feat: Support bidirectional pay strategy fallback#8577
Merged
pedronfigueiredo merged 1 commit intomainfrom Apr 27, 2026
Merged
Conversation
pedronfigueiredo
changed the title
pedronfigueiredo
force-pushed
the
pnf/bidirectional-fallback
branch
from
0385e59 to
a6b006a
Compare
pedronfigueiredo
force-pushed
the
pnf/bidirectional-fallback
branch
from
a6b006a to
d52a6ae
Compare
pedronfigueiredo
force-pushed
the
pnf/bidirectional-fallback
branch
from
d52a6ae to
09f054c
Compare
pull Bot
pushed a commit
to Reality2byte/core
that referenced
this pull request
Apr 28, 2026
## Explanation Release `942.0.0` with major version bumps for two packages: - **`@metamask/transaction-controller`** `64.4.0` → `65.0.0` - **`@metamask/transaction-pay-controller`** `19.3.0` → `20.0.0` ### `@metamask/transaction-controller@65.0.0` **Breaking:** Adds `KeyringControllerGetStateAction` to `AllowedActions` to enable keyring-based EIP-7702 account compatibility checks in `addTransactionBatch`. Clients must add `KeyringController:getState` to the TransactionController messenger's allowed actions. ### `@metamask/transaction-pay-controller@20.0.0` **Breaking:** Fix mUSD conversion for hardware wallets on EIP-7702 chains by gating relay and Across 7702 paths on the account keyring type via `KeyringController:getState`. The `TransactionPayControllerMessenger` now requires `KeyringController:getState` permission. ### Dependency updates 14 packages had their `@metamask/transaction-controller` dependency range updated to `^65.0.0` with corresponding changelog entries under `[Unreleased]`. ## References - [MetaMask#8388](MetaMask#8388) — EIP-7702 keyring compatibility - [MetaMask#8592](MetaMask#8592) — Expose `wipeTransactions` via messenger - [MetaMask#8607](MetaMask#8607) — Rename `executeEnabled` → `gaslessEnabled` - [MetaMask#8577](MetaMask#8577) — Across EIP-7702 authorization list fallback ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [x] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md) - [x] I've introduced [breaking changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md) in this PR and have prepared draft pull requests for clients and consumer packages to resolve them <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Primarily a release/version bump, but it upgrades to `@metamask/transaction-controller@65.0.0` and `@metamask/transaction-pay-controller@20.0.0`, which include **breaking** messenger permission/allowed-action changes that can break consumers at runtime if not updated. > > **Overview** > Bumps the monorepo version to `942.0.0` and releases **major** updates for `@metamask/transaction-controller` (`64.4.0` → `65.0.0`) and `@metamask/transaction-pay-controller` (`19.3.0` → `20.0.0`). > > Propagates `@metamask/transaction-controller` dependency range updates to `^65.0.0` across multiple packages (e.g. assets/bridge/network/shield/subscription/user-operation controllers) with corresponding `[Unreleased]` changelog entries, and updates `yarn.lock` accordingly. > > Documents breaking changes in `transaction-controller@65.0.0` (requires `KeyringController:getState` allowed action for EIP-7702 batch compatibility checks) and `transaction-pay-controller@20.0.0` (requires `KeyringController:getState` to gate 7702 paths for hardware-wallet mUSD conversion). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit de55ba7. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR enables controller-level fallback from Across to later configured pay strategies, including Relay, when Across can quote but cannot execute the planned transaction mode.
Across already has quote-time limitations, such as same-chain swaps. The issue here is an execution limitation that is only known after quote construction and gas planning: first-time EIP-7702 upgrades that require an authorization list. If Across is ordered first, the controller should not store an unusable Across quote when a later provider can still quote and execute the request.
Changes
supportsas the pre-quote strategy capability check and allows it to be async.checkQuoteSupportfor provider limitations discovered after quote construction and gas planning.requiresAuthorizationListfromTransactionController:estimateGasBatchthrough transaction-pay gas quote metadata.txParams.authorizationListbefore quotes and rejectmetamask.requiresAuthorizationListafter gas planning, while still allowingis7702quotes for already-upgraded accounts.is7702andrequiresAuthorizationList.Note
Medium Risk
Changes quote/strategy selection flow (including new post-quote validation) and extends
estimateGasBatchoutput, which can alter which pay provider is chosen and how EIP-7702 batches are executed.Overview
Adds a new post-quote capability check for pay strategies (
checkQuoteSupport) and updates quote selection to skip unsupported strategies and fall back to later strategies when either pre-quote support or post-quote checks fail.Extends
TransactionController:estimateGasBatchto optionally returnrequiresAuthorizationListwhen EIP-7702 batch estimation implies a first-time account upgrade, and propagates this flag through pay quote gas planning into Across quote metadata.Updates
AcrossStrategyto reject requests that already includetxParams.authorizationList, and to reject quotes whose planned execution would require an authorization list (while still allowing otheris7702quotes); includes new/updated tests and changelog entries reflecting the fallback behavior.Reviewed by Cursor Bugbot for commit 09f054c. Bugbot is set up for automated code reviews on this repo. Configure here.