fix: route approve commands through proxy wallet#42
fix: route approve commands through proxy wallet#42mvanhorn wants to merge 3 commits intoPolymarket:mainfrom
Conversation
…e proxy - `approve check` now queries the correct wallet (proxy or EOA) based on --signature-type, so users see actual allowances instead of zeros - `approve set` with proxy signature type routes transactions through the Proxy Wallet Factory, batching USDC and CTF approvals per target - `ctf` commands now accept --signature-type for forward compatibility Fixes Polymarket#4 Related: Polymarket#1, Polymarket#24 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Prevents silent routing breakage if DEFAULT_SIGNATURE_TYPE is ever changed to a non-proxy value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
approve check uses resolve_wallet_address which returns the derived Safe address for gnosis-safe, but approve set only handles proxy and falls through to the EOA path. This would silently approve on the wrong address. Add an early bail for gnosis-safe with guidance to use the Safe wallet interface instead.
|
Addressed the gnosis-safe check/set inconsistency in 09aaa7a. Re: the proxy check comparison - this is already comparing against the literal |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
|
|
||
| for target in &targets { | ||
| step += 1; | ||
| let label = format!("USDC \u{2192} {} (proxy)", target.name); |
There was a problem hiding this comment.
Proxy path label omits CTF approval information
Medium Severity
In the proxy path, each transaction batches both USDC approve and CTF setApprovalForAll into a single factory call, but the label is "USDC → {target} (proxy)" — it never mentions CTF. In the EOA path, users see separate "USDC → target" and "CTF → target" lines for each target. In the proxy path, there is zero indication that CTF approvals were also set, so users may believe they still need to approve CTF separately or that something went wrong.
Additional Locations (1)
| output: OutputFormat, | ||
| ) -> Result<()> { | ||
| let sig_type = config::resolve_signature_type(signature_type)?; | ||
| let is_proxy = sig_type == "proxy"; |
There was a problem hiding this comment.
Fragile string comparison duplicates signature type matching logic
Low Severity
The set function in approve.rs duplicates the signature-type-to-behavior mapping from auth::parse_signature_type using hardcoded string literals ("proxy", "gnosis-safe") instead of reusing the existing enum-based logic. Notably, auth.rs uses the config::DEFAULT_SIGNATURE_TYPE constant while approve.rs uses the string literal "proxy" — if the constant ever changes, the two code paths would diverge silently.
Additional Locations (1)
1 participant
Summary
Fixes
approveandctfcommands ignoring--signature-type proxy, which caused all on-chain transactions to go from the EOA instead of the proxy wallet.Fixes #4
Related: #1, #24
Changes
src/auth.rsresolve_wallet_address()that returns EOA, proxy, or Safe address based on signature typesrc/main.rssignature_typetoapproveandctfcommandssrc/commands/approve.rsapprove setthrough Proxy Wallet Factory when signature type isproxy; fixapprove checkto query the correct walletsrc/commands/ctf.rssignature_typeparameter for forward compatibilityHow it works
approve check: Now resolves the wallet address based on--signature-type. Withproxy, it queries allowances of the derived proxy wallet instead of the EOA, so users see their actual allowance status.approve set: With--signature-type proxy, encodes USDC approve and CTF setApprovalForAll calls as calldata and routes them through the Proxy Wallet Factory at0xaB45.... This batches both approvals per target into a single factory call, so the proxy wallet gets the approvals instead of the EOA.ctf: Accepts--signature-typebut does not yet route through proxy (marked for follow-up). This is a smaller, separable change.Test plan
cargo fmt --checkpassescargo clippy -- -D warningspassescargo test- all 131 tests passpolymarket approve check --signature-type proxyshows proxy wallet allowancespolymarket approve set --signature-type proxysends approvals through factoryThis contribution was developed with AI assistance (Claude Code).
Note
Medium Risk
Changes how on-chain approval transactions are constructed/sent (EOA vs proxy batching via factory), which could affect users’ allowances and trading readiness if mis-routed. Scope is limited to approval flow and wallet address resolution logic.
Overview
Fixes the
approvecommand to honor--signature-typefor both reading and writing approvals.Adds
auth::resolve_wallet_address()to derive the correct owner address (EOA, proxy wallet, or Gnosis Safe) for allowance/approval checks, and wiressignature_typethroughmain.rsintoapprove/ctf(the latter is parameter-only for now).For
approve set, proxy mode now batches USDCapprove+ CTFsetApprovalForAllper target via the Proxy Wallet Factory (wallet_contract_config), whilegnosis-safemode is blocked with a message directing users to submit approvals via the Safe UI.Written by Cursor Bugbot for commit 09aaa7a. This will update automatically on new commits. Configure here.