Merged
Conversation
* [DEV-4502] userData SpecialExternalPhoneCallDate * [DEV-4562] Renaming * [DEV-4562] add migration * [DEV-4562] Mini refactoring
Author
❌ Security: 1 critical vulnerabilities |
* Fix native coin forward gas buffer to prevent stuck transactions Increase gas fee buffer from 1.00001x to 2x when calculating the send amount for native coin forwards. The previous 0.001% buffer was insufficient to handle gas price fluctuations between the cached fee estimation and actual send, causing value + gas to exceed the wallet balance. This resulted in transactions being dropped from the mempool and an infinite forward/timeout/reset loop. * Use fresh gas cost for native coin forward amount calculation Instead of relying on a cached fee estimate (30s TTL) to calculate the send amount, fetch the current gas cost at dispatch time. This eliminates the race condition where gas price changes between the cached estimation and actual send, causing value + gas > balance and the transaction to be dropped from the mempool. * Reduce gas buffer from 1.5x to 1.05x Fresh gas cost is fetched milliseconds before the actual send, so only a minimal buffer is needed for potential block boundary gas price changes (max 12.5% per block via EIP-1559). * Apply fresh gas cost deduction to both forward and return paths The return path for native coins had no gas deduction at all, which would cause the same value + gas > balance issue when chargebackAmount equals the full deposit amount. * Update handlebars 4.7.8 → 4.7.9 to fix critical vulnerability Resolves 8 security advisories including JS injection, prototype pollution, and DoS via malformed decorator syntax.
davidleomay
approved these changes
Mar 31, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automatic Release PR
This PR was automatically created after changes were pushed to develop.
Commits: 1 new commit(s)
Checklist