[02/03] DeepSec approvals: shared gate and classic permit paths#7838
[02/03] DeepSec approvals: shared gate and classic permit paths#7838fairlighteth wants to merge 2 commits into
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Deploying swap-dev with
|
| Latest commit: |
773c0b9
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://97e9f093.swap-dev-5u6.pages.dev |
| Branch Preview URL: | https://deepsec-approval-permit-02-s.swap-dev-5u6.pages.dev |
Deploying explorer-dev with
|
| Latest commit: |
773c0b9
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://863416d7.explorer-dev-dxz.pages.dev |
| Branch Preview URL: | https://deepsec-approval-permit-02-s.explorer-dev-dxz.pages.dev |
9a7cc91 to
5768811
Compare
1380176 to
b05c1b3
Compare
b05c1b3 to
4b5e4ea
Compare
|
Cross-PR coordination heads-up: #7697 is an older open fix for the same The review on #7697 found that both implementations invoke the approval hook before |
What changed
callOnBeforeApprovalWidgetHookhelper for approval-policy payloads.Why
DeepSec findings addressed
Permit approval path bypasses injected widget onBeforeApproval hook: permit-capable swaps could start permit signing before the widget integrator had a chance to reject the approval operation. Permit generation now passes through the same approval gate as the classic on-chain path.Unknown allowance is treated as approval not needed: an unresolved allowance read could temporarily suppress a required approval. The hook now keeps approval required until the allowance value is available.Review guide
develop <- #7837 <- #7838 <- #7839.deepsec/approval-permit-01-cache-storage; review this diff against [01/03] DeepSec approvals: permit cache and token identity #7837, notdevelop.QA Testing
Developer verification on
4b5e4ea43:cowswap-frontendTypeScript check passed.CI status on the amended head:
Known QA gaps
Preview URLs