Releases: AmbireTech/ambire-common
Releases · AmbireTech/ambire-common
Release list
v2.101.3
v2.102.0
Changelog:
- Added: Safeguards for extreme gas fees and excessive swap losses #2419
- Adds warning thresholds for gas fees above 20 GWEI on mainnet or $10 on other chains, and for swap losses above $10k.
- Introduces severity levels (
elevated/extreme) so the UI can present proportionate warnings before signing.
- Added: Persistent default fee token preference across sessions #2454
- Introduces
SignAccountOpPreferenceControllerto load and persist the user's preferred fee token once, shared acrossSignAccountOp,Transfer, andSwapAndBridgeflows. - Previously preference was reset on each new controller instance; now it survives navigation and app restarts.
- Introduces
- Added: Suspicious dApp hosting platform detection #2457
- Detects when a dApp is served from a shared hosting platform (Google Sites, Vercel, etc.) commonly exploited for phishing because the parent domain bypasses most phishing filters.
- Introduces a new
SUSPICIOUS_HOSTINGstatus visible in signing screens, covering both direct hosting and iframe-embedded tab contexts.
- Changed: Switch internal AI code review model to kimi nitro for improved reliability #2468
- Changed: Configure AI general code review to run with Sonnet via
--sonnetflag #2469 - Changed: Replace error toast with a soft gas fee confirmation when fees auto-update during broadcast #2464
- When a transaction is rejected due to an outdated fee estimate and the wallet silently re-estimates, the user now sees a soft confirmation prompt instead of a red error toast.
- Adds
gasFeeChangedConfirmationRequiredflag anddismissGasFeeChangedConfirmation()method onSignAccountOpController.
- Changed: Batch ENS reverse lookups using deployless multicall #2465
- Reduces ENS reverse-lookup requests from up to 240 down to 5 per session, significantly speeding up address display when many contacts or tokens have associated ENS names.
- Changed: Restrict AI review workflow to run only for repository members #2480
- Changed: Default the Swap & Bridge receive network to the same chain as the auto-selected from token when opened from the Dashboard #2485
- Changed: Defer relayer network refresh off the initial load path #2483
NetworksControllernow seeds from storage and resolves immediately, then refreshes from the relayer in the background — removing a potential 5s blocking fetch from the startup critical path.- Adds
areNetworksFetchingFromRelayerflag so the UI can show a loading state for balances while the sync is in flight.
- Changed: Update AGENTS.md guidelines and lint the project #2493
- Fixed:
SignMessagedApp verification banner state not propagating on update #2479
Full Changelog: v2.101.2...v2.102.0
v2.101.2
v2.101.1
Changelog:
- Added:
Margin,PerpetualandPredictiontoAssetType#2477 - Added: Detecting native value in approvals + add a warning for it #2470
- Changed: Do NOT run the embedded-domain check for ERC-20 tokens #2473
- Changed: Improve asset blacklisting to avoid false positives (lure words are matched as whole words and only inside multi-word text, so a single-token symbol/name (WIN, WETH, WIN-AIRDROP) stays visible while "claim your airdrop now" is hidden) #2476
- Fixed: DeFi apps positions not sorted #2478
- Fixed: Replace json stringify when checking message for signing, v1 accounts only #2471
- Fixed: Retry asset discovery #2475
- Fixed: Max transfer of only option with fee underpriced #2481
- Fixed: Enhance asset blacklist checks by ensuring separate matching for symbol and name to prevent false positives (+ add tests) #2474
- Fixed: Humanization typehints on getAddressVisualization, safe accounts #2486
- Fixed: Default Swap & Bridge receive network on Dashboard open #2485
Full Changelog: v2.101.0...v2.101.1
v2.100.5
Changelog:
- Added: Detecting native value in approvals + add a warning for it #2470
- Fixed: Replace json stringify when checking message for signing, v1 accounts only #2471
- Fixed: Retry asset discovery #2475
Full Changelog: v2.100.4...v2.100.5
v2.101.0
Changelog:
- Added: Per-dApp account scoping #2391
- Lets each connected dApp have its own set of allowed accounts and a remembered selected account, with a toggle to disable scoping while keeping settings.
- When a dApp requests a signature for an account other than the selected one, a switch-account request is inserted first and tied to the original request.
- Added: Chain ID validation for EIP-712 signatures #2427
- Verifies the domain chainId on 712 signing requests, matching MetaMask/Rabby behavior: missing or 0 chainId assumes the current chain, a mismatched chainId throws for the dApp to handle.
- Added: Uniswap as a Swap & Bridge provider #2432
- Adds Uniswap Trading API alongside LiFi, Socket, and Squid, supporting swaps, bridges, wraps, and unwraps.
- Polls Across deposit status for Uniswap routes fulfilled through Across.
- Handle Uniswap sponsorship using the output token fee and disable sponsorship for Uniswap bridges.
- Ranks routes by received USD value after gas costs, fetches destination-token USD prices from Cena (including tokens outside the portfolio), and removes the symbol-based stablecoin $1 assumption.
- Improve parallel provider quote collection so completed routes are not missed.
- Added: Automatic discovery of DeFi positions after transactions #2440
- Schedules a portfolio update one minute after a transaction so newly created DeFi positions are discovered without hitting the relayer's force-update rate limit.
- Added: Hide spam tokens and NFTs that embed domains in their name #2458
- Detects domain-like strings in token/collection names using the Public Suffix List and treats them as scam, catching spam that hides a lure in the name without an https/www prefix.
- User-added custom assets stay exempt.
- Added: Match the spam filter against token and NFT names, not only symbols #2456
- Spam that keeps an innocent symbol but hides the lure in the name (common for NFTs) is now filtered, with custom assets preserved.
- Changed: Exclude tokens without a known USD price from the Swap & Bridge "From" list #2460
- Changed: Keep custom tokens without a USD price available in the Swap & Bridge "From" list #2461
- Changed: Show marketing banners and surveys based on backend requirements for all accounts #2443
- Changed: Support emoji in banners #2453
- Changed: Add Uniswap router addresses to the humanizer #2442
- Changed: Refactor AI PR reviews and fix security reviews #2448
- Changed: Fix pr-agent.yml workflow #2450
- Changed: Update AI PR review prompts and configuration #2451
- Changed: Update the general review prompt to find open-ended domain bugs #2452
- Changed: Set the PR agent log level to DEBUG #2466
Full Changelog: v2.100.4...v2.101.0
v2.100.4
v2.100.3
v2.100.2
v2.100.1
Changelog:
- Fixed: DeFi positions mixing after a skipped discovery #2444
- Fixed:
defiAppsgetTotalalwaysreturns 0 #2445 - Fixed: Clear signing cases #2447
- Add ERC-7730 humanization support for Safe reject transactions, including SafeTx typed messages and Safe
execTransactioncalls. - Improve Safe transaction decoding by falling back to ABI head parsing when normal decoding cannot decode nested/multisend calldata.
- Detect Permit2 zero-amount approvals as revoke approvals and show
Revoke approvalwording. - Improve ERC-7730 value handling for uint-encoded addresses, bigint address formatting, byte slices, and hex enum values.
- Normalize 1inch
fillOrderhumanization into clear swap rows: amount to send, minimum to receive, plus any non-token metadata rows. - Harden Safe module
execTransactiondecoding and delegate-call warning handling.
- Add ERC-7730 humanization support for Safe reject transactions, including SafeTx typed messages and Safe
Full Changelog: v2.100.0...v2.100.1