Skip to content

Comments

test(account-keychain): add integration test for TEMPO-KEY21 tx_origin spending limit enforcement#2800

Open
bennytimz wants to merge 1 commit intotempoxyz:mainfrom
bennytimz:main
Open

test(account-keychain): add integration test for TEMPO-KEY21 tx_origin spending limit enforcement#2800
bennytimz wants to merge 1 commit intotempoxyz:mainfrom
bennytimz:main

Conversation

@bennytimz
Copy link

Summary

Adds an integration test for TEMPO-KEY21: spending limits are only consumed when msg_sender == tx_origin.

Why an integration test?

The transaction_key and tx_origin values are set via transient storage (TSTORE/TLOAD) during real transaction execution. Foundry's vm.store cannot set transient storage, so this invariant cannot be verified in the existing Foundry invariant test suite (AccountKeychain.t.sol).

A unit test already exists in crates/precompiles/src/account_keychain/mod.rs (test_spending_limits_only_apply_to_tx_origin) but it mocks msg_sender directly — it does not exercise the full transaction pipeline.

What the test does

  1. Authorizes an access key with a 100-token spending limit
  2. Deploys a forwarder contract and funds it with 50 tokens of its own
  3. Sends a batched transaction (signed with the access key) that:
    • Calls the forwarder → forwarder calls TIP20.transfer() internally (msg_sender = forwarder ≠ tx_origin)
    • Directly transfers 10 tokens from the EOA (msg_sender = tx_origin)
  4. Asserts the spending limit decreased by 10 only (not 60), proving contract-initiated transfers bypass the limit

Files changed

  • crates/node/tests/it/account_keychain.rs — new test file
  • crates/node/tests/it/main.rs — module declaration added

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants