fix: use decodeAuthorizationSignature util from transaction-controller#29717
Conversation
890ff46 to
5138245
Compare
5138245 to
66ebc58
Compare
Replace local 7702 authorization signature decoding logic with the new `decodeAuthorizationSignature` util exported from `@metamask/transaction-controller`. The util produces RLP-canonical hex (no leading zero nibbles, `0x0` for zero) so values are accepted by go-ethereum-style decoders (Sentinel relay, public RPCs). The local copy in `delegation.ts` did no canonicalization at all, and `delegation-7702-publish.ts` only stripped a single leading zero nibble — both could emit non-canonical `r`/`s` values that the relay or RPC would reject. References: MetaMask/core#8656
66ebc58 to
8202337
Compare
🔍 Smart E2E Test Selection
click to see 🤖 AI reasoning detailsE2E Test Selection:
Behavioral change risk: The old local implementation in Test coverage: There is a dedicated E2E test file Scope: The changes are isolated to EIP-7702 delegation/authorization signature handling. No UI components, navigation, shared infrastructure, or other transaction types are affected. No performance-sensitive code paths are changed. Performance Test Selection: |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8202337. Configure here.
| import { NetworkClientId } from '@metamask/network-controller'; | ||
| import { toHex } from '@metamask/controller-utils'; | ||
| import { isE2ETest, stripSingleLeadingZero } from '../util'; | ||
| import { isE2ETest } from '../util'; |
There was a problem hiding this comment.
stripSingleLeadingZero is now dead production code
Low Severity
This PR removed the only production caller of stripSingleLeadingZero (from delegation-7702-publish.ts), but the function definition in util.ts and its dedicated tests in util.test.ts were left behind. The function is now dead code — exported but never imported anywhere in production. Both the function and its tests can be removed as part of this cleanup.
Reviewed by Cursor Bugbot for commit 8202337. Configure here.
|
Description
Replace local EIP-7702 authorization signature decoding with the
decodeAuthorizationSignatureutil from@metamask/transaction-controller(added in core#8656). The util produces RLP-canonical hex (no leading zero nibbles,0x0for zero), which the Sentinel relay and public RPCs require. The local copies under-canonicalised:delegation.tsdid nothing,delegation-7702-publish.tsonly stripped a single leading zero.Changelog
CHANGELOG entry: Fixed an issue where EIP-7702 authorization signatures with leading zero bytes in
rorscould be rejected by relays and public RPCs.Related issues
Fixes: CONF-1133
Pre-merge author checklist
Pre-merge reviewer checklist
Note
Medium Risk
Touches EIP-7702 authorization encoding used for relay/RPC submission; small change but in a transaction-critical path and could affect signature validity if the upstream util behavior differs.
Overview
Replaces two local EIP-7702 authorization signature parsing implementations with
decodeAuthorizationSignaturefrom@metamask/transaction-controller.This removes custom
r/s/yParityslicing/normalization (and related helpers/imports) so authorization lists use the shared, canonical decoding expected by relays and public RPCs.Reviewed by Cursor Bugbot for commit 8202337. Bugbot is set up for automated code reviews on this repo. Configure here.