mppx 0.5.13 → 0.5.16

package/src/tempo/session/Chain.test.ts

@@ -1,5 +1,5 @@
-import { type Address, encodeFunctionData, erc20Abi, type Hex } from 'viem'
-import { waitForTransactionReceipt } from 'viem/actions'
+import { type Address, encodeFunctionData, erc20Abi, type Hex, zeroAddress } from 'viem'
+import { prepareTransactionRequest, signTransaction, waitForTransactionReceipt } from 'viem/actions'
 import { Addresses, Transaction } from 'viem/tempo'
 import { beforeAll, describe, expect, test } from 'vp/test'
 import { nodeEnv } from '~test/config.js'
@@ -17,10 +17,12 @@ import {
   broadcastOpenTransaction,
   broadcastTopUpTransaction,
   closeOnChain,
+  escrowAbi,
   getOnChainChannel,
   settleOnChain,
   verifyTopUpTransaction,
 } from './Chain.js'
+import * as Channel from './Channel.js'
 import { signVoucher } from './Voucher.js'
 
 const isLocalnet = nodeEnv === 'localnet'
@@ -397,6 +399,116 @@ describe.runIf(isLocalnet)('on-chain', () => {
       ).rejects.toThrow('Only Tempo (0x76/0x78) transactions are supported')
     })
 
+    test('fee-payer: rejects transactions whose gas budget exceeds sponsor policy', async () => {
+      const salt = nextSalt()
+      const deposit = 5_000_000n
+
+      const approveData = encodeFunctionData({
+        abi: erc20Abi,
+        functionName: 'approve',
+        args: [escrowContract, deposit],
+      })
+      const openData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'open',
+        args: [recipient, currency, deposit, salt, zeroAddress],
+      })
+
+      const channelId = Channel.computeId({
+        authorizedSigner: zeroAddress,
+        chainId: chain.id,
+        escrowContract,
+        payee: recipient,
+        payer: payer.address,
+        salt,
+        token: currency,
+      }) as Hex
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: payer,
+        calls: [
+          { to: currency, data: approveData },
+          { to: escrowContract, data: openData },
+        ],
+        feePayer: true,
+        feeToken: currency,
+      } as never)
+      prepared.gas = 2_000_001n
+
+      const serializedTransaction = await signTransaction(client, prepared as never)
+
+      await expect(
+        broadcastOpenTransaction({
+          client,
+          serializedTransaction: serializedTransaction as Hex,
+          escrowContract,
+          channelId,
+          recipient,
+          currency,
+          feePayer: accounts[0],
+        }),
+      ).rejects.toThrow('gas exceeds sponsor policy')
+    })
+
+    test('fee-payer: rejects smuggled second open call', async () => {
+      const deposit = 5_000_000n
+      const smuggledDeposit = 7_000_000n
+      const salt = nextSalt()
+      const smuggledSalt = nextSalt()
+
+      const approveData = encodeFunctionData({
+        abi: erc20Abi,
+        functionName: 'approve',
+        args: [escrowContract, deposit + smuggledDeposit],
+      })
+      const openData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'open',
+        args: [recipient, currency, deposit, salt, zeroAddress],
+      })
+      const smuggledOpenData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'open',
+        args: [accounts[3].address, currency, smuggledDeposit, smuggledSalt, zeroAddress],
+      })
+
+      const channelId = Channel.computeId({
+        authorizedSigner: zeroAddress,
+        chainId: chain.id,
+        escrowContract,
+        payee: recipient,
+        payer: payer.address,
+        salt,
+        token: currency,
+      }) as Hex
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: payer,
+        calls: [
+          { to: currency, data: approveData },
+          { to: escrowContract, data: openData },
+          { to: escrowContract, data: smuggledOpenData },
+        ],
+        feePayer: true,
+        feeToken: currency,
+      } as never)
+      prepared.gas = prepared.gas! + 5_000n
+
+      const serializedTransaction = await signTransaction(client, prepared as never)
+
+      await expect(
+        broadcastOpenTransaction({
+          client,
+          serializedTransaction: serializedTransaction as Hex,
+          escrowContract,
+          channelId,
+          recipient,
+          currency,
+          feePayer: accounts[0],
+        }),
+      ).rejects.toThrow('fee-sponsored open transaction contains a smuggled call')
+    })
+
     test('duplicate broadcast returns fallback with txHash undefined', async () => {
       const salt = nextSalt()
       const deposit = 5_000_000n
@@ -727,6 +839,117 @@ describe.runIf(isLocalnet)('on-chain', () => {
         }),
       ).rejects.toThrow('Only Tempo (0x76/0x78) transactions are supported')
     })
+
+    test('fee-payer: rejects topUp transactions whose gas budget exceeds sponsor policy', async () => {
+      const salt = nextSalt()
+      const deposit = 5_000_000n
+      const topUpAmount = 3_000_000n
+
+      const { channelId } = await openChannel({
+        escrow: escrowContract,
+        payer,
+        payee: recipient,
+        token: currency,
+        deposit,
+        salt,
+      })
+
+      const approveData = encodeFunctionData({
+        abi: erc20Abi,
+        functionName: 'approve',
+        args: [escrowContract, topUpAmount],
+      })
+      const topUpData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'topUp',
+        args: [channelId, topUpAmount],
+      })
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: payer,
+        calls: [
+          { to: currency, data: approveData },
+          { to: escrowContract, data: topUpData },
+        ],
+        feePayer: true,
+        feeToken: currency,
+      } as never)
+      prepared.gas = 2_000_001n
+
+      const serializedTransaction = await signTransaction(client, prepared as never)
+
+      await expect(
+        broadcastTopUpTransaction({
+          client,
+          serializedTransaction: serializedTransaction as Hex,
+          escrowContract,
+          channelId,
+          currency: asset,
+          declaredDeposit: topUpAmount,
+          previousDeposit: deposit,
+          feePayer: accounts[0],
+        }),
+      ).rejects.toThrow('gas exceeds sponsor policy')
+    })
+
+    test('fee-payer: rejects smuggled second topUp call', async () => {
+      const salt = nextSalt()
+      const deposit = 5_000_000n
+      const topUpAmount = 3_000_000n
+      const smuggledAmount = 4_000_000n
+
+      const { channelId } = await openChannel({
+        escrow: escrowContract,
+        payer,
+        payee: recipient,
+        token: currency,
+        deposit,
+        salt,
+      })
+
+      const approveData = encodeFunctionData({
+        abi: erc20Abi,
+        functionName: 'approve',
+        args: [escrowContract, topUpAmount + smuggledAmount],
+      })
+      const topUpData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'topUp',
+        args: [channelId, topUpAmount],
+      })
+      const smuggledTopUpData = encodeFunctionData({
+        abi: escrowAbi,
+        functionName: 'topUp',
+        args: [channelId, smuggledAmount],
+      })
+
+      const prepared = await prepareTransactionRequest(client, {
+        account: payer,
+        calls: [
+          { to: currency, data: approveData },
+          { to: escrowContract, data: topUpData },
+          { to: escrowContract, data: smuggledTopUpData },
+        ],
+        feePayer: true,
+        feeToken: currency,
+      } as never)
+      prepared.gas = prepared.gas! + 5_000n
+
+      const serializedTransaction = await signTransaction(client, prepared as never)
+
+      await expect(
+        broadcastTopUpTransaction({
+          client,
+          serializedTransaction: serializedTransaction as Hex,
+          escrowContract,
+          channelId,
+          currency: asset,
+          declaredDeposit: topUpAmount,
+          previousDeposit: deposit,
+          feePayer: accounts[0],
+        }),
+      ).rejects.toThrow('fee-sponsored topUp transaction contains a smuggled call')
+    })
   })
 
   describe('settleOnChain', () => {

package/src/tempo/session/Chain.ts

@@ -4,6 +4,7 @@ import {
   type Client,
   decodeFunctionData,
   encodeFunctionData,
+  erc20Abi,
   getAbiItem,
   type Hex,
   type ReadContractReturnType,
@@ -23,7 +24,7 @@ import { Transaction } from 'viem/tempo'
 import { BadRequestError, ChannelClosedError, VerificationFailedError } from '../../Errors.js'
 import * as TempoAddress from '../internal/address.js'
 import * as defaults from '../internal/defaults.js'
-import { isTempoTransaction } from '../internal/fee-payer.js'
+import * as FeePayer from '../internal/fee-payer.js'
 import * as Channel from './Channel.js'
 import { escrowAbi } from './escrow.abi.js'
 import type { SignedVoucher } from './Types.js'
@@ -230,6 +231,159 @@ export type BroadcastResult = {
   onChain: OnChainChannel
 }
 
+type TempoCall = NonNullable<ReturnType<(typeof Transaction)['deserialize']>['calls']>[number]
+
+function assertCallHasTargetAndData(call: TempoCall): { to: Address; data: Hex } {
+  if (!call.to || !call.data) {
+    throw new BadRequestError({
+      reason: 'fee-sponsored transactions must not contain calls without target or data',
+    })
+  }
+  return { to: call.to, data: call.data }
+}
+
+function validateSponsoredApproveCall(parameters: {
+  action: 'open' | 'topUp'
+  call: TempoCall
+  currency: Address
+  escrowContract: Address
+  expectedAmount: bigint
+}) {
+  const { action, call, currency, escrowContract, expectedAmount } = parameters
+  const { to, data } = assertCallHasTargetAndData(call)
+
+  if (!TempoAddress.isEqual(to, currency) || data.slice(0, 10) !== erc20ApproveSelector) {
+    throw new BadRequestError({
+      reason: `fee-sponsored ${action} transaction contains an unauthorized call`,
+    })
+  }
+
+  const { args } = decodeFunctionData({ abi: erc20Abi, data })
+  const [spender, amount] = args as readonly [Address, bigint]
+
+  if (!TempoAddress.isEqual(spender, escrowContract)) {
+    throw new BadRequestError({
+      reason: `fee-sponsored ${action} transaction approve spender does not match escrow contract`,
+    })
+  }
+
+  if (amount !== expectedAmount) {
+    throw new BadRequestError({
+      reason: `fee-sponsored ${action} transaction approve amount does not match requested amount`,
+    })
+  }
+}
+
+function validateSponsoredOpenCalls(parameters: {
+  calls: readonly TempoCall[]
+  currency: Address
+  escrowContract: Address
+  deposit: bigint
+}) {
+  const { calls, currency, escrowContract, deposit } = parameters
+
+  let openCall: TempoCall | undefined
+  let approveCall: TempoCall | undefined
+
+  for (const call of calls) {
+    const { to, data } = assertCallHasTargetAndData(call)
+    const selector = data.slice(0, 10)
+    const isOpen = TempoAddress.isEqual(to, escrowContract) && selector === escrowOpenSelector
+    const isApprove = TempoAddress.isEqual(to, currency) && selector === erc20ApproveSelector
+
+    if (isApprove) {
+      if (approveCall || openCall) {
+        throw new BadRequestError({
+          reason: 'fee-sponsored open transaction contains a smuggled call',
+        })
+      }
+      approveCall = call
+      continue
+    }
+
+    if (isOpen) {
+      if (openCall) {
+        throw new BadRequestError({
+          reason: 'fee-sponsored open transaction contains a smuggled call',
+        })
+      }
+      openCall = call
+      continue
+    }
+
+    throw new BadRequestError({
+      reason: 'fee-sponsored open transaction contains an unauthorized call',
+    })
+  }
+
+  if (approveCall) {
+    validateSponsoredApproveCall({
+      action: 'open',
+      call: approveCall,
+      currency,
+      escrowContract,
+      expectedAmount: deposit,
+    })
+  }
+
+  return openCall
+}
+
+function validateSponsoredTopUpCalls(parameters: {
+  calls: readonly TempoCall[]
+  currency: Address
+  escrowContract: Address
+  topUpAmount: bigint
+}) {
+  const { calls, currency, escrowContract, topUpAmount } = parameters
+
+  let topUpCall: TempoCall | undefined
+  let approveCall: TempoCall | undefined
+
+  for (const call of calls) {
+    const { to, data } = assertCallHasTargetAndData(call)
+    const selector = data.slice(0, 10)
+    const isTopUp = TempoAddress.isEqual(to, escrowContract) && selector === escrowTopUpSelector
+    const isApprove = TempoAddress.isEqual(to, currency) && selector === erc20ApproveSelector
+
+    if (isApprove) {
+      if (approveCall || topUpCall) {
+        throw new BadRequestError({
+          reason: 'fee-sponsored topUp transaction contains a smuggled call',
+        })
+      }
+      approveCall = call
+      continue
+    }
+
+    if (isTopUp) {
+      if (topUpCall) {
+        throw new BadRequestError({
+          reason: 'fee-sponsored topUp transaction contains a smuggled call',
+        })
+      }
+      topUpCall = call
+      continue
+    }
+
+    throw new BadRequestError({
+      reason: 'fee-sponsored topUp transaction contains an unauthorized call',
+    })
+  }
+
+  if (approveCall) {
+    validateSponsoredApproveCall({
+      action: 'topUp',
+      call: approveCall,
+      currency,
+      escrowContract,
+      expectedAmount: topUpAmount,
+    })
+  }
+
+  return topUpCall
+}
+
 export async function broadcastOpenTransaction(parameters: {
   client: Client
   serializedTransaction: Hex
@@ -237,6 +391,8 @@ export async function broadcastOpenTransaction(parameters: {
   channelId: Hex
   recipient: Address
   currency: Address
+  challengeExpires?: string | undefined
+  feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   feePayer?: Account | undefined
   /** When false, simulates instead of waiting for confirmation and returns derived on-chain state. @default true */
   waitForConfirmation?: boolean | undefined
@@ -248,11 +404,13 @@ export async function broadcastOpenTransaction(parameters: {
     channelId,
     recipient,
     currency,
+    challengeExpires,
+    feePayerPolicy,
     feePayer,
     waitForConfirmation = true,
   } = parameters
 
-  if (feePayer && !isTempoTransaction(serializedTransaction))
+  if (feePayer && !FeePayer.isTempoTransaction(serializedTransaction))
     throw new BadRequestError({
       reason: 'Only Tempo (0x76/0x78) transactions are supported',
     })
@@ -265,37 +423,40 @@ export async function broadcastOpenTransaction(parameters: {
 
   const calls = transaction.calls ?? []
 
-  const openCall = calls.find((call) => {
-    if (!call.to || !TempoAddress.isEqual(call.to, escrowContract)) return false
-    if (!call.data) return false
-    return call.data.slice(0, 10) === escrowOpenSelector
-  })
+  const sponsoredOpenCall = feePayer
+    ? validateSponsoredOpenCalls({
+        calls,
+        currency,
+        escrowContract,
+        deposit: (() => {
+          const candidate = calls.find((call) => {
+            if (!call.to || !TempoAddress.isEqual(call.to, escrowContract)) return false
+            if (!call.data) return false
+            return call.data.slice(0, 10) === escrowOpenSelector
+          })
+          if (!candidate?.data)
+            throw new BadRequestError({
+              reason: 'transaction does not contain a valid escrow open call',
+            })
+          const { args } = decodeFunctionData({ abi: escrowAbi, data: candidate.data })
+          return (args as readonly [Address, Address, bigint, Hex, Address])[2]
+        })(),
+      })
+    : undefined
+
+  const openCall =
+    sponsoredOpenCall ??
+    calls.find((call) => {
+      if (!call.to || !TempoAddress.isEqual(call.to, escrowContract)) return false
+      if (!call.data) return false
+      return call.data.slice(0, 10) === escrowOpenSelector
+    })
 
   if (!openCall)
     throw new BadRequestError({
       reason: 'transaction does not contain a valid escrow open call',
     })
 
-  if (feePayer) {
-    for (const call of calls) {
-      if (!call.to || !call.data) {
-        throw new BadRequestError({
-          reason: 'fee-sponsored transactions must not contain calls without target or data',
-        })
-      }
-      const selector = call.data.slice(0, 10)
-      const isEscrowOpen =
-        TempoAddress.isEqual(call.to, escrowContract) && selector === escrowOpenSelector
-      const isTokenApprove =
-        TempoAddress.isEqual(call.to, currency) && selector === erc20ApproveSelector
-      if (!isEscrowOpen && !isTokenApprove) {
-        throw new BadRequestError({
-          reason: 'fee-sponsored open transaction contains an unauthorized call',
-        })
-      }
-    }
-  }
-
   const { args: openArgs } = decodeFunctionData({ abi: escrowAbi, data: openCall.data! })
   const [payee, token, deposit, salt, authorizedSigner] = openArgs as readonly [
     Address,
@@ -337,12 +498,24 @@ export async function broadcastOpenTransaction(parameters: {
 
   const serializedTransaction_final = await (async () => {
     if (feePayer) {
-      return signTransaction(client, {
-        ...transaction,
+      if (!sponsoredOpenCall)
+        throw new BadRequestError({
+          reason: 'transaction does not contain a valid escrow open call',
+        })
+
+      const sponsored = FeePayer.prepareSponsoredTransaction({
         account: feePayer,
-        feePayer,
-        feeToken: resolvedFeeToken,
-      } as never)
+        challengeExpires,
+        chainId: client.chain!.id,
+        details: { channelId, currency, recipient },
+        expectedFeeToken: defaults.currency[client.chain?.id as keyof typeof defaults.currency],
+        policy: feePayerPolicy,
+        transaction: {
+          ...transaction,
+          ...(resolvedFeeToken ? { feeToken: resolvedFeeToken } : {}),
+        },
+      })
+      return signTransaction(client, sponsored as never)
     }
     return serializedTransaction
   })()
@@ -407,6 +580,8 @@ export async function broadcastTopUpTransaction(parameters: {
   currency: Address
   declaredDeposit: bigint
   previousDeposit: bigint
+  challengeExpires?: string | undefined
+  feePayerPolicy?: Partial<FeePayer.Policy> | undefined
   feePayer?: Account | undefined
 }): Promise<{ txHash: Hex; newDeposit: bigint }> {
   const {
@@ -417,10 +592,12 @@ export async function broadcastTopUpTransaction(parameters: {
     currency,
     declaredDeposit,
     previousDeposit,
+    challengeExpires,
+    feePayerPolicy,
     feePayer,
   } = parameters
 
-  if (feePayer && !isTempoTransaction(serializedTransaction))
+  if (feePayer && !FeePayer.isTempoTransaction(serializedTransaction))
     throw new BadRequestError({
       reason: 'Only Tempo (0x76/0x78) transactions are supported',
     })
@@ -433,37 +610,28 @@ export async function broadcastTopUpTransaction(parameters: {
 
   const calls = transaction.calls ?? []
 
-  const topUpCall = calls.find((call) => {
-    if (!call.to || !TempoAddress.isEqual(call.to, escrowContract)) return false
-    if (!call.data) return false
-    return call.data.slice(0, 10) === escrowTopUpSelector
-  })
+  const sponsoredTopUpCall = feePayer
+    ? validateSponsoredTopUpCalls({
+        calls,
+        currency,
+        escrowContract,
+        topUpAmount: declaredDeposit,
+      })
+    : undefined
+
+  const topUpCall =
+    sponsoredTopUpCall ??
+    calls.find((call) => {
+      if (!call.to || !TempoAddress.isEqual(call.to, escrowContract)) return false
+      if (!call.data) return false
+      return call.data.slice(0, 10) === escrowTopUpSelector
+    })
 
   if (!topUpCall)
     throw new BadRequestError({
       reason: 'transaction does not contain a valid escrow topUp call',
     })
 
-  if (feePayer) {
-    for (const call of calls) {
-      if (!call.to || !call.data) {
-        throw new BadRequestError({
-          reason: 'fee-sponsored transactions must not contain calls without target or data',
-        })
-      }
-      const selector = call.data.slice(0, 10)
-      const isEscrowTopUp =
-        TempoAddress.isEqual(call.to, escrowContract) && selector === escrowTopUpSelector
-      const isTokenApprove =
-        TempoAddress.isEqual(call.to, currency) && selector === erc20ApproveSelector
-      if (!isEscrowTopUp && !isTokenApprove) {
-        throw new BadRequestError({
-          reason: 'fee-sponsored topUp transaction contains an unauthorized call',
-        })
-      }
-    }
-  }
-
   const { args: topUpArgs } = decodeFunctionData({ abi: escrowAbi, data: topUpCall.data! })
   const [txChannelId, txAmount] = topUpArgs as [Hex, bigint]
 
@@ -480,14 +648,31 @@ export async function broadcastTopUpTransaction(parameters: {
 
   const serializedTransaction_final = await (async () => {
     if (feePayer) {
-      return signTransaction(client, {
-        ...transaction,
+      if (!sponsoredTopUpCall)
+        throw new BadRequestError({
+          reason: 'transaction does not contain a valid escrow topUp call',
+        })
+
+      const expectedFeeToken = defaults.currency[client.chain?.id as keyof typeof defaults.currency]
+      const sponsored = FeePayer.prepareSponsoredTransaction({
         account: feePayer,
-        feePayer,
-        feeToken:
-          transaction.feeToken ??
-          defaults.currency[client.chain?.id as keyof typeof defaults.currency],
-      } as never)
+        challengeExpires,
+        chainId: client.chain!.id,
+        details: {
+          additionalDeposit: declaredDeposit.toString(),
+          channelId,
+          currency,
+        },
+        expectedFeeToken,
+        policy: feePayerPolicy,
+        transaction: {
+          ...transaction,
+          ...((transaction.feeToken ?? expectedFeeToken)
+            ? { feeToken: transaction.feeToken ?? expectedFeeToken }
+            : {}),
+        },
+      })
+      return signTransaction(client, sponsored as never)
     }
     return serializedTransaction
   })()

package/src/tempo/session/ChannelStore.test.ts

@@ -7,6 +7,10 @@ import * as ChannelStore from './ChannelStore.js'
 
 const channelId = '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex
 const channelId2 = '0x0000000000000000000000000000000000000000000000000000000000000002' as Hex
+const lowerCaseAliasChannelId = `0x${'ab'.repeat(31)}cd` as Hex
+const mixedCaseAliasChannelId = lowerCaseAliasChannelId.replace(/[a-f]/g, (character, index) =>
+  index % 2 === 0 ? character.toUpperCase() : character,
+) as Hex
 
 function makeChannel(overrides?: Partial<ChannelStore.State>): ChannelStore.State {
   return {
@@ -112,6 +116,25 @@ describe('channelStore', () => {
       expect(typeof loaded!.deposit).toBe('bigint')
       expect(typeof loaded!.createdAt).toBe('string')
     })
+
+    test('treats case-variant channelIds as the same record', async () => {
+      const cs = ChannelStore.fromStore(Store.memory())
+      await cs.updateChannel(mixedCaseAliasChannelId, () =>
+        makeChannel({ channelId: mixedCaseAliasChannelId }),
+      )
+
+      const loaded = await cs.getChannel(lowerCaseAliasChannelId)
+      expect(loaded).not.toBeNull()
+      expect(loaded!.channelId).toBe(lowerCaseAliasChannelId)
+
+      await cs.updateChannel(lowerCaseAliasChannelId, (current) =>
+        current ? { ...current, spent: 1_000_000n } : null,
+      )
+
+      const aliased = await cs.getChannel(mixedCaseAliasChannelId)
+      expect(aliased!.channelId).toBe(lowerCaseAliasChannelId)
+      expect(aliased!.spent).toBe(1_000_000n)
+    })
   })
 
   describe('updateChannel', () => {