mppx 0.5.13 → 0.5.14

package/src/tempo/internal/fee-payer.test.ts

@@ -12,6 +12,13 @@ import * as Selectors from './selectors.js'
 
 const details = { amount: '1', currency: '0x01', recipient: '0x02' }
 const bogus = '0x0000000000000000000000000000000000000001' as const
+const swapTokenIn = '0x0000000000000000000000000000000000000003' as const
+const swapTokenOut = '0x0000000000000000000000000000000000000004' as const
+const swapData = encodeFunctionData({
+  abi: Abis.stablecoinDex,
+  functionName: 'swapExactAmountOut',
+  args: [swapTokenIn, swapTokenOut, 100n, 100n],
+})
 const sponsor = { address: bogus, type: 'local' } as any
 
 describe('callScopes', () => {
@@ -48,11 +55,11 @@ describe('validateCalls', () => {
   })
 
   test('accepts approve + buy + transfer', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
@@ -61,7 +68,7 @@ describe('validateCalls', () => {
           },
           {
             to: Addresses.stablecoinDex,
-            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+            data: swapData,
           },
           {
             data: encodeFunctionData({
@@ -77,11 +84,11 @@ describe('validateCalls', () => {
   })
 
   test('accepts multiple transfers after swap prefix', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
@@ -90,7 +97,7 @@ describe('validateCalls', () => {
           },
           {
             to: Addresses.stablecoinDex,
-            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+            data: swapData,
           },
           {
             data: encodeFunctionData({
@@ -142,7 +149,6 @@ describe('validateCalls', () => {
   })
 
   test('error: rejects wrong order (transfer before approve + buy)', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
@@ -154,6 +160,7 @@ describe('validateCalls', () => {
             }),
           },
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
@@ -162,7 +169,7 @@ describe('validateCalls', () => {
           },
           {
             to: Addresses.stablecoinDex,
-            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+            data: swapData,
           },
         ],
         details,
@@ -171,11 +178,11 @@ describe('validateCalls', () => {
   })
 
   test('error: rejects approve with non-DEX spender', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
@@ -184,7 +191,7 @@ describe('validateCalls', () => {
           },
           {
             to: Addresses.stablecoinDex,
-            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+            data: swapData,
           },
           {
             data: encodeFunctionData({
@@ -199,19 +206,48 @@ describe('validateCalls', () => {
     ).toThrow('approve spender is not the DEX')
   })
 
+  test('behavior: rejects approve targeting a non-token contract', () => {
+    expect(() =>
+      validateCalls(
+        [
+          {
+            to: bogus,
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'approve',
+              args: [Addresses.stablecoinDex, 100n],
+            }),
+          },
+          {
+            to: Addresses.stablecoinDex,
+            data: swapData,
+          },
+          {
+            data: encodeFunctionData({
+              abi: Abis.tip20,
+              functionName: 'transfer',
+              args: [bogus, 100n],
+            }),
+          },
+        ],
+        details,
+      ),
+    ).toThrow(FeePayerValidationError)
+  })
+
   test('error: rejects buy targeting non-DEX address', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
               args: [Addresses.stablecoinDex, 100n],
             }),
           },
-          { to: bogus, data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}` },
+          { to: bogus, data: swapData },
           {
             data: encodeFunctionData({
               abi: Abis.tip20,
@@ -226,11 +262,11 @@ describe('validateCalls', () => {
   })
 
   test('error: rejects approve + buy without transfer', () => {
-    const swapSelector = Selectors.swapExactAmountOut
     expect(() =>
       validateCalls(
         [
           {
+            to: swapTokenIn,
             data: encodeFunctionData({
               abi: Abis.tip20,
               functionName: 'approve',
@@ -239,7 +275,7 @@ describe('validateCalls', () => {
           },
           {
             to: Addresses.stablecoinDex,
-            data: `${swapSelector}${'00'.repeat(128)}` as `0x${string}`,
+            data: swapData,
           },
         ],
         details,

package/src/tempo/internal/fee-payer.ts

@@ -98,14 +98,25 @@ export function validateCalls(
     throw new FeePayerValidationError('disallowed call pattern in fee-payer transaction', details)
   }
 
-  // Validate approve spender and buy target are the DEX.
+  // Bind the swap approval to the token the DEX call will actually spend.
+  const buyCall = calls.find((c) => c.data?.slice(0, 10) === Selectors.swapExactAmountOut)
+  const buyArgs = buyCall
+    ? (decodeFunctionData({ abi: Abis.stablecoinDex, data: buyCall.data! }).args as [
+        `0x${string}`,
+        `0x${string}`,
+        bigint,
+        bigint,
+      ])
+    : undefined
+
   const approveCall = calls.find((c) => c.data?.slice(0, 10) === Selectors.approve)
   if (approveCall) {
     const { args } = decodeFunctionData({ abi: Abis.tip20, data: approveCall.data! })
+    if (!approveCall.to || (buyArgs && !TempoAddress_internal.isEqual(approveCall.to, buyArgs[0])))
+      throw new FeePayerValidationError('approve target does not match swap tokenIn', details)
     if (!TempoAddress_internal.isEqual((args as [`0x${string}`])[0]!, Addresses.stablecoinDex))
       throw new FeePayerValidationError('approve spender is not the DEX', details)
   }
-  const buyCall = calls.find((c) => c.data?.slice(0, 10) === Selectors.swapExactAmountOut)
   if (
     buyCall &&
     (!buyCall.to || !TempoAddress_internal.isEqual(buyCall.to, Addresses.stablecoinDex))

package/src/tempo/server/Charge.test.ts

@@ -1504,6 +1504,79 @@ describe('tempo', () => {
       httpServer.close()
     })
 
+    test('behavior: fee payer simulates before broadcasting in confirmation mode', async () => {
+      const rpcMethods: string[] = []
+      const interceptingClient = createClient({
+        account: accounts[0],
+        chain: client.chain,
+        transport: custom({
+          async request(args: any) {
+            rpcMethods.push(args.method)
+            return client.transport.request(args)
+          },
+        }),
+      })
+
+      const serverWithRpcTrace = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return interceptingClient
+            },
+            currency: asset,
+            account: accounts[0],
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+
+      const mppx = Mppx_client.create({
+        polyfill: false,
+        methods: [
+          tempo_client({
+            account: accounts[1],
+            getClient() {
+              return client
+            },
+          }),
+        ],
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          serverWithRpcTrace.charge({
+            feePayer: accounts[0],
+            amount: '1',
+            currency: asset,
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const challengeResponse = await fetch(httpServer.url)
+      expect(challengeResponse.status).toBe(402)
+
+      const credential = await mppx.createCredential(challengeResponse)
+      rpcMethods.length = 0
+
+      const authResponse = await fetch(httpServer.url, {
+        headers: { Authorization: credential },
+      })
+      expect(authResponse.status).toBe(200)
+
+      const broadcastIndex = rpcMethods.indexOf('eth_sendRawTransactionSync')
+      const simulationIndex = rpcMethods.indexOf('eth_call')
+
+      expect(broadcastIndex).toBeGreaterThan(-1)
+      expect(simulationIndex).toBeGreaterThan(-1)
+      expect(simulationIndex).toBeLessThan(broadcastIndex)
+
+      httpServer.close()
+    })
+
     test('behavior: fee payer with splits', async () => {
       const mppx = Mppx_client.create({
         polyfill: false,

package/src/tempo/server/Charge.ts

@@ -326,6 +326,12 @@ export function charge<const parameters extends charge.Parameters>(
             })()
 
             if (waitForConfirmation) {
+              await viem_call(client, {
+                ...transaction,
+                account: transaction.from,
+                feeToken: resolvedFeeToken,
+                calls: transaction.calls,
+              } as never)
               const receipt = await sendRawTransactionSync(client, {
                 serializedTransaction: serializedTransaction_final,
               })

package/src/tempo/server/Session.test.ts

@@ -149,6 +149,40 @@ describe.runIf(isLocalnet)('session', () => {
       expect(ch!.highestVoucherAmount).toBe(1000000n)
     })
 
+    test('fee-payer policy override is enforced for sponsored open', async () => {
+      const salt = nextSalt()
+      const { channelId, serializedTransaction } = await signOpenChannel({
+        escrow: escrowContract,
+        payer,
+        payee: recipient,
+        token: currency,
+        deposit: 10000000n,
+        salt,
+        feePayer: true,
+      })
+      const server = createServer({
+        feePayer: recipientAccount,
+        feePayerPolicy: { maxGas: 1n },
+      })
+
+      await expect(
+        server.verify({
+          credential: {
+            challenge: makeChallenge({ channelId }),
+            payload: {
+              action: 'open' as const,
+              type: 'transaction' as const,
+              channelId,
+              transaction: serializedTransaction,
+              cumulativeAmount: '1000000',
+              signature: await signTestVoucher(channelId, 1000000n),
+            },
+          },
+          request: makeRequest({ feePayer: true }),
+        }),
+      ).rejects.toThrow('gas exceeds sponsor policy')
+    })
+
     test('rejects open when payee mismatch', async () => {
       const wrongPayee = accounts[3].address
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n, {
@@ -299,6 +333,66 @@ describe.runIf(isLocalnet)('session', () => {
       expect(ch!.highestVoucherAmount).toBe(1000000n)
     })
 
+    test('reopen with a case-variant channelId does not reset available balance', async () => {
+      let open:
+        | {
+            channelId: Hex
+            serializedTransaction: Hex
+          }
+        | undefined
+      for (let i = 0; i < 10; i++) {
+        const candidate = await createSignedOpenTransaction(10000000n)
+        if (/[a-f]/.test(candidate.channelId)) {
+          open = candidate
+          break
+        }
+      }
+      if (!open) throw new Error('failed to generate channelId with alphabetic hex characters')
+
+      const { channelId, serializedTransaction } = open
+      const caseVariantChannelId = channelId.replace(/[a-f]/, (character) =>
+        character.toUpperCase(),
+      ) as Hex
+      const server = createServer()
+
+      await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'open-1', channelId }),
+          payload: {
+            action: 'open' as const,
+            type: 'transaction' as const,
+            channelId,
+            transaction: serializedTransaction,
+            cumulativeAmount: '5000000',
+            signature: await signTestVoucher(channelId, 5000000n),
+          },
+        },
+        request: makeRequest(),
+      })
+
+      await charge(store, channelId, 4000000n)
+
+      const reopenReceipt = (await server.verify({
+        credential: {
+          challenge: makeChallenge({ id: 'open-2', channelId: caseVariantChannelId }),
+          payload: {
+            action: 'open' as const,
+            type: 'transaction' as const,
+            channelId: caseVariantChannelId,
+            transaction: serializedTransaction,
+            cumulativeAmount: '5000000',
+            signature: await signTestVoucher(caseVariantChannelId, 5000000n),
+          },
+        },
+        request: makeRequest(),
+      })) as SessionReceipt
+
+      expect(reopenReceipt.spent).toBe('4000000')
+      await expect(charge(store, caseVariantChannelId, 2000000n)).rejects.toThrow(
+        'requested 2000000, available 1000000',
+      )
+    })
+
     test('rejects voucher below settledOnChain', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const server = createServer()
@@ -1036,6 +1130,40 @@ describe.runIf(isLocalnet)('session', () => {
       expect(ch!.deposit).toBe(20000000n)
     })
 
+    test('fee-payer policy override is enforced for sponsored topUp', async () => {
+      const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
+      const server = createServer({
+        feePayer: recipientAccount,
+        feePayerPolicy: { maxGas: 1n },
+      })
+      await openServerChannel(server, channelId, serializedTransaction)
+
+      const { serializedTransaction: topUpTx } = await signTopUpChannel({
+        escrow: escrowContract,
+        payer,
+        channelId,
+        token: currency,
+        amount: 10000000n,
+        feePayer: true,
+      })
+
+      await expect(
+        server.verify({
+          credential: {
+            challenge: makeChallenge({ id: 'challenge-topup-policy', channelId }),
+            payload: {
+              action: 'topUp' as const,
+              type: 'transaction' as const,
+              channelId,
+              transaction: topUpTx,
+              additionalDeposit: '10000000',
+            },
+          },
+          request: makeRequest({ feePayer: true }),
+        }),
+      ).rejects.toThrow('gas exceeds sponsor policy')
+    })
+
     test('topUp receipt preserves spent and units from prior charges', async () => {
       const { channelId, serializedTransaction } = await createSignedOpenTransaction(10000000n)
       const server = createServer()
@@ -4514,7 +4642,7 @@ function makeChallenge(opts: { id?: string; channelId: Hex }) {
   } as Challenge.Challenge<z.output<typeof Methods.session.schema.request>, 'session', 'tempo'>
 }
 
-function makeRequest() {
+function makeRequest(overrides: Partial<Record<string, unknown>> = {}) {
   return {
     amount: '1000000',
     unitType: 'token',
@@ -4523,6 +4651,7 @@ function makeRequest() {
     recipient: recipient as string,
     escrowContract: escrowContract as string,
     chainId: chain.id,
+    ...overrides,
   }
 }