fee-payer: enforce call pattern and gas policy#135
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 26587f0e4e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| normalized_calls.append(("0x" + call_to_raw.hex(), call_value, call_data_raw.hex())) | ||
|
|
||
| _validate_normalized_calls(normalized_calls, request) |
There was a problem hiding this comment.
_validate_transaction_payload is called for every charge flow (_verify_transaction, line 721), but it now always invokes _validate_normalized_calls, which enforces the sponsored-only approve/swap/transfer pattern and rejects any extra calls. This introduces false negatives for non-fee-payer (methodDetails.feePayer == false) transactions that still include a valid payment transfer, because they are now rejected before broadcast even though downstream receipt verification could succeed. The new scope restriction should be conditioned on sponsored requests to avoid breaking existing unsponsored transaction patterns.
Useful? React with 👍 / 👎.
1 participant
Summary