** @internal */
+async function assertHashUnused(
+  store: Store.Store<charge.StoreItemMap>,
+  hash: `0x${string}`,
+): Promise<void> {
+  const seen = await store.get(getHashStoreKey(hash))
+  if (seen !== null) throw new Error('Transaction hash has already been used.')
+}
+
+/** @internal */
+async function markHashUsed(
+  store: Store.Store<charge.StoreItemMap>,
+  hash: `0x${string}`,
+): Promise<void> {
+  await store.put(getHashStoreKey(hash), Date.now())
+}
+
 /** @internal */
 function toReceipt(receipt: TransactionReceipt) {
   const { status, transactionHash } = receipt