Release: develop -> master (#2873)

* fix: use eth chain for sell endpoint. (#2872)

* fix: use eth for delegation check. (#2875)

* fix: round FiatOutput amount to 2 decimal places (#2876)

Add Util.round(amount, 2) when setting FiatOutput.amount in:
- create(): after entity creation from DTO
- createInternal(): when calculating from buyFiats and before save
- update(): before saving DTO amount

Fiat amounts must always be rounded to 2 decimal places for
correct bank transaction processing.

* fix: case-insensitive bankUsage matching in findMatchingBuy (#2877)

* fix: case-insensitive bankUsage matching in findMatchingBuy

The remittanceInfo was compared case-sensitively with bankUsage,
causing transactions with lowercase usage codes (e.g. 6ed3-090b-25a8)
to not match their routes (stored as 6ED3-090B-25A8).

Add .toUpperCase() to normalized candidate for consistent matching.

* fix: correct order of toUpperCase and O-to-0 replacement

Move toUpperCase() before replace(/O/g, '0') so that lowercase 'o'
is first converted to 'O', then replaced with '0'.

This handles edge cases like '6ed3-o90b-25a8' where user types
lowercase 'o' instead of '0'.

* Refactoring

* Refactoring 2

* [NOTASK] add bankDataUserMismatch auto fail

* Bank refund checks (#2880)

* fix: improved bank refund

* fix: enforce creditor data for bank refunds

* fix: tests

* feat: add Special ZCHF 0.5% fee for userData 363001 (#2886)

* feat: add Special ZCHF 0.5% fee for userData 363001

Add migration that:
- Creates new 'Special ZCHF 0.5%' fee (type: Special, rate: 0.005)
- Applies to all ZCHF chains: Ethereum, Polygon, Arbitrum, Optimism, BSC, Base
- Assigns fee to userData 363001 via individualFees field

This reduces the fee for all ZCHF buy/sell/swap transactions from
the standard Organization rate (1.99%-2.49%) to 0.5%.

* fix: correct blockchainFactor and add financialTypes to fee migration

- Change blockchainFactor from 1 to 0 (consistent with Fee 67, 111)
- Add financialTypes: 'CHF' (consistent with existing ZCHF fees)
- Use unique label 'Special ZCHF 0.5% UserData 363001' to avoid collisions
- Fix down() migration: use STUFF/LEFT instead of fragile SUBSTRING

---------

Co-authored-by: Lam Nguyen <32935491+xlamn@users.noreply.github.com>
Co-authored-by: TaprootFreak <142087526+TaprootFreak@users.noreply.github.com>
Co-authored-by: David May <david.leo.may@gmail.com>
Co-authored-by: Yannick1712 <52333989+Yannick1712@users.noreply.github.com>
Co-authored-by: David May <85513542+davidleomay@users.noreply.github.com>

Author: 4 people

migration/1767886374776-AddSpecialZchfFeeUserData363001.js

@@ -0,0 +1,59 @@
+const { MigrationInterface, QueryRunner } = require("typeorm");
+
+module.exports = class AddSpecialZchfFeeUserData3630011767886374776 {
+    name = 'AddSpecialZchfFeeUserData3630011767886374776'
+
+    async up(queryRunner) {
+        // 1. Create Special ZCHF 0.5% fee (consistent with Fee 67, 111)
+        await queryRunner.query(`
+            INSERT INTO "dbo"."fee" (
+                "label", "type", "rate", "fixed", "assets", "active",
+                "blockchainFactor", "payoutRefBonus", "usages", "txUsages", "financialTypes"
+            ) VALUES (
+                'Special ZCHF 0.5% UserData 363001', 'Special', 0.005, 0, '251;253;255;256;258;259', 1,
+                0, 1, 0, 0, 'CHF'
+            )
+        `);
+
+        // 2. Get the new fee ID and add it to userData 363001
+        await queryRunner.query(`
+            UPDATE "dbo"."user_data"
+            SET "individualFees" = CASE
+                WHEN "individualFees" IS NULL OR "individualFees" = ''
+                    THEN CAST((SELECT id FROM "dbo"."fee" WHERE "label" = 'Special ZCHF 0.5% UserData 363001') AS VARCHAR)
+                ELSE "individualFees" + ';' + CAST((SELECT id FROM "dbo"."fee" WHERE "label" = 'Special ZCHF 0.5% UserData 363001') AS VARCHAR)
+            END
+            WHERE "id" = 363001
+        `);
+    }
+
+    async down(queryRunner) {
+        // 1. Get the fee ID
+        const feeIdResult = await queryRunner.query(`
+            SELECT id FROM "dbo"."fee" WHERE "label" = 'Special ZCHF 0.5% UserData 363001'
+        `);
+
+        if (feeIdResult.length > 0) {
+            const feeId = feeIdResult[0].id.toString();
+
+            // 2. Remove fee ID from userData 363001 individualFees
+            // Handle all cases: only fee, first fee, last fee, middle fee
+            await queryRunner.query(`
+                UPDATE "dbo"."user_data"
+                SET "individualFees" = CASE
+                    WHEN "individualFees" = '${feeId}' THEN NULL
+                    WHEN "individualFees" LIKE '${feeId};%' THEN STUFF("individualFees", 1, LEN('${feeId};'), '')
+                    WHEN "individualFees" LIKE '%;${feeId}' THEN LEFT("individualFees", LEN("individualFees") - LEN(';${feeId}'))
+                    WHEN "individualFees" LIKE '%;${feeId};%' THEN REPLACE("individualFees", ';${feeId};', ';')
+                    ELSE "individualFees"
+                END
+                WHERE "id" = 363001
+            `);
+        }
+
+        // 3. Delete the fee
+        await queryRunner.query(`
+            DELETE FROM "dbo"."fee" WHERE "label" = 'Special ZCHF 0.5% UserData 363001'
+        `);
+    }
+}

src/integration/blockchain/shared/evm/delegation/eip7702-delegation.service.ts

@@ -1,22 +1,22 @@
 import { Injectable } from '@nestjs/common';
+import { GetConfig } from 'src/config/config';
+import { Blockchain } from 'src/integration/blockchain/shared/enums/blockchain.enum';
+import { Asset } from 'src/shared/models/asset/asset.entity';
+import { DfxLogger } from 'src/shared/services/dfx-logger';
 import {
+  Address,
+  Chain,
   createPublicClient,
   createWalletClient,
-  encodeFunctionData,
   encodeAbiParameters,
-  http,
-  parseAbi,
+  encodeFunctionData,
   encodePacked,
   Hex,
-  Address,
-  Chain,
+  http,
+  parseAbi,
 } from 'viem';
 import { privateKeyToAccount, signTypedData } from 'viem/accounts';
-import { mainnet, arbitrum, optimism, polygon, base, bsc, gnosis, sepolia } from 'viem/chains';
-import { GetConfig } from 'src/config/config';
-import { Blockchain } from 'src/integration/blockchain/shared/enums/blockchain.enum';
-import { Asset } from 'src/shared/models/asset/asset.entity';
-import { DfxLogger } from 'src/shared/services/dfx-logger';
+import { arbitrum, base, bsc, gnosis, mainnet, optimism, polygon, sepolia } from 'viem/chains';
 import { WalletAccount } from '../domain/wallet-account';
 import { EvmUtil } from '../evm.util';
 import DELEGATION_MANAGER_ABI from './delegation-manager.abi.json';
@@ -84,7 +84,7 @@ export class Eip7702DelegationService {
    * RealUnit app supports eth_sign (unlike MetaMask), so EIP-7702 works
    */
   isDelegationSupportedForRealUnit(blockchain: Blockchain): boolean {
-    return blockchain === Blockchain.BASE && CHAIN_CONFIG[blockchain] !== undefined;
+    return blockchain === Blockchain.ETHEREUM && CHAIN_CONFIG[blockchain] !== undefined;
   }
 
   /**

src/subdomains/core/aml/enums/aml-error.enum.ts

@@ -200,7 +200,11 @@ export const AmlErrorResult: {
     amlCheck: CheckStatus.GSHEET,
     amlReason: null,
   },
-  [AmlError.BANK_DATA_USER_MISMATCH]: null,
+  [AmlError.BANK_DATA_USER_MISMATCH]: {
+    type: AmlErrorType.CRUCIAL,
+    amlCheck: CheckStatus.FAIL,
+    amlReason: AmlReason.USER_DATA_MISMATCH,
+  },
   [AmlError.VIRTUAL_IBAN_USER_MISMATCH]: {
     type: AmlErrorType.CRUCIAL,
     amlCheck: CheckStatus.GSHEET,

src/subdomains/core/buy-crypto/process/entities/buy-crypto.entity.ts

@@ -533,15 +533,10 @@ export class BuyCrypto extends IEntity {
     chargebackOutput?: FiatOutput,
     chargebackRemittanceInfo?: string,
     blockchainFee?: number,
-    creditorData?: {
-      name?: string;
-      address?: string;
-      houseNumber?: string;
-      zip?: string;
-      city?: string;
-      country?: string;
-    },
+    creditorData?: CreditorData,
   ): UpdateResult<BuyCrypto> {
+    const hasCreditorData = creditorData && Object.values(creditorData).some((v) => v != null);
+
     const update: Partial<BuyCrypto> = {
       chargebackDate: chargebackAllowedDate ? new Date() : null,
       chargebackAllowedDate,
@@ -556,7 +551,7 @@ export class BuyCrypto extends IEntity {
       blockchainFee,
       isComplete: this.checkoutTx && chargebackAllowedDate ? true : undefined,
       status: this.checkoutTx && chargebackAllowedDate ? BuyCryptoStatus.COMPLETE : undefined,
-      chargebackCreditorData: creditorData ? JSON.stringify(creditorData) : undefined,
+      chargebackCreditorData: hasCreditorData ? JSON.stringify(creditorData) : undefined,
     };
 
     Object.assign(this, update);

src/subdomains/core/buy-crypto/process/services/buy-crypto.service.ts

@@ -275,7 +275,10 @@ export class BuyCryptoService {
       });
 
     if (dto.chargebackAllowedDate) {
-      if (entity.bankTx && !entity.chargebackOutput)
+      if (entity.bankTx && !entity.chargebackOutput) {
+        if (!dto.chargebackCreditorName && !entity.creditorData)
+          throw new BadRequestException('Creditor data is required for chargeback');
+
         update.chargebackOutput = await this.fiatOutputService.createInternal(
           FiatOutputType.BUY_CRYPTO_FAIL,
           { buyCrypto: entity },
@@ -293,6 +296,7 @@ export class BuyCryptoService {
             country: dto.chargebackCreditorCountry ?? entity.creditorData?.country,
           },
         );
+      }
 
       if (entity.checkoutTx) {
         await this.refundCheckoutTx(entity, { chargebackAllowedDate: new Date(), chargebackAllowedBy: 'GS' });
@@ -541,6 +545,10 @@ export class BuyCryptoService {
     )
       throw new BadRequestException('IBAN not valid or BIC not available');
 
+    const creditorData = dto.creditorData ?? buyCrypto.creditorData;
+    if ((dto.chargebackAllowedDate || dto.chargebackAllowedDateUser) && !creditorData)
+      throw new BadRequestException('Creditor data is required for chargeback');
+
     if (dto.chargebackAllowedDate && chargebackAmount)
       dto.chargebackOutput = await this.fiatOutputService.createInternal(
         FiatOutputType.BUY_CRYPTO_FAIL,
@@ -551,12 +559,7 @@ export class BuyCryptoService {
           iban: chargebackIban,
           amount: chargebackAmount,
           currency: buyCrypto.bankTx?.currency,
-          name: dto.name ?? buyCrypto.creditorData?.name,
-          address: dto.address ?? buyCrypto.creditorData?.address,
-          houseNumber: dto.houseNumber ?? buyCrypto.creditorData?.houseNumber,
-          zip: dto.zip ?? buyCrypto.creditorData?.zip,
-          city: dto.city ?? buyCrypto.creditorData?.city,
-          country: dto.country ?? buyCrypto.creditorData?.country,
+          ...creditorData,
         },
       );
 
@@ -570,14 +573,7 @@ export class BuyCryptoService {
         dto.chargebackOutput,
         buyCrypto.chargebackBankRemittanceInfo,
         undefined,
-        {
-          name: dto.name,
-          address: dto.address,
-          houseNumber: dto.houseNumber,
-          zip: dto.zip,
-          city: dto.city,
-          country: dto.country,
-        },
+        creditorData,
       ),
     );
   }

src/subdomains/core/history/controllers/transaction.controller.ts

@@ -390,15 +390,10 @@ export class TransactionController {
     @Param('id') id: string,
     @Body() dto: TransactionRefundDto,
   ): Promise<void> {
-    return this.processRefund(+id, jwt, dto, false);
+    return this.processRefund(+id, jwt, dto);
   }
 
-  private async processRefund(
-    transactionId: number,
-    jwt: JwtPayload,
-    dto: TransactionRefundDto,
-    bankOnly: boolean,
-  ): Promise<void> {
+  private async processRefund(transactionId: number, jwt: JwtPayload, dto: TransactionRefundDto): Promise<void> {
     const transaction = await this.transactionService.getTransactionById(transactionId, {
       bankTxReturn: { bankTx: true, chargebackOutput: true },
       userData: true,
@@ -412,7 +407,7 @@ export class TransactionController {
         checkoutTx: true,
         transaction: { userData: true },
       });
-    if (!bankOnly && transaction.type === TransactionTypeInternal.BUY_FIAT)
+    if (transaction.type === TransactionTypeInternal.BUY_FIAT)
       transaction.buyFiat = await this.buyFiatService.getBuyFiatByTransactionId(transaction.id, {
         cryptoInput: true,
         transaction: { userData: true },
@@ -446,44 +441,32 @@ export class TransactionController {
         .then((b) => b.bankTxReturn);
     }
 
-    // Build refund data with optional bank fields (include all provided fields)
+    // Build creditorData from BankRefundDto (for backwards compatibility)
     const bankDto = dto as BankRefundDto;
-    const bankFields = {
-      name: bankDto.name || undefined,
-      address: bankDto.address || undefined,
-      houseNumber: bankDto.houseNumber || undefined,
-      zip: bankDto.zip || undefined,
-      city: bankDto.city || undefined,
-      country: bankDto.country || undefined,
-    };
+    const creditorData = bankDto.name
+      ? {
+          name: bankDto.name,
+          address: bankDto.address,
+          houseNumber: bankDto.houseNumber,
+          zip: bankDto.zip,
+          city: bankDto.city,
+          country: bankDto.country,
+        }
+      : undefined;
 
     if (transaction.targetEntity instanceof BankTxReturn) {
+      if (!dto.creditorData) throw new BadRequestException('Creditor data is required for bank refunds');
+
       return this.bankTxReturnService.refundBankTx(transaction.targetEntity, {
         refundIban: refundData.refundTarget ?? dto.refundTarget,
-        ...bankFields,
+        creditorData,
         ...refundDto,
       });
     }
 
     if (NotRefundableAmlReasons.includes(transaction.targetEntity.amlReason))
       throw new BadRequestException('You cannot refund with this reason');
 
-    // Bank-only endpoint restrictions
-    if (bankOnly) {
-      if (!(transaction.targetEntity instanceof BuyCrypto))
-        throw new BadRequestException('This endpoint is only for BuyCrypto bank refunds');
-
-      if (!transaction.targetEntity.bankTx && !transaction.bankTx)
-        throw new BadRequestException('This endpoint is only for bank transaction refunds');
-
-      return this.buyCryptoService.refundBankTx(transaction.targetEntity, {
-        refundIban: refundData.refundTarget ?? dto.refundTarget,
-        ...bankFields,
-        ...refundDto,
-      });
-    }
-
-    // General refund endpoint - handles all types
     if (transaction.targetEntity instanceof BuyFiat)
       return this.buyFiatService.refundBuyFiatInternal(transaction.targetEntity, {
         refundUserAddress: dto.refundTarget,
@@ -499,12 +482,17 @@ export class TransactionController {
     if (transaction.targetEntity.checkoutTx)
       return this.buyCryptoService.refundCheckoutTx(transaction.targetEntity, { ...refundDto });
 
+    // BuyCrypto bank refund
+    if (!dto.creditorData) throw new BadRequestException('Creditor data is required for bank refunds');
+
     return this.buyCryptoService.refundBankTx(transaction.targetEntity, {
       refundIban: refundData.refundTarget ?? dto.refundTarget,
+      creditorData,
       ...refundDto,
     });
   }
 
+  // Deprecated - use PUT :id/refund with creditorData instead
   @Put(':id/refund/bank')
   @ApiBearerAuth()
   @UseGuards(
@@ -518,7 +506,18 @@ export class TransactionController {
     @Param('id') id: string,
     @Body() dto: BankRefundDto,
   ): Promise<void> {
-    return this.processRefund(+id, jwt, dto, true);
+    const refundDto: TransactionRefundDto = {
+      refundTarget: dto.refundTarget,
+      creditorData: {
+        name: dto.name,
+        address: dto.address,
+        houseNumber: dto.houseNumber,
+        zip: dto.zip,
+        city: dto.city,
+        country: dto.country,
+      },
+    };
+    return this.processRefund(+id, jwt, refundDto);
   }
 
   @Put(':id/invoice')

src/subdomains/core/history/dto/refund-internal.dto.ts

@@ -3,6 +3,7 @@ import { IsDate, IsIBAN, IsNumber, IsOptional, IsString, ValidateNested } from '
 import { CheckoutReverse } from 'src/integration/checkout/services/checkout.service';
 import { EntityDto } from 'src/shared/dto/entity.dto';
 import { Util } from 'src/shared/utils/util';
+import { CreditorData } from 'src/subdomains/core/buy-crypto/process/entities/buy-crypto.entity';
 import { User } from 'src/subdomains/generic/user/models/user/user.entity';
 import { FiatOutput } from 'src/subdomains/supporting/fiat-output/fiat-output.entity';
 
@@ -42,14 +43,7 @@ export class BaseRefund {
 export class BankTxRefund extends BaseRefund {
   refundIban?: string;
   chargebackOutput?: FiatOutput;
-
-  // Creditor data for FiatOutput
-  name?: string;
-  address?: string;
-  houseNumber?: string;
-  zip?: string;
-  city?: string;
-  country?: string;
+  creditorData?: CreditorData;
 }
 
 export class CheckoutTxRefund extends BaseRefund {