Skip to content

fix: properly handle security_warnings metrics in QuotesReceived#8394

Open
infiniteflower wants to merge 2 commits intomainfrom
swaps-4318-security-warnings-metrics
Open

fix: properly handle security_warnings metrics in QuotesReceived#8394
infiniteflower wants to merge 2 commits intomainfrom
swaps-4318-security-warnings-metrics

Conversation

@infiniteflower
Copy link
Copy Markdown
Contributor

@infiniteflower infiniteflower commented Apr 7, 2026
edited
Loading

Explanation

Previously, security_warnings was a client-only property — clients fetched token warnings on destination token selection and passed them in analytics events fired before quotes arrived (e.g. QuotesRequested, QuotesError, InputSourceDestinationSwitched). Now that token warnings are streamed as part of the quote response (stored in state.tokenWarnings), the controller needs to derive security_warnings from state so it appears on post-quote events like QuotesReceived.

This PR:

  • Adds security_warnings: string[] to the QuoteFetchData metrics type so the controller can populate it from state.tokenWarnings.
  • Populates security_warnings in #getQuoteFetchData() by mapping tokenWarnings descriptions.
  • Adds a #mergeSecurityWarnings helper that combines the client-provided warnings array (from the Blockaid /message/scan/ endpoint, currently Solana-only) with controller-derived token warnings, and applies it to the QuotesReceived event.
  • Adds test coverage for the merge behavior when tokenWarnings is populated.
Screenshot 2026-04-08 at 4 25 11 PM

References

Fixes: https://consensyssoftware.atlassian.net/browse/SWAPS-4318

  • Follow-up: Segment schema update in Consensys/segment-schema
  • Follow-up: Client-side changes — clients should omit tokenWarnings from their security_warnings array

Checklist

  • I've updated the test suite for new or updated code as appropriate
  • I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
  • I've communicated my changes to consumers by updating changelogs for packages I've changed
  • I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

Note

Low Risk
Low risk: changes are limited to analytics payload construction and associated type/test updates, with no impact on quote fetching or transaction execution logic.

Overview
Ensures UnifiedSwapBridgeEventName.QuotesReceived includes security_warnings derived from controller state.tokenWarnings, so post-quote metrics carry token warning information.

Adds security_warnings: string[] to the QuoteFetchData metrics shape, computes it in #getQuoteFetchData(), and for QuotesReceived specifically merges client-provided warnings with controller-derived warnings (deduped). Updates snapshots and adds a focused test covering the merge behavior.

Reviewed by Cursor Bugbot for commit 17ad5d0. Bugbot is set up for automated code reviews on this repo. Configure here.

@infiniteflower infiniteflower force-pushed the swaps-4318-security-warnings-metrics branch from 4e76757 to 7714b04 Compare April 7, 2026 20:31
@infiniteflower infiniteflower marked this pull request as ready for review April 7, 2026 20:50
@infiniteflower infiniteflower requested a review from a team as a code owner April 7, 2026 20:50
@infiniteflower infiniteflower requested a review from a team as a code owner April 8, 2026 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SteP-n-s SteP-n-s SteP-n-s approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@infiniteflower @SteP-n-s