Skip to content

release: to prod#1719

Merged
joelorzet merged 8 commits into
prodfrom
staging
Jul 6, 2026
Merged

release: to prod#1719
joelorzet merged 8 commits into
prodfrom
staging

Conversation

@joelorzet

Copy link
Copy Markdown

No description provided.

suisuss and others added 8 commits July 6, 2026 19:12
…revert-retry

fix: retry reverted simulation sends once to absorb transient fork state
… signing

The Turnkey sponsorship poll gave up after 30s and returned null, which the
caller read as "sponsorship failed" and retried via direct signing. A slow
sponsored send and its direct-signed retry then landed a block apart, and the
second reverted.

Wait up to 120s and return the tx hash as soon as Turnkey broadcasts one so
the node reports that transaction's real on-chain outcome. On a submitted but
unconfirmed outcome (timeout or repeated status-API failures) raise a typed
SponsoredTxPendingError so the caller fails the step instead of re-sending. A
reverted sponsored receipt raises SponsoredTxRevertError; its reason is
recovered by a read-only eth_call replay of the already-mined tx (never a
second broadcast), falling back to a generic message when it cannot be decoded.
Extract resolveSponsoredSendError so write-contract, transfer-token,
approve-token, and transfer-funds decide fall-back-vs-fail in one place, and
surface the tx hash in the reverted-node error. Every write op now treats a
reverted or unconfirmed sponsored send as a terminal node result and never
re-broadcasts a second transaction.
…ndler

Add cases for returning the hash as soon as Turnkey broadcasts, raising
SponsoredTxPendingError on timeout and repeated status-API failures, and the
shared resolveSponsoredSendError fall-back decision.
…send

fix(web3): don't double-send sponsored transactions on slow Turnkey confirmations
A login-risk assessment early-returned NULL_RISK whenever the current
login carried no country attestation, so a change from a known country to
an unplaceable location never raised the member-session red flag while a
change to a different known country did.

Treat a null country as an anomaly (unknown_country) when the user has an
established country history, mirroring new_country. A null country with no
prior history stays inconclusive so local-dev and self-hosted logins are
not tripped. Persist the risk blob whenever there is a country or an
anomaly so the unknown_country verdict reaches the member-sessions panel.
…nknown-red-flag

fix(security): flag logins that lose country attestation
@joelorzet joelorzet requested review from a team, OleksandrUA, eskp and suisuss and removed request for a team July 6, 2026 19:37
@joelorzet joelorzet merged commit 3eda9d2 into prod Jul 6, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants