feat(deposit): implement user limits fetch before proceeding with an order (#21174)

AxelGes · web-flow · commit 0bb907e069f0 · 2025-10-16T17:03:17.000Z
## **Description**  Implement user deposit limits validation (daily/monthly/yearly) in the authenticated deposit flow. Checks limits after KYC approval using the user's actual KYC type, and displays clear error messages when deposit amount including fees would exceed remaining limits. ## **Changelog**  CHANGELOG entry: Added Deposit limits ## **Related issues** Fixes: https://consensyssoftware.atlassian.net/browse/TRAM-2669?atlOrigin=eyJpIjoiNWVhOWFiMzA1Yzg4NDAxY2IzZjBkZWMzYThjMzRhZDYiLCJwIjoiaiJ9 ## **Manual testing steps** ```gherkin Feature: Deposit Limits Validation Scenario: User exceeds daily/monthly/yearly deposit limit Given user is authenticated and KYC approved And user has $100 daily/monthly/yearly limit remaining And user has selected USD as currency When user enters $200 deposit amount And user clicks Continue Then error message should display "This deposit would exceed your daily/monthly/yearly limit. Your deposit including fees must be $100 USD or less." And user should remain on build quote screen Scenario: User successfully deposits within daily limit Given user is authenticated and KYC approved And user has $300 daily limit remaining And user has selected USD as currency When user enters $100 deposit amount And user clicks Continue Then deposit should proceed to payment screen And no error message should be displayed ``` ## **Screenshots/Recordings**  ### **Before**  No limits check. ### **After**  <img width="301" height="655" alt="Simulator Screenshot - iPhone 16 Pro - 2025-10-15 at 15 03 28" src="https://github.com/user-attachments/assets/3070cf38-8a01-48ae-8d7b-e9f121b20c46" /> <img width="301" height="655" alt="Simulator Screenshot - iPhone 16 Pro - 2025-10-15 at 14 54 53" src="https://github.com/user-attachments/assets/88c33ae1-714d-444d-b0c7-0dbb22bc6059" /> ## **Pre-merge author checklist** - [x] I’ve followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I’ve included tests if applicable - [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.  --- > [!NOTE] > Integrates `getUserLimits` into the authenticated deposit flow to block deposits exceeding daily/monthly/yearly limits, with new i18n messages and tests; bumps native ramps SDK. > > - **Deposit flow**: > - Add `getUserLimits` via `useDepositSdkMethod` and new `checkUserLimits(quote, kycType)` to enforce daily/monthly/yearly remaining limits before creating orders or generating payment URLs. > - Pass actual KYC type to limits check; use region currency in messages. > - **UX/i18n**: > - Add strings `deposit.buildQuote.limitExceeded` and `deposit.buildQuote.limitError` for clear limit errors. > - **Tests**: > - Extend `useDepositRouting.test.ts` with cases for within-limits, daily/monthly/yearly exceed, null/undefined limits, and correct KYC type propagation. > - **Dependencies**: > - Bump `@consensys/native-ramps-sdk` to `2.1.5`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e56b064. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
diff --git a/app/components/UI/Ramp/Deposit/hooks/useDepositRouting.test.ts b/app/components/UI/Ramp/Deposit/hooks/useDepositRouting.test.ts
@@ -44,6 +44,13 @@ let mockGetOrder = jest.fn().mockResolvedValue({
   paymentMethod: 'credit_debit_card',
   fiatCurrency: 'USD',
 });
+let mockGetUserLimits = jest.fn().mockResolvedValue({
+  exceeded: { 1: false, 30: false, 365: false },
+  limits: { 1: 300, 30: 1000, 365: 3000 },
+  remaining: { 1: 300, 30: 1000, 365: 3000 },
+  shortage: {},
+  spent: { 1: 0, 30: 0, 365: 0 },
+});
 
 const mockNavigate = jest.fn();
 const mockDispatch = jest.fn();
@@ -137,12 +144,17 @@ jest.mock('./useDepositSdkMethod', () => ({
         mockGetOrder(...wrapParams(customParams, params));
       return [mockUseDepositSdkMethodInitialState, wrappedGetOrder];
     }
+    if (config?.method === 'getUserLimits') {
+      const wrappedGetUserLimits = (...customParams: unknown[]) =>
+        mockGetUserLimits(...wrapParams(customParams, params));
+      return [mockUseDepositSdkMethodInitialState, wrappedGetUserLimits];
+    }
     return [mockUseDepositSdkMethodInitialState, jest.fn()];
   }),
 }));
 
 const mockLogoutFromProvider = jest.fn();
-const mockSelectedRegion = { isoCode: 'US' };
+const mockSelectedRegion = { isoCode: 'US', currency: 'USD' };
 let mockSelectedPaymentMethod = {
   isManualBankTransfer: false,
   id: 'credit_debit_card',
@@ -232,6 +244,13 @@ describe('useDepositRouting', () => {
       networkFees: '5.99',
       partnerFees: '5.99',
     });
+    mockGetUserLimits = jest.fn().mockResolvedValue({
+      exceeded: { 1: false, 30: false, 365: false },
+      limits: { 1: 300, 30: 1000, 365: 3000 },
+      remaining: { 1: 300, 30: 1000, 365: 3000 },
+      shortage: {},
+      spent: { 1: 0, 30: 0, 365: 0 },
+    });
 
     mockUseHandleNewOrder.mockReturnValue(
       jest.fn().mockResolvedValue(undefined),
@@ -1088,4 +1107,195 @@ describe('useDepositRouting', () => {
       expect(mockTrackEvent).not.toHaveBeenCalled();
     });
   });
+
+  describe('User limits checking', () => {
+    it('should check user limits and proceed when within limits', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 100,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).resolves.not.toThrow();
+
+      expect(mockGetUserLimits).toHaveBeenCalledWith(
+        'USD',
+        'credit_debit_card',
+        'SIMPLE',
+      );
+      expect(mockRequestOtt).toHaveBeenCalled();
+      expect(mockGeneratePaymentUrl).toHaveBeenCalled();
+    });
+
+    it('should pass real kycType from requirements to getUserLimits', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 100,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'STANDARD',
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).resolves.not.toThrow();
+
+      expect(mockGetUserLimits).toHaveBeenCalledWith(
+        'USD',
+        'credit_debit_card',
+        'STANDARD',
+      );
+    });
+
+    it('should throw error when deposit exceeds daily limit', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 150,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      mockGetUserLimits = jest.fn().mockResolvedValue({
+        exceeded: { 1: false, 30: false, 365: false },
+        limits: { 1: 100, 30: 1000, 365: 3000 },
+        remaining: { 1: 100, 30: 1000, 365: 3000 },
+        shortage: {},
+        spent: { 1: 0, 30: 0, 365: 0 },
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).rejects.toThrow(/daily.*100.*USD/);
+
+      expect(mockCreateOrder).not.toHaveBeenCalled();
+      expect(mockRequestOtt).not.toHaveBeenCalled();
+    });
+
+    it('should throw error when deposit exceeds monthly limit', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 600,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      mockGetUserLimits = jest.fn().mockResolvedValue({
+        exceeded: { 1: false, 30: false, 365: false },
+        limits: { 1: 1000, 30: 500, 365: 3000 },
+        remaining: { 1: 1000, 30: 500, 365: 3000 },
+        shortage: {},
+        spent: { 1: 0, 30: 0, 365: 0 },
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).rejects.toThrow(/monthly.*500.*USD/);
+
+      expect(mockCreateOrder).not.toHaveBeenCalled();
+      expect(mockRequestOtt).not.toHaveBeenCalled();
+    });
+
+    it('should throw error when deposit exceeds yearly limit', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 1100,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      mockGetUserLimits = jest.fn().mockResolvedValue({
+        exceeded: { 1: false, 30: false, 365: false },
+        limits: { 1: 2000, 30: 5000, 365: 1000 },
+        remaining: { 1: 2000, 30: 5000, 365: 1000 },
+        shortage: {},
+        spent: { 1: 0, 30: 0, 365: 0 },
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).rejects.toThrow(/yearly.*1000.*USD/);
+
+      expect(mockCreateOrder).not.toHaveBeenCalled();
+      expect(mockRequestOtt).not.toHaveBeenCalled();
+    });
+
+    it('should throw error when getUserLimits returns null', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 100,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      mockGetUserLimits = jest.fn().mockResolvedValue(null);
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).rejects.toThrow('Failed to check your deposit limits');
+
+      expect(mockCreateOrder).not.toHaveBeenCalled();
+      expect(mockRequestOtt).not.toHaveBeenCalled();
+    });
+
+    it('should throw error when any limit value is undefined', async () => {
+      const mockQuote = {
+        quoteId: 'test-quote-id',
+        fiatAmount: 100,
+      } as BuyQuote;
+
+      mockGetKycRequirement = jest.fn().mockResolvedValue({
+        status: 'APPROVED',
+        kycType: 'SIMPLE',
+      });
+
+      mockGetUserLimits = jest.fn().mockResolvedValue({
+        exceeded: { 1: false, 30: false, 365: false },
+        limits: { 1: 300, 365: 3000 },
+        remaining: { 1: 300, 365: 3000 },
+        shortage: {},
+        spent: { 1: 0, 30: 0, 365: 0 },
+      });
+
+      const { result } = renderHook(() => useDepositRouting());
+
+      await expect(
+        result.current.routeAfterAuthentication(mockQuote),
+      ).rejects.toThrow('Failed to check your deposit limits');
+
+      expect(mockCreateOrder).not.toHaveBeenCalled();
+      expect(mockRequestOtt).not.toHaveBeenCalled();
+    });
+  });
 });
diff --git a/app/components/UI/Ramp/Deposit/hooks/useDepositRouting.ts b/app/components/UI/Ramp/Deposit/hooks/useDepositRouting.ts
@@ -90,6 +90,12 @@ export const useDepositRouting = () => {
     throws: true,
   });
 
+  const [, getUserLimits] = useDepositSdkMethod({
+    method: 'getUserLimits',
+    onMount: false,
+    throws: true,
+  });
+
   const popToBuildQuote = useCallback(() => {
     navigation.dispatch((state) => {
       const buildQuoteIndex = state.routes.findIndex(
@@ -108,6 +114,64 @@ export const useDepositRouting = () => {
     });
   }, [navigation]);
 
+  const checkUserLimits = useCallback(
+    async (quote: BuyQuote, kycType: string) => {
+      const userLimits = await getUserLimits(
+        selectedRegion?.currency || '',
+        selectedPaymentMethod?.id || '',
+        kycType,
+      );
+
+      if (!userLimits?.remaining) {
+        throw new Error(strings('deposit.buildQuote.limitError'));
+      }
+
+      const { remaining } = userLimits;
+      const dailyLimit = remaining['1'];
+      const monthlyLimit = remaining['30'];
+      const yearlyLimit = remaining['365'];
+
+      if (
+        dailyLimit === undefined ||
+        monthlyLimit === undefined ||
+        yearlyLimit === undefined
+      ) {
+        throw new Error(strings('deposit.buildQuote.limitError'));
+      }
+
+      const depositAmount = quote.fiatAmount;
+      const currency = selectedRegion?.currency || '';
+
+      if (depositAmount > dailyLimit) {
+        throw new Error(
+          strings('deposit.buildQuote.limitExceeded', {
+            period: 'daily',
+            remaining: `${dailyLimit} ${currency}`,
+          }),
+        );
+      }
+
+      if (depositAmount > monthlyLimit) {
+        throw new Error(
+          strings('deposit.buildQuote.limitExceeded', {
+            period: 'monthly',
+            remaining: `${monthlyLimit} ${currency}`,
+          }),
+        );
+      }
+
+      if (depositAmount > yearlyLimit) {
+        throw new Error(
+          strings('deposit.buildQuote.limitExceeded', {
+            period: 'yearly',
+            remaining: `${yearlyLimit} ${currency}`,
+          }),
+        );
+      }
+    },
+    [getUserLimits, selectedRegion?.currency, selectedPaymentMethod?.id],
+  );
+
   const navigateToVerifyIdentityCallback = useCallback(
     ({ quote }: { quote: BuyQuote }) => {
       popToBuildQuote();
@@ -349,6 +413,8 @@ export const useDepositRouting = () => {
                 throw new Error('Missing user details');
               }
 
+              await checkUserLimits(quote, requirements.kycType);
+
               if (selectedPaymentMethod?.isManualBankTransfer) {
                 const order = await createOrder(
                   quote,
@@ -489,6 +555,7 @@ export const useDepositRouting = () => {
       createOrder,
       requestOtt,
       generatePaymentUrl,
+      checkUserLimits,
       selectedWalletAddress,
       themeAppearance,
       colors,
diff --git a/locales/languages/en.json b/locales/languages/en.json
@@ -594,7 +594,9 @@
       "unexpectedError": "An unexpected error occurred.",
       "quoteFetchError": "Failed to fetch quote.",
       "kycFormsFetchError": "Failed to fetch KYC forms.",
-      "title": "Deposit"
+      "title": "Deposit",
+      "limitExceeded": "This deposit would exceed your {{period}} limit. Your deposit including fees must be {{remaining}} or less.",
+      "limitError": "Failed to check your deposit limits. Please try again later."
     },
     "token_modal": {
       "select_a_token": "Select a Token",
diff --git a/package.json b/package.json
@@ -191,7 +191,7 @@
   },
   "dependencies": {
     "@config-plugins/detox": "^9.0.0",
-    "@consensys/native-ramps-sdk": "^2.1.2",
+    "@consensys/native-ramps-sdk": "2.1.5",
     "@consensys/on-ramp-sdk": "2.1.11",
     "@craftzdog/react-native-buffer": "^6.1.0",
     "@deeeed/hyperliquid-node20": "^0.23.1-node20.1",
diff --git a/yarn.lock b/yarn.lock
@@ -2046,9 +2046,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@consensys/native-ramps-sdk@npm:^2.1.2":
-  version: 2.1.2
-  resolution: "@consensys/native-ramps-sdk@npm:2.1.2"
+"@consensys/native-ramps-sdk@npm:2.1.5":
+  version: 2.1.5
+  resolution: "@consensys/native-ramps-sdk@npm:2.1.5"
   dependencies:
     "@metamask/utils": ^11.5.0
     async: ^3.2.3
@@ -2057,7 +2057,7 @@ __metadata:
     crypto-js: ^4.2.0
     reflect-metadata: ^0.1.13
     uuid: ^9.0.0
-  checksum: 6db885cebb8ccc6c859c55f22bf686d842b0975f97d98c09eec48b52e7601fdb338c9f201182ec9f32cac07e84a98dc3e981a675e6a71a4ea8dbc298bc5a0be0
+  checksum: 4e2253858a221845579dc289400fd871b259dd1062537042cafa0c9417924ae9b2ca09187facabfce9eeb96f22113df7fad0801bee4164f9069003a4851f75d3
   languageName: node
   linkType: hard
 
@@ -34049,7 +34049,7 @@ __metadata:
     "@babel/register": ^7.24.6
     "@babel/runtime": ^7.25.0
     "@config-plugins/detox": ^9.0.0
-    "@consensys/native-ramps-sdk": ^2.1.2
+    "@consensys/native-ramps-sdk": 2.1.5
     "@consensys/on-ramp-sdk": 2.1.11
     "@craftzdog/react-native-buffer": ^6.1.0
     "@cucumber/message-streams": ^4.0.1
