release: 7.75.1 #29674
Merged
Merged
Conversation
Contributor
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
chloeYue
added
auto-rc-builds
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## stable #29674 +/- ##
==========================================
+ Coverage 81.50% 82.27% +0.76%
==========================================
Files 4621 5130 +509
Lines 121060 135930 +14870
Branches 26604 30605 +4001
==========================================
+ Hits 98671 111831 +13160
- Misses 15451 16469 +1018
- Partials 6938 7630 +692 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
- feat(perps): force unified account (#29492) ## **Description** HyperLiquid is deprecating DEX Abstraction mode (~May 9). This PR forces every Perps user onto **Unified Account** mode on app open and fixes the withdraw + balance-display flows that were broken in the target state. ### 1. Forced migration to Unified Account Migration paths by current abstraction mode: - `default` / `disabled` → silently migrated via `agentSetAbstraction({ abstraction: 'u' })` — no signing prompt - `dexAbstraction` → one-time EIP-712 prompt via `userSetAbstraction({ user, abstraction: 'unifiedAccount' })` — agent-key path is blocked by HL for this transition - `unifiedAccount` → no-op, cached immediately Key details: - Replaces deprecated `agentEnableDexAbstraction` / `userDexAbstraction` with `agentSetAbstraction` / `userSetAbstraction` / `userAbstraction` - Runs on perps section open (`#ensureReady()`) so users are set up before trading - `TradingReadinessCache` prevents repeated prompts (critical for hardware/QR wallets); `KEYRING_LOCKED` skips the cache so it retries on unlock - In-flight deduplication blocks concurrent signing attempts across provider instances - Segment analytics: `Perp Account Setup` event tracks mode distribution + outcome (`already_enabled` / `migration_required` / `success` / `failed`) ### 2. Withdraw + balance display fix (folded in from #29537) In Unified mode, USDC collateral lives in the spot clearinghouse, so `clearinghouseState.withdrawable` is $0 — pre-fix the withdraw screen showed $0 max with the button disabled, and the confirm-flow alert blocked submission. - `accountUtils.addSpotBalanceToAccountState` folds free spot USDC into `availableToTradeBalance` for Unified / Portfolio Margin; `dexAbstraction` / Standard keep spot separate (fold gated on resolved abstraction mode) - `HyperLiquidSubscriptionService.invalidateUserAbstractionCache(addr)` evicts stale pre-migration mode and re-aggregates immediately. Called by `HyperLiquidProvider` after both successful migration paths so the WS-driven aggregator doesn't serve a $0 balance for ~60s after migration completes. - Withdraw screen, withdraw validation, confirm-flow insufficient-balance alert, and percentage buttons all read `availableToTradeBalance ?? availableBalance` — fallback keeps Standard / legacy callers correct. ## **Changelog** CHANGELOG entry: Fixed Hyperliquid withdraw showing $0 and being blocked for users on Unified Account mode. ## **Related issues** Fixes: TAT-3112 (Unified Account migration), withdrawal break tracked in [TAT-3047](https://consensyssoftware.atlassian.net/browse/TAT-3047) ## **Manual testing steps** ```gherkin Feature: Unified Account migration + withdraw Scenario: First-time migration (default/disabled mode) Given the user has never used Perps When they open the Perps section Then migration runs silently (no prompt) And HIP-3 markets are visible Scenario: dexAbstraction → unifiedAccount migration Given the user has DEX Abstraction enabled When they open the Perps section Then a one-time EIP-712 signing prompt appears When they sign Then HIP-3 markets are visible and trades succeed And reopening Perps does not prompt again Scenario: Unified Account user withdraws spot-funded balance Given the user is in Unified Mode with $0 perps withdrawable and >$0 spot USDC When they open the Withdraw screen Then "Available Perps balance" shows the unified value (perps + free spot USDC) And Max enables and submission proceeds via withdraw3 And spot USDC drops by amount + fee ``` ### Live validation evidence Validated on dev1 mainnet (`0x8dc6…9003`) in the exact bug-class state: - HL mode: `unifiedAccount` / perps `withdrawable`: $0 / spot USDC free: $26.41 - App: `availableBalance` = $0 / `availableToTradeBalance` = $26.41 - Withdraw screen renders **"Available Perps balance: $26.41"** + Max enabled (pre-fix would show $0 / disabled) ## **Screenshots/Recordings** ### **Before** <!-- $0 max + disabled Max button on dev1 mainnet pre-fix --> ### **After** <!-- $26.41 max + Max enabled + successful withdraw on dev1 mainnet --> ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile Coding Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). #### Performance checks (if applicable) - [ ] I've tested on Android - [ ] I've tested with a power user scenario - [ ] I've instrumented key operations with Sentry traces for production performance metrics ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. [TAT-3047]: https://consensyssoftware.atlassian.net/browse/TAT-3047?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > High risk because it changes Perps account-mode migration/signing flow (including hardware-wallet behavior) and alters withdraw/payment balance calculations that gate user funds and transaction validation. > > **Overview** > Forces Perps users onto HyperLiquid **Unified Account** by replacing deprecated DEX-abstraction checks/calls with `userAbstraction` + `agentSetAbstraction`/`userSetAbstraction`, adding global in-flight/cached gating, retry semantics, and new `Perp Account Setup` analytics. > > Updates withdraw, confirmation, and pay-with flows to prefer `availableToTradeBalance ?? availableBalance`, and changes spot→perps folding to be **mode-gated** (fail-closed when abstraction mode is unknown) so Unified/Portfolio Margin users see spendable USDC while Standard/dexAbstraction users don’t over-report withdrawable funds. > > Renames cache-clearing APIs from DEX abstraction to Unified Account, adds hardware-wallet detection to defer user-sign prompts on browse, and expands tests/docs to cover unified-mode folding, migration paths, and race conditions in spot/account aggregation. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit e5495f9. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: geositta <matthew.denton@consensys.net> Co-authored-by: Nick Gambino <nicholas.gambino@consensys.net> Co-authored-by: Arthur Breton <arthur.breton@consensys.net> Co-authored-by: abretonc7s <107169956+abretonc7s@users.noreply.github.com> [cc44460](cc44460) [TAT-3047]: https://consensyssoftware.atlassian.net/browse/TAT-3047?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ Co-authored-by: Alejandro Garcia Anglada <aganglada@gmail.com>
This comment has been minimized.
This comment has been minimized.
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit fe173db. Configure here.
sleepytanya
previously approved these changes
May 5, 2026
Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
🚀 RC Builds Ready for Testing
More Info
AI Test Plan
Executive SummaryRelease Focus: Migration from deprecated HyperLiquid DEX Abstraction to Unified Account mode, with balance reporting fixes ensuring Unified Account and Portfolio Margin users see correct withdrawable balances across all Perps flows. Key Changes:
Critical Areas: Perps Withdraw flow with Unified Account mode users (balance display, max withdraw, validation), Account setup migration from dexAbstraction to unifiedAccount (EIP-712 signing prompt timing), Balance aggregation correctness when spot balances fold into perps collateral, Insufficient balance alert accuracy for Unified Account users, Payment token selection showing correct available balance in Pay-with sheet Overall Risk: HIGH Recommendation: Conditional go — the Unified Account migration touches every balance-reporting surface in the Perps feature and introduces new async retry logic with a kill-switch. All high-risk withdraw, balance display, and account setup scenarios must pass before release. The fail-closed design (under-reporting rather than over-reporting) is correct but must be verified to not block legitimate withdrawals for Unified Account users. Release Scenarios (10)High Risk Scenarios (6)1. Perps - Withdraw Flow (Unified Account)Risk Level: HIGH Why This Matters: PerpsWithdrawView.tsx now uses account?.availableToTradeBalance ?? account?.availableBalance for both the max amount calculation and the balance check. useWithdrawValidation.ts and useInsufficientPerpsBalanceAlert.ts also switched to availableToTradeBalance. For Unified Account users, availableBalance was $0 (mirrors HL's clearinghouseState.withdrawable), so the old code would have shown $0 and blocked all withdrawals. The new code must correctly surface the folded balance. Preconditions:
Test Steps:
Expected Outcomes:
2. Perps - Account Setup Migration (dexAbstraction → unifiedAccount)Risk Level: HIGH Why This Matters: HyperLiquidProvider.ts completely replaced #ensureDexAbstractionEnabled with #ensureUnifiedAccountEnabled, introducing allowUserSigning gating and #unifiedAccountSetupNeedsRetry logic. The TradingReadinessCache renamed dexAbstraction to unifiedAccount throughout. A regression here could either spam users with signing prompts on every page load or silently fail to migrate, leaving users unable to trade. Preconditions:
Test Steps:
Expected Outcomes:
3. Perps - Balance Display (Standard vs Unified Account)Risk Level: HIGH Why This Matters: hyperLiquidModeFoldsSpot in hyperliquid-types.ts and addSpotBalanceToAccountState in accountUtils.ts now gate spot folding on the resolved abstraction mode. HyperLiquidSubscriptionService.ts added #abstractionModeByUser map and setUserAbstractionMode. Multiple hooks (usePerpsBalanceTokenFilter, usePerpsPaymentTokens, useTransactionCustomAmount) all switched to availableToTradeBalance. Incorrect folding would either over-report funds (Standard users) or under-report (Unified users). Preconditions:
Test Steps:
Expected Outcomes:
4. Perps - Hardware Wallet Account DetectionRisk Level: HIGH Why This Matters: HyperLiquidWalletService.ts added isSelectedHardwareWallet() using a hardcoded HARDWARE_KEYRING_TYPES set and AccountTreeController:getSelectedAccountGroup. This is new code with no prior equivalent — if metadata structure differs from expected or the messenger call fails, it could throw or silently return wrong values, affecting the migration flow for hardware wallet users. Preconditions:
Test Steps:
Expected Outcomes:
5. Perps - Subscription Service Balance AggregationRisk Level: HIGH Why This Matters: HyperLiquidSubscriptionService.ts changed #refreshSpotState to use Promise.allSettled for concurrent spot+abstraction fetching, added #abstractionModeByUser map, and modified the fingerprint string to include availableToTradeBalance. The generation-check bailout was also removed to ensure abstraction mode is always resolved. These are complex async changes where race conditions could cause stale or incorrect balance reporting. Preconditions:
Test Steps:
Expected Outcomes:
6. Perps - Withdraw Confirmation Screen BalanceRisk Level: HIGH Why This Matters: perps-withdraw-balance.tsx replaced the inline useMemo with formatPerpsBalance and switched to availableToTradeBalance. useInsufficientPerpsBalanceAlert.ts now reads availableToTradeBalance from PerpsController state. The new formatPerpsBalance utility in formatUtils.ts uses truncateToTwoDecimals to prevent displayed amount from exceeding actual withdrawable — a regression here could allow users to attempt withdrawals that will fail on-chain. Preconditions:
Test Steps:
Expected Outcomes:
Medium Risk Scenarios (4)1. Perps - Kill-Switch and Retry ResilienceRisk Level: MEDIUM Why This Matters: HyperLiquidProvider.ts introduced #unifiedAccountSetupNeedsRetry and modified #ensureReady to reset the memoized promise when retry is needed. The kill-switch (useUnifiedAccount=false) is the emergency rollback path. These resilience mechanisms are critical for production stability but are complex async state machines that could have subtle bugs. Preconditions:
Test Steps:
Expected Outcomes:
2. Perps - Analytics Events for Account SetupRisk Level: MEDIUM Why This Matters: eventNames.ts added ABSTRACTION_MODE, PREVIOUS_ABSTRACTION_MODE properties and ALREADY_ENABLED, MIGRATION_REQUIRED values. MetaMetrics.events.ts added PERPS_ACCOUNT_SETUP event. These are new analytics instrumentation points — incorrect firing could skew migration metrics used to assess rollout health. Preconditions:
Test Steps:
Expected Outcomes:
3. Perps - Payment Token Selection with Unified Account BalanceRisk Level: MEDIUM Why This Matters: usePerpsPaymentTokens.ts and usePerpsBalanceTokenFilter.ts both switched to availableToTradeBalance ?? availableBalance. useTransactionCustomAmount.ts also updated. For Unified Account users where availableBalance is $0, the old code would have shown $0 in the Pay-with sheet and potentially hidden the HyperLiquid payment option entirely, blocking trades. Preconditions:
Test Steps:
Expected Outcomes:
4. Perps - Portfolio Margin Mode Balance HandlingRisk Level: MEDIUM Why This Matters: hyperliquid-types.ts defines hyperLiquidModeFoldsSpot to return true for both 'unifiedAccount' and 'portfolioMargin'. The HL_ABSTRACTION_WIRE constants document the full wire format. If portfolioMargin handling is broken, those users would see $0 available balance and be unable to trade or withdraw. Preconditions:
Test Steps:
Expected Outcomes:
Excluded Features - Feature Flags Disabled (56)The following features are disabled via feature flags and should NOT be tested:
Generated by AI Test Plan Analyzer (claude-sonnet-4-6) at 2026-05-05T18:02:08.219Z AI generated test plan (JSON): Available as artifact |
Contributor
Author
|
policy-bot: approve |
<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until this PR meets the canonical
Definition of Ready For Review in `docs/readme/ready-for-review.md`.
In short: the template must be materially complete (not just section
titles
present), all status checks must be currently passing, and the only
expected
follow-up commits must be reviewer-driven.
-->
## **Description**
Bump axios to 1.15.1
<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->
## **Changelog**
<!--
If this PR is not End-User-Facing and should not show up in the
CHANGELOG, you can choose to either:
1. Write `CHANGELOG entry: null`
2. Label with `no-changelog`
If this PR is End-User-Facing, please write a short User-Facing
description in the past tense like:
`CHANGELOG entry: Added a new tab for users to see their NFTs`
`CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker`
(This helps the Release Engineer do their job more quickly and
accurately)
-->
CHANGELOG entry:
## **Related issues**
Fixes:
## **Manual testing steps**
```gherkin
Feature: my feature name
Scenario: user [verb for user action]
Given [describe expected initial app state]
When user [verb for user action]
Then [describe expected outcome]
```
## **Screenshots/Recordings**
<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->
### **Before**
<!-- [screenshots/recordings] -->
### **After**
<!-- [screenshots/recordings] -->
## **Pre-merge author checklist**
<!--
Every checklist item must be consciously assessed before marking this PR
as
"Ready for review". A checked box means you deliberately considered that
responsibility, not that you literally performed every action listed.
Unchecked boxes are ambiguous: they are not an implicit "N/A" and they
are not
a silent "skip". See `docs/readme/ready-for-review.md` for the full
checklist
semantics.
-->
- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I've included tests if applicable
- [ ] I've documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I've applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.
#### Performance checks (if applicable)
- [ ] I've tested on Android
- Ideally on a mid-range device; emulator is acceptable
- [ ] I've tested with a power user scenario
- Use these [power-user
SRPs](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/edit-v2/401401446401?draftShareId=9d77e1e1-4bdc-4be1-9ebb-ccd916988d93)
to import wallets with many accounts and tokens
- [ ] I've instrumented key operations with Sentry traces for production
performance metrics
- See [`trace()`](/app/util/trace.ts) for usage and
[`addToken`](/app/components/Views/AddAsset/components/AddCustomToken/AddCustomToken.tsx#L274)
for an example
For performance guidelines and tooling, see the [Performance
Guide](https://consensyssoftware.atlassian.net/wiki/spaces/TL1/pages/400085549067/Performance+Guide+for+Engineers).
## **Pre-merge reviewer checklist**
<!--
Reviewer checklist items follow the same semantics as the author
checklist: an
unchecked box is ambiguous, a checked box means the reviewer consciously
assessed that responsibility. See `docs/readme/ready-for-review.md`.
-->
- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> **Low Risk**
> Low risk dependency bump limited to `axios` via Yarn
resolutions/lockfile, with potential for minor runtime behavior changes
in HTTP requests.
>
> **Overview**
> Updates the Yarn `resolutions` override to `axios@^1.15.1` and
refreshes `yarn.lock` to pull in `axios@1.15.2`.
>
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
c6c6073. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
Contributor
🔍 Smart E2E Test Selection⏭️ Smart E2E selection skipped - base branch is not main or a release branch (base: stable) All E2E tests pre-selected. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Contributor
|
✅ E2E Fixture Validation — Schema is up to date |
Contributor
Author
|
policy-bot: approve |
sleepytanya
approved these changes
May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Changelog
CHANGELOG entry: null
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Performance checks (if applicable)
trace()for usage andaddTokenfor an exampleFor performance guidelines and tooling, see the Performance Guide.
Pre-merge reviewer checklist
Note
High Risk
High risk because it changes perps balance/withdraw validation and introduces an automatic Unified Account migration flow that can trigger signing/caching behavior and affect how collateral is computed from spot + perps balances.
Overview
Fixes Unified Account perps withdrawals and balance display. Withdrawal UI/validation, confirmations, pay-with token selection, and insufficient-balance alerts now prefer
availableToTradeBalance(falling back toavailableBalance) so Unified Account users no longer see$0/blocked withdrawals.Adds Unified Account migration + spot-fold gating in the perps provider stack.
HyperLiquidProviderreplaces the deprecated DEX-abstraction enablement with a cached/in-flightuserAbstraction-based migration to Unified Account (silent agent path fordefault/disabled, user-signed path fordexAbstraction, deferred on hardware wallets), andHyperLiquidSubscriptionService/addSpotBalanceToAccountStatenow fold spot USDC intoavailableToTradeBalanceonly when the resolved abstraction mode indicates it’s valid.Release plumbing + telemetry. Bumps app version to
7.75.1(Android/Bitrise/Changelog), addsPERPS_ACCOUNT_SETUPevent + abstraction-mode properties/statuses, addsformatPerpsBalance, and updates/expands tests around unified mode, cache clearing, and spot-fold race conditions.Reviewed by Cursor Bugbot for commit c0b1d1c. Bugbot is set up for automated code reviews on this repo. Configure here.