chore: bump tempo.ts to 0.14.2 and remove blockSignTransaction middleware#718
Merged
chore: bump tempo.ts to 0.14.2 and remove blockSignTransaction middleware#718
Conversation
Bundle Size Report
Chunk changes (>1KB)
Compared against main branch (baseline from 2/4/2026, 5:13:51 PM) |
struong
changed the title
Cloudflare Deployments
|
…ware tempo-ts 0.14.1 (tempoxyz/tempo-ts#148) patches eth_signTransaction at the library level, making the application-level middleware (#713) redundant. Changes: - Bump tempo.ts from ^0.14.0 to ^0.14.1 in workspace catalog - Remove blockSignTransactionMiddleware (now handled by tempo.ts) - Inline fee-payer handler directly in Hono instead of using Handler.feePayer from tempo.ts - Accept both 0x76 and 0x78 Tempo transaction prefixes (0x78 is the fee-payer serialization format used by withFeePayer) - Harden rate-limit middleware to handle non-string params - Update tests to match library-level MethodNotSupportedError
struong
force-pushed
the
chore/bump-tempo-ts-fee-payer
branch
from
2ae2aa5 to
038391d
Compare
struong
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
motivation
The
eth_signTransactionvulnerability (sponsor key misuse) was patched upstream in tempo-ts#148.Handler.feePayernow rejectseth_signTransactionat the library level, making the application-levelblockSignTransactionMiddleware(added in #713) redundant.Additionally,
Handler.feePayerin 0.14.1 had a bug where it only accepted0x76-prefixed transactions, butwithFeePayerfromviem/temposends0x78-prefixed (fee-payer format) transactions. This was fixed upstream in tempo-ts#151 and released as 0.14.2.changes
^0.14.2in the workspace catalogblockSignTransactionMiddlewareremoved — deleted file and its import/usage inindex.tsparams[0]is now checked withtypeof === "string"before calling.startsWith(), and accepts both0x76and0x78prefixeseth_signTransactionrejection now asserts the library-level error instead of the old middleware 403; the rate-limit test for the removed middleware is deletedtesting
pnpm --filter fee-payer test— all 9 tests passpnpm checkandpnpm check:typespass