feat(predict): add Permit2 fee authorization support

[matallui]

Description

Adds Permit2 SignatureTransfer fee authorization as an alternative to Safe execTransaction for fee collection. Feature-flagged OFF by default via permit2Enabled and executors fields on the fee collection remote config.

How it works:
When permit2Enabled is true, executors are configured, AND the user's Safe has approved USDC to the Permit2 contract:

1. A Permit2 PermitTransferFrom signature is created (EIP-1271 wrapped for Safe)
2. A random executor is selected from the configured list
3. Both are sent to the relayer alongside the CLOB order

Fallback behavior: If any condition is not met (flag off, no executors, no Permit2 allowance), the existing Safe transaction fee authorization is used. Zero behavior change for existing users.

Conditional approval: The Permit2 USDC approval is only bundled into deposit transactions when permit2Enabled is true — existing users without the flag don't get an extra approval transaction.

Key additions:

• Permit2FeeAuthorization type with safe-permit2 discriminator
• getPermit2Nonce() — bitmap-based nonce reading from Permit2 contract
• createPermit2FeeAuthorization() — EIP-1271 wrapped Permit2 SignatureTransfer signature
• hasPermit2Allowance() — checks Safe USDC approval to Permit2
• extraUsdcSpenders parameter on createAllowancesSafeTransaction, hasAllowances, getProxyWalletAllowancesTransaction for conditional approval
• calculateFees passes through executors and permit2Enabled
• submitClobOrder accepts Permit2 auth union type and executor param
• placeOrder branching: Permit2 → Safe tx fallback
• getAccountState and prepareDeposit conditionally include Permit2 approval

Still uses FOK orders — FAK support comes in the next PR.

Depends on: #26703 (feature flag refactor)

Changelog

CHANGELOG entry: null

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/PRED-715

Manual testing steps

Feature: Permit2 fee authorization (feature-flagged OFF)

  Scenario: user places orders with Permit2 disabled (default)
    Given user has Predict feature enabled
    And permit2Enabled remote flag is false (default)

    When user places a buy order
    Then fee authorization uses Safe transaction (existing behavior)
    And order type is FOK

  Scenario: user places orders with Permit2 enabled
    Given user has Predict feature enabled
    And permit2Enabled remote flag is true with executors configured
    And user's Safe has approved USDC to Permit2 contract

    When user places a buy order
    Then fee authorization uses Permit2 SignatureTransfer
    And a random executor is selected and sent with the order
    And order type is still FOK

  Scenario: user places orders with Permit2 enabled but no allowance
    Given user has Predict feature enabled
    And permit2Enabled remote flag is true
    And user's Safe has NOT approved USDC to Permit2 contract

    When user places a buy order
    Then fee authorization falls back to Safe transaction

Screenshots/Recordings

N/A — backend logic, no UI changes.

Before

N/A

After

N/A

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds a new, feature-flagged fee authorization path that changes how trade fees are signed and submitted (Permit2 + executor selection) and conditionally alters allowance/approval behavior for Safe wallets. While gated off by default with fallbacks, it touches trading flow, signing, and on-chain allowance checks.

Overview
Adds an alternative Permit2 SignatureTransfer fee authorization path for Polymarket order placement: when permit2Enabled is true, executors are configured, and the Safe has a Permit2 USDC allowance, placeOrder selects a random executor, creates a safe-permit2 authorization payload, and submits it alongside the order (otherwise it falls back to the existing safe-transaction authorization).

Extends fee/flag types and defaults to include executors and permit2Enabled, updates relayer payloads to accept executor and the new authorization union, and conditionally includes Permit2 as an extra USDC spender in allowance checks/approval transaction generation. Adds comprehensive unit tests for nonce calculation, Permit2 authorization creation, fallback behavior, and request-body changes.

^{Written by Cursor Bugbot for commit db73a13. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokePredictions, SmokeWalletPlatform, SmokeConfirmations
• Selected Performance tags: @PerformancePredict
• Risk Level: medium
• AI Confidence: 90%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are focused entirely on the Predict/Polymarket feature, adding Permit2 fee authorization support. This is a significant enhancement to the prediction market functionality that affects:

1. SmokePredictions (Primary): This is the main tag needed as all changes are within the Predict/Polymarket provider code. The changes affect:

   • Fee authorization flow when placing orders
   • Deposit preparation with new allowance requirements
   • Account state checking with Permit2 allowance verification

2. SmokeWalletPlatform (Dependent): Per tag description, Predictions is a section inside the Trending tab, so changes to Predictions views affect this tag.

3. SmokeConfirmations (Dependent): Per tag description, opening/closing positions in Predictions are on-chain transactions that require confirmations.

The changes are well-tested with comprehensive unit tests covering:

• Permit2 nonce retrieval
• Permit2 fee authorization creation
• Fallback logic to Safe authorization
• Extra USDC spender handling for allowances

Risk is medium because:

• The changes add new functionality but maintain backward compatibility
• Existing Safe fee authorization is preserved as fallback
• Changes are isolated to the Predict feature with no impact on core wallet functionality
• No changes to shared components, navigation, or critical paths

Performance Test Selection:
The changes affect the Predict/Polymarket feature, specifically the fee authorization flow and allowance checking. While the changes are primarily logic-based (adding Permit2 support), they do introduce additional async operations like checking Permit2 allowance and nonce retrieval. The @PerformancePredict tag should be run to ensure these new operations don't negatively impact prediction market performance, particularly during deposit flows and order placement.

View GitHub Actions results

[caieu]

LGTM