Conversation
Summary of ChangesHello @aqt-dev, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the AnySpend application by integrating the Orderly Network's deposit capabilities. The changes allow users to perform cross-chain token deposits, converting various tokens into USDC and depositing them directly into the Orderly vault. This integration provides a streamlined and efficient way for users to manage their assets across different blockchain networks within the AnySpend ecosystem. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request does a great job of integrating Orderly Network's deposit functionality into the AnySpend application. The changes are well-structured, with new components for the UI, SDK components for the core logic, a dedicated hook for fee calculation, and a comprehensive set of constants for chain configurations. My review includes a few points to enhance the implementation. I've identified a critical security vulnerability related to a hardcoded secret that should be addressed immediately. I also found a high-severity correctness issue in the transaction handling logic that could lead to failed deposits. Additionally, I've suggested a couple of medium-severity improvements for better maintainability and configuration flexibility. Overall, this is a solid contribution, and addressing these points will make it even more robust and secure.
| NEXT_PUBLIC_DEVMODE_SHARED_SECRET: | ||
| process.env.NEXT_PUBLIC_DEVMODE_SHARED_SECRET || "k1c4Ep6agmoejiBinKE70B6bzb8vSdm8", |
There was a problem hiding this comment.
A potentially sensitive shared secret is hardcoded as a default value. Hardcoding secrets in source code is a critical security vulnerability, as it exposes them to anyone with access to the repository. Additionally, the NEXT_PUBLIC_ prefix makes this variable accessible on the client-side, increasing the risk. Secrets should be loaded exclusively from environment variables, and the application should be configured to fail at build time if a required secret is missing in production environments.
| NEXT_PUBLIC_DEVMODE_SHARED_SECRET: | |
| process.env.NEXT_PUBLIC_DEVMODE_SHARED_SECRET || "k1c4Ep6agmoejiBinKE70B6bzb8vSdm8", | |
| NEXT_PUBLIC_DEVMODE_SHARED_SECRET: | |
| process.env.NEXT_PUBLIC_DEVMODE_SHARED_SECRET, |
| await sendTransactionAsync({ | ||
| to: chainConfig.usdcAddress, | ||
| data: encodeFunctionData({ | ||
| abi: erc20Abi, | ||
| functionName: "approve", | ||
| args: [chainConfig.vaultAddress, amountInUnits], | ||
| }), | ||
| }); | ||
|
|
||
| // Small delay to ensure approval is mined | ||
| await new Promise(resolve => setTimeout(resolve, 2000)); |
There was a problem hiding this comment.
Using a fixed setTimeout to wait for a transaction to be mined is unreliable. Network congestion can cause transaction times to vary significantly, and a 2-second delay may not be sufficient, leading to the subsequent deposit transaction failing because the approval has not yet been confirmed. You should explicitly wait for the approval transaction to be confirmed before proceeding.
To fix this, you should:
- Import
usePublicClientfromwagmiand get a client instance:const publicClient = usePublicClient({ chainId }); - Capture the transaction hash from the
sendTransactionAsynccall for the approval. - Use
publicClient.waitForTransactionReceiptto wait for the approval transaction to be confirmed. - Add
publicClientto theuseCallbackdependency array forexecuteDeposit.
| await sendTransactionAsync({ | |
| to: chainConfig.usdcAddress, | |
| data: encodeFunctionData({ | |
| abi: erc20Abi, | |
| functionName: "approve", | |
| args: [chainConfig.vaultAddress, amountInUnits], | |
| }), | |
| }); | |
| // Small delay to ensure approval is mined | |
| await new Promise(resolve => setTimeout(resolve, 2000)); | |
| const approvalTxHash = await sendTransactionAsync({ | |
| to: chainConfig.usdcAddress, | |
| data: encodeFunctionData({ | |
| abi: erc20Abi, | |
| functionName: "approve", | |
| args: [chainConfig.vaultAddress, amountInUnits], | |
| }), | |
| }); | |
| // Wait for approval to be mined | |
| await publicClient.waitForTransactionReceipt({ hash: approvalTxHash }); |
| metadata: { | ||
| logoURI: | ||
| "https://raw.githubusercontent.com/trustwallet/assets/master/blockchains/ethereum/assets/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48/logo.png", | ||
| }, |
There was a problem hiding this comment.
The logoURI for the USDC token is hardcoded to the Ethereum mainnet USDC logo for all chains. This can be inaccurate, as different chains may have distinct logos for their native or bridged USDC versions (e.g., USDC.e). For better accuracy and maintainability, consider adding a usdcLogoUri property to the OrderlyChainConfig interface and populating it for each chain.
| const ORDERLY_DEPOSIT_ABI = JSON.stringify([ | ||
| { | ||
| name: "deposit", | ||
| type: "function", | ||
| stateMutability: "payable", | ||
| inputs: [ | ||
| { | ||
| name: "depositData", | ||
| type: "tuple", | ||
| components: [ | ||
| { name: "accountId", type: "bytes32" }, | ||
| { name: "brokerHash", type: "bytes32" }, | ||
| { name: "tokenHash", type: "bytes32" }, | ||
| { name: "tokenAmount", type: "uint128" }, | ||
| ], | ||
| }, | ||
| ], | ||
| outputs: [], | ||
| }, | ||
| ]); |
There was a problem hiding this comment.
The ORDERLY_DEPOSIT_ABI is a hardcoded duplicate of the deposit function's ABI, which is already defined within ORDERLY_VAULT_ABI in constants/orderly.ts. This code duplication is a maintenance risk. To avoid potential inconsistencies, you should import ORDERLY_VAULT_ABI and derive ORDERLY_DEPOSIT_ABI from it by filtering for the 'deposit' function.
const ORDERLY_DEPOSIT_ABI = JSON.stringify(ORDERLY_VAULT_ABI.filter(item => item.name === "deposit"));
1 participant
Summary
This PR introduces a comprehensive integration of the Orderly Network's deposit functionality into the AnySpend application, enabling users to deposit tokens across multiple chains seamlessly. It includes new components, hooks, and constants to facilitate deposits and manage fees.
Changes
• Added
AnySpendOrderlyDepositButtonandOrderlyDepositButtoncomponents for initiating deposits to the Orderly Network from the UI.• Introduced
AnySpendOrderlyDepositandOrderlyDepositcomponents to handle the deposit logic, including user interactions and transaction management.• Implemented
useOrderlyDepositFeehook to fetch and calculate the deposit fees dynamically based on the selected chain and deposit amount.• Created constants for Orderly Network configurations, including supported chains and their respective contract addresses.