Skip to content

Comments

Feat/7702 5792 support#2378

Draft
lwin-kyaw wants to merge 13 commits intov10from
feat/7702-5792-support
Draft

Feat/7702 5792 support#2378
lwin-kyaw wants to merge 13 commits intov10from
feat/7702-5792-support

Conversation

@lwin-kyaw
Copy link

@lwin-kyaw lwin-kyaw commented Feb 17, 2026
edited by cursor bot
Loading

Motivation and Context

Jira Link:

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Note

Medium Risk
Touches wallet transaction flows and introduces new provider RPC method usage (wallet_* EIP-7702/5792), which can affect signing/sending behavior in demos; core logic changes appear limited and mostly additive.

Overview
Adds an EIP-7702/EIP-5792 playground to the Next.js SSR demo Main.tsx, including buttons to call wallet_getAccountUpgradeStatus, wallet_upgradeAccount, wallet_getCapabilities, wallet_sendCalls, and wallet_getCallsStatus, and a simple wagmi “send zero transaction” action with displayed tx hash/errors.

Updates the demo Web3Auth provider config to set defaultChainId and enable walletServicesConfig modal confirmations/login mode. Also refreshes demo lockfiles to @web3auth/modal/@web3auth/no-modal 10.14.1 and related dependency bumps, and fixes a missing newline in demo/react-app-no-modal/src/web3RPC.ts.

Written by Cursor Bugbot for commit 19a9ab9. This will update automatically on new commits. Configure here.

@vercel
Copy link

vercel bot commented Feb 17, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
web3auth-web Error Error Feb 20, 2026 8:51am

Request Review

@lwin-kyaw lwin-kyaw force-pushed the feat/7702-5792-support branch from 298e9e6 to 7418945 Compare February 17, 2026 12:07
cursor[bot]
cursor bot reviewed Feb 17, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 18, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 19, 2026
View reviewed changes
packages/no-modal/src/providers/ethereum-provider/rpc/ethRpcMiddlewares.ts
});
return (code || "0x") as `0x${string}`;
};
}
Copy link

@cursor cursor bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

createGetEthCode ignores chainId causing cross-chain misqueries

Medium Severity

createGetEthCode silently ignores the _chainId parameter, always querying eth_getCode against the currently connected chain. In eip7702Middleware, getAccountUpgradeStatus passes a user-specified chainId to getIsEip7702UpgradeSupported and getDelegationAddress, which forward it to getEthCode — but the chain ID is discarded. If the requested chain differs from the connected chain, the upgrade status and delegation address will be incorrect.

Additional Locations (1)

Fix in Cursor Fix in Web

cursor[bot]
cursor bot reviewed Feb 20, 2026
View reviewed changes
demo/nextjs-ssr-app/components/Main.tsx
method: "wallet_sendCalls",
params: [
{
version: "2.0",
Copy link

@cursor cursor bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EIP-5792 version string doesn't match specification

Medium Severity

The wallet_sendCalls request uses version: "2.0" but the EIP-5792 specification requires "2.0.0" (three-part semver). This mismatch may cause compliant wallet providers to reject the request or fall back to unexpected behavior. Since this is a demo app showcasing EIP-5792 support, the version string needs to match the spec exactly.

Fix in Cursor Fix in Web

cursor[bot]
cursor bot reviewed Feb 20, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

demo/nextjs-ssr-app/components/Main.tsx
onClick={getAccountUpgradeStatus}
className="card"
style={{ borderColor: "#8b5cf6", color: "#8b5cf6" }}
disabled={eipLoading === "upgradeStatus"}
Copy link

@cursor cursor bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shared loading state allows concurrent conflicting EIP operations

Low Severity

The eipLoading state is a single string shared across all five EIP operation buttons, but each button only disables itself when its own key matches (e.g., disabled={eipLoading === "upgradeStatus"}). This means while one operation is in-flight, other EIP buttons remain clickable. Clicking a second button overwrites eipLoading, and when the first operation's finally block runs setEipLoading(null), it prematurely clears the loading state for the still-in-progress second operation. The eipResult state is also clobbered. Each button's disabled check likely needs to be eipLoading !== null instead of checking a specific key.

Additional Locations (2)

Fix in Cursor Fix in Web

demo/nextjs-ssr-app/components/Main.tsx
});
if (batchId && typeof batchId === "string") {
setLastBatchId(batchId);
}
Copy link

@cursor cursor bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong EIP-5792 version string and response handling

Medium Severity

The wallet_sendCalls request uses version: "2.0" but the EIP-5792 spec defines "2.0.0" as the official version string. More critically, the v2 response is a structured object ({ id: "...", capabilities: {...} }) rather than a plain string, but the code checks typeof batchId === "string" — this condition will always be false for a v2 response, so lastBatchId is never set and the "Get Calls Status" feature becomes permanently non-functional.

Fix in Cursor Fix in Web

@lwin-kyaw lwin-kyaw marked this pull request as draft February 20, 2026 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lwin-kyaw