Draft
Conversation
…estination chain that is not a smart contract (#714) # Context When users bridge tokens between chains (e.g. from Base to Ethereum) using a smart contract wallet, they might enter their own wallet address as the recipient on the destination chain. But if that smart wallet is only deployed on the source chain (e.g. Base ✅) and not on the destination chain (e.g. Ethereum ❌), there's no contract on the destination side to control the funds. This can result in the user loosing its bridged tokens, as they cannot be accessed on the destination chain in this scenario, **since the smart contract wallet is not deployed on the destination chain**. # ☑️ How does this PR mitigates this issue? This PR prevents accidental loss by checking the bytecode at the recipient address on the destination chain, if a smart contract wallet is connected to the UI and the same recipient address is used. # 🔄 Flow 1. User connects a smart contract wallet to the dApp. 2. They select the source/destination chain, token, and enter an amount to bridge. 2. They enter their own wallet address as the recipient. Then the app checks: - ✅ Is the connected wallet a smart contract? _Yes_ - ✅ Is the recipient address the same? _Yes_ - ❌ Is there any bytecode at that address on the destination chain? Is it a smart contract at that address on the destination chain? _No_ > If so, the "Continue" button is disabled and a warning message is shown. > The user can tick a checkbox to proceed only if they are sure they can control the recipient address on the destination chain. <img width="1328" height="1564" alt="image" src="https://github.com/user-attachments/assets/ff9d710e-f1bd-4a14-abaf-9831c1485986" /> # Demo https://github.com/user-attachments/assets/562da9bb-64e9-4601-b48b-5784811fc70b <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Recipient warning banner for Ethereum→Ethereum transfers with explanatory text and a confirmation checkbox that gates submission. * Submit button disabled until the user confirms control of the recipient address. * On-chain contract checks and friendly chain names with clear error feedback; wallet disconnect hides the banner and resets confirmation. * **Bug Fixes** * Reduces accidental transfers by blocking submission until recipient ownership is confirmed. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: default <b00ste.lyx@gmail.com>
Upgrade hyperlane packages
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added Radix wallet support; users can now connect and interact using Radix wallets. - Wallet connect modal now includes a Radix option. - Added a public Radix manifest for improved wallet discovery and compatibility. - Chores - Upgraded Hyperlane dependencies to the latest major version for compatibility and stability. - Added Radix SDK/toolkit dependencies to enable the new wallet integration. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Troy Kessler <troy.kessler99@gmail.com>
- Fixed an issue where the checks for multi-collateral warp route was not accounting for `HypNative` standards - Bump hyperlane packages <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced support for HypNative tokens without a collateral address, improving validation, matching, and deduplication across chains. * **Bug Fixes** * More accurate handling of multi-collateral tokens to reduce false negatives and duplicates for HypNative scenarios. * **Tests** * Expanded coverage for HypNative origin/destination cases and non-HypNative failure paths. * **Chores** * Bumped Hyperlane dependencies to 18.2.0 (SDK, utils, widgets). <!-- end of auto-generated comment: release notes by coderabbit.ai -->
bumping to match nexus version
chore: update registry to v23.2.0
Fixes critical vulnerabilities in vitest and transitive dependencies (sha.js, cipher-base, elliptic, pbkdf2, form-data). All tests pass. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated development and runtime dependencies, including pinning and patching select transitive packages to improve compatibility and security. These changes enhance build stability without affecting user-facing behavior. * **Tests** * Upgraded the testing framework to the latest patch release, improving reliability and performance of the test suite. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded key third-party dependencies to the latest major release (v19.1.0) to align with upstream ecosystem updates. * Brings improved compatibility, stability, and potential security and performance enhancements from upstream packages. * No user-facing behavior changes are expected; existing features should continue to work as before. * Minimal testing impact anticipated—basic smoke tests recommended to confirm end-to-end functionality remains intact. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR implements custom event tracking using vercel analytics as a first approach to track user interactions in the website. - Include a flag `enableTrackingEvents` in the configurations which will enable/disable custom even trackings depending on the branch - Add `EVENT_NAME` and `EventProperties` which includes the custom event name and the fields that will be added - Include functions to track custom events - Current events being tracked - Chain Selection - Token Selection - Transaction Submission - Transaction Submission Failed - Wallet Connection Initiated - Wallet Connected <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Added analytics for wallet connection initiation and connected wallets (deduplicated). * Added analytics for chain selection, token selection, transaction submission, and transaction failures. * Transaction submission events include transaction hash, chain info, amount and wallet details. * New config flag enableTrackingEvents (default: false) to toggle analytics. * **Bug Fixes** * Submit button click now consistently triggers connection analytics when a wallet connection is initiated. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
- Update analytics event to be more consistent so that it represents actions - Include sessionId from the app instead, remove one property from tx failed - Include custom Page Viewed event
This PR is taken from #746, removing only the piece related to tokenFeeQuote and getting lowest fee route - Adds FeeSectionButton and TransferFeeModal that displays the amount of transfer fee the user has to pay - Update useFeeQuotes to reflect the changes related to fees - Update hyperlane packages <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a fee section button and a modal showing detailed local and interchain fee breakdowns. * Added utilities to compute and consolidate transfer fees and to select the optimal transfer token. * **Updates** * Updated Hyperlane registry, SDK, utils, and widgets to newer versions. * Added a documentation link for fee estimation. * Review/details view updated to conditionally surface fee information and improved fee-fetching behavior (optional highest-collateral token search). * **Tests** * Added comprehensive tests covering fee aggregation and edge cases. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
fixes [ENG-2200](https://linear.app/hyperlane-xyz/issue/ENG-2200/warp-template-ui-should-show-fees-also-in-usd-terms) - Fetches token prices in USD from the CoinGecko API - Shows token price multiplied by the amount - Attach `coinGeckoId` when warpCore is when built to each token that has no `coinGeckoId` (synthetic tokens mostly) <img width="548" height="350" alt="image" src="https://github.com/user-attachments/assets/af5b843c-c505-4631-8bab-99e741429630" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Token transfers now show approximate USD prices below the amount input (en-US, two decimals). Prices appear only when the converted total is at least $0.01. * Pricing updates automatically every 60 seconds and loads without refetching on window focus. * **Improvements** * Price availability is more consistent across routes by filling missing price identifiers from related tokens when possible. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR closes [ENG-1979](https://linear.app/hyperlane-xyz/issue/ENG-1979/ui-should-support-arbitrary-quotetransferremote-fees), [ENG-2078](https://linear.app/hyperlane-xyz/issue/ENG-2078/ui-should-show-user-fees-before-telling-validating) and [ENG-2079](https://linear.app/hyperlane-xyz/issue/ENG-2079/ui-should-pick-route-with-lowest-fee ) With the inclusion of `tokenFeeQuote`, the UI needs to account for this new fee field - Creates a `FeeSectionButton` that shows total fees, this section will show before validation and clicking it will show a detail modal - Now searches for route with lowest fee (tokenFeeQuote) instead of highest collateral value in destination - Introduce a few utils function to help with fee managing <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a "Token Fee" line to the transfer fee breakdown when applicable. * **Improvements** * Fee values now show 8 decimal places for clearer pricing. * Transfer routing now prefers lower-cost routes to reduce fees. * Smarter fee estimation and validation: debounced amounts, sender-aware lookups, fee-aware max-transfer calculations, and minor layout spacing refinements. * **Chores** * Updated internal dependencies. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fixed an issue where it would return the originToken if no token with fees was found instead of tokens that have enough collateral to bridge <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved fallback token selection logic for transfers when no fee-enabled routes are available. The system now prioritizes selecting from available token balances instead of defaulting to the original token. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Upgrade packages to 19.9.0
This was already done for warp route data but not chain metadata
chore: update registry to 23.6.0
This PR update TokenListModal to: - Search by token `collateralAddressOrDenom` - Include both `addressOrDenom` and `collateralAddressOrDenom` to unsupported token list search
…stead (#816) - Fixes an issue where `dedupeTokens` would merge tokens from m0 standards because they have the same `addressOrDenom` for all routes, adding `symbol` to `dedupeTokens` fixes this - Now URL query params use symbol instead of `addressOrDenom`, some duplications will be expected but not for production instances since there is a defined `warpRouteWhiteList`
Using the current version of the `dedupeToken` causes `WarpCore.findToken()` to fail because it returns two results from the `gasAddressOrDenom` returned from the adapter, this temporary fix the issue by separating m0 tokens `dedupeToken` id as I figured out the issue <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed token deduplication so M0 Portal Lite tokens are distinguished from other token types (uses token symbol plus chain to avoid collisions when address/denom overlaps). <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…824) ## Summary This PR makes the `create-merge-prs` workflow more robust and migrates to using Hyper Gonk GitHub App authentication (matching the pattern in hyperlane-monorepo). ### Changes **Gonk Migration:** - Replace `GITHUB_TOKEN` with Hyper Gonk GitHub App authentication - Uses `HYPER_GONK_APP_ID` and `HYPER_GONK_PRIVATE_KEY` secrets - Git commits now show as Hyper Gonk bot instead of `github-actions[bot]` **Merge Conflict Handling:** - Check if merge is actually needed before attempting (skip if branch is up-to-date) - Gracefully handle merge conflicts by aborting and reporting - Output clear warnings/errors when conflicts occur **Additional Robustness:** - Add `workflow_dispatch` for manual triggering - Add concurrency control to prevent race conditions - Add explicit `permissions` declaration (`contents: write`, `pull-requests: write`) - Upgrade `actions/checkout` from v3 to v5 - Better logging messages throughout ### Prerequisites Ensure the following are configured: - Hyper Gonk GitHub App is installed on this repository - `HYPER_GONK_APP_ID` secret is set - `HYPER_GONK_PRIVATE_KEY` secret is set ## Test plan - [ ] Verify secrets are configured in the repository - [ ] Manually trigger the workflow via Actions tab - [ ] Verify workflow runs successfully for branches that need updates - [ ] Verify workflow skips branches already up-to-date 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added manual workflow trigger capability for merge PR creation. * Implemented automatic merge conflict detection and handling. * **Chores** * Enhanced security with improved token management. * Optimized PR creation logic for better branch merge workflows. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude <noreply@anthropic.com>
## Summary - Adds a weekly workflow that automatically updates Hyperlane dependencies (sdk, utils, registry, widgets) - Uses Hyper Gonk GitHub App for authentication to ensure CI workflows are triggered on PRs ## Details The workflow runs every Monday at 9 AM UTC and can also be triggered manually. It: 1. Fetches latest versions from npm 2. Updates package.json 3. Runs yarn install 4. Creates/updates a PR with the changes 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Enabled automated weekly updates for core dependencies. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Automated Dependency Update This PR updates the Hyperlane dependencies to their latest versions. **Updated versions:** - `@hyperlane-xyz/sdk`: `19.11.0` - `@hyperlane-xyz/utils`: `19.11.0` - `@hyperlane-xyz/registry`: `23.7.0` - `@hyperlane-xyz/widgets`: `19.11.0` **Changes include:** - Updated `package.json` with latest Hyperlane package versions - Updated `yarn.lock` via `yarn install` --- 🤖 This PR was automatically generated by the [update-hyperlane-deps workflow](.github/workflows/update-hyperlane-deps.yml) Co-authored-by: hyper-gonk[bot] <246310972+hyper-gonk[bot]@users.noreply.github.com>
## Summary Fixes the authentication order in the `create-merge-prs.yaml` workflow so that gonk token is used correctly for pushes. **Problem:** The workflow was checking out the repo before generating the gonk token, so the remote URL was configured with the default `GITHUB_TOKEN` instead of gonk credentials. **Solution:** - Move token generation **before** checkout - Add `token:` parameter to checkout step - Add user ID lookup for proper email format (consistent with other workflows) This should fix the issue Jason identified in #829 where the workflow wasn't using gonk credentials correctly. --- 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Optimized internal CI/CD workflow for pull request automation, improving authentication handling and Git configuration management. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
2b9fa90 to
6037a05
Compare
## Summary Adds Claude-powered code review to this repository, adapted from hyperlane-monorepo. ## Changes ### Workflow (`.github/workflows/claude-code-review.yml`) 3 jobs with fork security guards: - **code-review**: Triggered by `@claude review` comment or `claude-review` label (claude-opus-4-5) - **security-review**: Auto-runs on non-draft PRs from same repo (claude-opus-4-5) - **interactive**: Responds to `@claude` mentions in PR comments (claude-sonnet-4-5) Security features: - `author_association` check (MEMBER/OWNER/COLLABORATOR only) for comment triggers - Same-repo check (`github.event.pull_request.head.repo.full_name == github.repository`) for auto-triggered jobs - Same-repo check for label triggers - `actions/checkout@v6` ### Prompts (`.github/prompts/`) - **code-review.md**: Frontend-specific TypeScript review (chain-aware addresses, useQuery patterns, CSP) - **security-scan.md**: Frontend/Web3 security (XSS, wallet security, blind signatures, CSP headers) ### Skills (`.claude/skills/`) - `/claude-review` → `.github/prompts/code-review.md` - `/claude-security-review` → `.github/prompts/security-scan.md` ### Other - **CLAUDE.md**: Added engineering philosophy, tips, and verification guidelines - **.gitignore**: Added `.opencode` and `.sisyphus` ## Setup Required⚠️ **Before merging**, configure the `ANTHROPIC_API_KEY` secret: 1. Go to Settings → Secrets and variables → Actions 2. Add repository secret: `ANTHROPIC_API_KEY` ## Usage | Trigger | Action | |---------|--------| | `@claude review` comment | Full code review | | `claude-review` label | Full code review | | `@claude security` comment | Security review | | `@claude <question>` comment | Interactive help | | Non-draft PR (same repo) | Auto security review |
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
6037a05 to
eca6c06
Compare
## Summary - Adds AGENTS.md as a duplicate of CLAUDE.md for compatibility with other AI coding tools 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
eca6c06 to
16e6ab0
Compare
- Update CSP directive to allow Web Assemble execution - Upgrade Hyperlane packages
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
16e6ab0 to
4ba908a
Compare
Prevent white screen flashing when page loads by using main bg color as the base color
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
4ba908a to
9cafa02
Compare
## Summary - Update `claude-opus-4-5` to `claude-opus-4-6` in the Claude code review workflow (code review + security review jobs) ## Test plan - [ ] Verify workflow triggers correctly on next PR 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
9cafa02 to
23eeb79
Compare
…928) ## Summary - Adds `sourcemaps: { disable: true }` to Sentry config in `next.config.js` ## Context Vercel builds randomly hang 45+ minutes, getting stuck on "sending sentry telemetry info" during source map upload. The Sentry API has variable response times with no timeout configured, causing indefinite waits. ## What this changes Disables Sentry source map upload during build. Error tracking via the tunnel route (`/monitoring-tunnel`) and all other Sentry configuration remain intact. ## Verification - `pnpm build` completes successfully - Tunnel route confirmed present in build output - All other Sentry config preserved (org, project, authToken, hideSourceMaps, tunnelRoute, bundleSizeOptimizations) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated error tracking configuration settings. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
23eeb79 to
699a8d7
Compare
## Summary
- Skip ESLint and TypeScript checking during `next build` (Vercel)
- Disable Sentry build telemetry (Sentry SDK phoning home to Sentry Inc.
— unrelated to your error tracking)
- Add dedicated `typecheck` CI job (so `typescript.ignoreBuildErrors` is
safe)
- Parallelize all CI jobs — remove `install` gate, no serial
dependencies
## Vercel build results
| | Before | After | Savings |
|---|--------|-------|---------|
| **Total build** | 9 min | **5 min** | **~4 min (44%)** |
| Lint + typecheck | ~4 min | Skipped | -4 min |
## CI changes
**Before:**
```
install ─┬─ build ─── test (serial)
├─ prettier
└─ lint
```
**After:**
```
build, typecheck, test, prettier, lint — all parallel, no gates
```
- Removed `install` gate job — every job already does its own `pnpm
install`, the gate just added ~30s of serial delay
- `typecheck` added — catches type errors that
`typescript.ignoreBuildErrors` skips in Vercel build
- `test` no longer depends on `build` — Vitest runs against source,
doesn't need Next.js build output
- Lockfile drift check moved into `build` job's install step
## Changes
- `next.config.js`: `eslint.ignoreDuringBuilds`,
`typescript.ignoreBuildErrors`, `sentryOptions.telemetry: false`
- `.github/workflows/ci.yml`: Remove `install` gate, add `typecheck`,
parallelize `test`
## Verification
- `pnpm build` ✅ on Vercel (5 min, down from 9 min)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Optimized CI/CD pipeline with improved job separation and caching
strategies
* Updated build configuration for enhanced development workflow
efficiency
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
699a8d7 to
2245440
Compare
## Summary - Add `/inline-pr-comments` skill for posting inline PR review comments - Update `/claude-review` and `/claude-security-review` to reference inline-pr-comments - Simplify workflow to call skills directly instead of reading prompt files - Add PR Review Comment Format section to AGENTS.md Mirrors hyperlane-xyz/hyperlane-monorepo#8040 for this repo.
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
2245440 to
528f586
Compare
## Automated Dependency Update This PR updates the Hyperlane dependencies to their latest versions. **Updated versions:** - `@hyperlane-xyz/sdk`: `25.0.0` - `@hyperlane-xyz/utils`: `25.0.0` - `@hyperlane-xyz/registry`: `23.14.0` - `@hyperlane-xyz/widgets`: `25.0.0` **Changes include:** - Updated `package.json` with latest Hyperlane package versions - Updated `pnpm-lock.yaml` via `pnpm install` --- 🤖 This PR was automatically generated by the [update-hyperlane-deps workflow](.github/workflows/update-hyperlane-deps.yml) Co-authored-by: hyper-gonk[bot] <246310972+hyper-gonk[bot]@users.noreply.github.com>
# Conflicts: # .github/workflows/ci.yml # package.json # pnpm-lock.yaml # src/components/layout/AppLayout.tsx # src/components/nav/Footer.tsx # src/consts/config.ts # src/consts/links.ts # src/features/analytics/utils.ts # src/features/tokens/types.ts # src/features/tokens/utils.ts # src/features/transfer/TransferTokenForm.tsx # src/features/transfer/fees.test.ts # src/features/transfer/fees.ts # src/features/transfer/maxAmount.ts # src/features/transfer/useFeeQuotes.ts # src/features/transfer/useTokenTransfer.ts
hyper-gonk
bot
force-pushed
the
main-to-ousdt
branch
from
528f586 to
165234a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was automatically created to merge changes from
mainintoousdt.