-
Notifications
You must be signed in to change notification settings - Fork 299
feat(sdk-core): add transaction intent mismatch errors #7148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
feat(sdk-core): add transaction intent mismatch errors #7148
Conversation
66411ac
to
c9ae74b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR introduces a comprehensive error handling system for detecting transaction intent mismatches in the BitGo SDK, specifically focusing on identifying potentially malicious or unintended transaction modifications. The changes add specialized error classes and corresponding unit tests for various types of transaction anomalies.
- Adds base
TxIntentMismatchError
class and three specialized error types for recipient mismatches, contract interaction issues, and unauthorized token approvals - Introduces comprehensive type definitions for error payloads including
TokenApproval
,MismatchedRecipient
, andContractDataPayload
interfaces - Includes complete unit test coverage with 7 test cases validating error creation, inheritance, and property assignment
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
File | Description |
---|---|
modules/sdk-core/src/bitgo/errors.ts | Adds new error classes and interfaces for transaction intent mismatch detection |
modules/sdk-core/test/unit/bitgo/errors.ts | Provides comprehensive unit tests for all new error classes and their inheritance hierarchy |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
modules/sdk-core/src/bitgo/errors.ts
Outdated
} | ||
|
||
export class ApiResponseError<ResponseBodyType = any> extends BitGoJsError { | ||
export class ApiResponseError<ResponseBodyType = unknown> extends BitGoJsError { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change from any
to unknown
is a good practice for type safety. However, this appears to be an unrelated change to the main PR purpose. Consider separating type safety improvements into a separate commit or PR.
export class ApiResponseError<ResponseBodyType = unknown> extends BitGoJsError { | |
export class ApiResponseError<ResponseBodyType = any> extends BitGoJsError { |
Copilot uses AI. Check for mistakes.
modules/sdk-core/src/bitgo/errors.ts
Outdated
* Interface for token approval information used in suspicious transaction detection | ||
* | ||
* @interface TokenApproval | ||
* @property {string} [tokenName] - Optional human-readable name of the token | ||
* @property {string} tokenAddress - The contract address of the token being approved | ||
* @property {number | 'unlimited'} authorizingAmount - The amount being authorized for spending, or 'unlimited' for infinite approval | ||
* @property {string} authorizingAddress - The address being authorized to spend the tokens | ||
*/ | ||
export interface TokenApproval { | ||
tokenName?: string; | ||
tokenAddress: string; | ||
authorizingAmount: number | 'unlimited'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The authorizingAmount
property has inconsistent types (number | 'unlimited'
) which could lead to confusion. Consider using a more structured approach like { type: 'limited', amount: number } | { type: 'unlimited' }
or standardizing on string representation for both cases.
* Interface for token approval information used in suspicious transaction detection | |
* | |
* @interface TokenApproval | |
* @property {string} [tokenName] - Optional human-readable name of the token | |
* @property {string} tokenAddress - The contract address of the token being approved | |
* @property {number | 'unlimited'} authorizingAmount - The amount being authorized for spending, or 'unlimited' for infinite approval | |
* @property {string} authorizingAddress - The address being authorized to spend the tokens | |
*/ | |
export interface TokenApproval { | |
tokenName?: string; | |
tokenAddress: string; | |
authorizingAmount: number | 'unlimited'; | |
* Type for authorizing amount in token approval, using a discriminated union for clarity and type safety | |
*/ | |
export type AuthorizingAmount = | |
| { type: 'limited'; amount: number } | |
| { type: 'unlimited' }; | |
/** | |
* Interface for token approval information used in suspicious transaction detection | |
* | |
* @interface TokenApproval | |
* @property {string} [tokenName] - Optional human-readable name of the token | |
* @property {string} tokenAddress - The contract address of the token being approved | |
* @property {AuthorizingAmount} authorizingAmount - The amount being authorized for spending, or unlimited for infinite approval | |
* @property {string} authorizingAddress - The address being authorized to spend the tokens | |
*/ | |
export interface TokenApproval { | |
tokenName?: string; | |
tokenAddress: string; | |
authorizingAmount: AuthorizingAmount; |
Copilot uses AI. Check for mistakes.
modules/sdk-core/src/bitgo/errors.ts
Outdated
* @property {string | TokenTransferRecipientParams} [data] - Optional transaction data or token transfer parameters | ||
* @property {string} [tokenName] - Optional name of the token being transferred | ||
* @property {TokenTransferRecipientParams} [tokenData] - Optional structured token transfer data | ||
*/ | ||
export interface MismatchedRecipient { | ||
address: string; | ||
amount: string; | ||
data?: string | TokenTransferRecipientParams; | ||
tokenName?: string; | ||
tokenData?: TokenTransferRecipientParams; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The data
property allows both string
and TokenTransferRecipientParams
types, but there's also a separate tokenData
property for the same purpose. This creates ambiguity about which field to use. Consider consolidating these into a single, well-defined property.
* @property {string | TokenTransferRecipientParams} [data] - Optional transaction data or token transfer parameters | |
* @property {string} [tokenName] - Optional name of the token being transferred | |
* @property {TokenTransferRecipientParams} [tokenData] - Optional structured token transfer data | |
*/ | |
export interface MismatchedRecipient { | |
address: string; | |
amount: string; | |
data?: string | TokenTransferRecipientParams; | |
tokenName?: string; | |
tokenData?: TokenTransferRecipientParams; | |
* @property {string | TokenTransferRecipientParams} [data] - Optional transaction data; if a token transfer, this may be a TokenTransferRecipientParams object | |
* @property {string} [tokenName] - Optional name of the token being transferred | |
*/ | |
export interface MismatchedRecipient { | |
address: string; | |
amount: string; | |
data?: string | TokenTransferRecipientParams; | |
tokenName?: string; |
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reworked to use base recipients
type.
6c5dacf
6c5dacf
to
a38004c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
export interface TokenApproval { | ||
tokenName?: string; | ||
tokenAddress: string; | ||
authorizingAmount: { type: 'unlimited' } | { type: 'limited'; amount: number }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The JSDoc comment on line 210 incorrectly states the type as number | 'unlimited'
but the actual TypeScript type is a discriminated union with { type: 'unlimited' }
or { type: 'limited'; amount: number }
. The documentation should be updated to match the implementation.
Copilot uses AI. Check for mistakes.
- Add base TxIntentMismatchError class extending BitGoJsError - Add TxIntentMismatchRecipientError for recipient intent mismatches - Add TxIntentMismatchContractError for contract interaction intent mismatches - Add TxIntentMismatchApprovalError for token approval intent mismatches TICKET: WP-6187
a38004c
to
b4ce897
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
TICKET: WP-6187