Conversation
The tokens need to be passed to the engine before enabling them.
peachbits
force-pushed
the
matthew/token-info
branch
from
8cc6716 to
a654585
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 7 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "detect-bundler": "^1.1.0", | ||
| "disklet": "^0.5.2", | ||
| "edge-core-js": "^2.43.1", | ||
| "edge-core-js": "file:../edge-core-js", |
There was a problem hiding this comment.
Local file path dependency accidentally committed
High Severity
The edge-core-js dependency was changed from a versioned npm package (^2.43.1) to a local file path (file:../edge-core-js). This breaks builds for anyone who doesn't have a sibling edge-core-js checkout and will fail in CI. The resolved version in yarn.lock also downgraded from 2.43.1 to 2.42.0.
Additional Locations (1)
|
|
||
| // Create a stable key for the query params to detect changes | ||
| const queryKey = React.useMemo(() => { | ||
| const pluginIdStr = pluginIds != null ? pluginIds.sort().join(',') : 'all' |
There was a problem hiding this comment.
In-place sort() mutates caller's pluginIds array
Medium Severity
pluginIds.sort() mutates the input array in place. In useServerTokens, this mutates the caller's memoized array inside a useMemo. In makeListCacheKey and makeSearchCacheKey, it mutates the arrays passed through listTokens/searchTokens. Notably, useServerTokenSearch at line 186 correctly uses [...pluginIds].sort() to avoid this, showing the correct pattern was known.
Additional Locations (2)
| tokenId: serverToken.tokenId, | ||
| createWalletIds, | ||
| networkLocation: edgeToken.networkLocation | ||
| }) |
There was a problem hiding this comment.
Server tokens can't be enabled from WalletList modal
High Severity
serverTokenCreateItems are added to the wallet list create rows, but when a user taps one, WalletListCreateRow calls wallet.changeEnabledTokenIds directly. Since the token isn't yet in customTokens, the wallet won't recognize the tokenId. The new changeEnabledTokenIds wrapper in CurrencyWalletHelpers handles this by fetching and adding unknown tokens first, but it's not used here.
| toWallet.currencyConfig.builtinTokens[toTokenId] != null) && | ||
| (fromTokenId == null || | ||
| fromWallet.currencyConfig.builtinTokens[fromTokenId] != null), | ||
| isBuiltInAsset: false, |
There was a problem hiding this comment.
Swap analytics isBuiltInAsset hardcoded to false
Medium Severity
isBuiltInAsset is hardcoded to false for all swap success tracking events, losing the ability to distinguish between built-in and custom asset swaps in analytics. Previously, this was computed dynamically based on builtinTokens. A server-based replacement or removing the field entirely would preserve data integrity.
| console.log( | ||
| `Token migration: Migrated ${pluginId}:${tokenId} (${edgeToken.currencyCode})` | ||
| ) | ||
| } |
There was a problem hiding this comment.
Unguarded console.log calls in production code
Low Severity
console.log calls at lines 80 and 92 are not guarded behind a debug flag. The guard-debug-logging rule requires no unguarded console.log in production code. These log statements will appear in production builds for every token migration.
Additional Locations (1)
| cache.tokens.delete(key) | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Exported pruneTokenCache function is never used
Low Severity
pruneTokenCache is exported but never imported or called anywhere in the codebase. Only clearTokenCache is used (called on logout). This is dead code that adds maintenance burden.
| sprintf( | ||
| lstrings.warning_token_exists_1s, | ||
| builtinTokens[matchingBuiltinTokenId].currencyCode | ||
| customTokens[matchingBuiltinTokenId].currencyCode |
There was a problem hiding this comment.
Duplicate token check makes override path unreachable
Medium Severity
The first conflict check (line 187) now searches customTokens and blocks with a warning if the token exists. Previously it searched builtinTokens, and a separate second check (line 201) against customTokens allowed overriding existing custom tokens via changeCustomToken. Now both checks target the same customTokens object, so the first check always blocks before the second is reached. Users who enter a contract address matching a server-migrated token get an "already exists" warning with no way to proceed or override it.
Additional Locations (1)
1 participant
CHANGELOG
Does this branch warrant an entry to the CHANGELOG?
Dependencies
noneRequirements
If you have made any visual changes to the GUI. Make sure you have:
Note
Medium Risk
Changes core token listing/enabling paths (wallet list, manage tokens, token editing, and post-login migration) to depend on rates-server data, which could impact token availability/performance if server responses or caching behave unexpectedly.
Overview
Adds a new
tokenService(plususeServerTokens/useServerTokenSearchhooks) to list/search/fetch tokens from the rates server with caching, and exposesRATES_SERVERSfor these calls.Updates wallet token UX to incorporate server tokens with pagination/search:
WalletListandManageTokensScenenow merge server results with existingcustomTokens, support infinite scroll loaders, and enabling tokens now routes through a newchangeEnabledTokenIdshelper that fetches unknown tokens and adds them ascustomTokensbefore enabling.Introduces a background post-login migration (
migrateEnabledTokensFromServer) to backfill enabled tokens intocustomTokens, updates custom-token affordances to rely oncurrencyInfo.customTokenTemplate(notbuiltinTokens), and revisesEditTokenSceneautocomplete/conflict checks to use server search + mark user-created tokens (isUserCreated). Misc cleanups include renamingenableTokenstoenableTokensWithSpinner, switchinggetCreateWalletList/helpers frombuiltinTokenstocustomTokens, and updating tests/snapshots accordingly.Written by Cursor Bugbot for commit a654585. This will update automatically on new commits. Configure here.