fix(session): separate sender from fee payer in settle and close

.changeset/fix-settle-sender-separation.md

@@ -0,0 +1,10 @@
+---
+'mppx': patch
+---
+
+Fixed `settleOnChain` and `closeOnChain` to use the payee account as
+`msg.sender` instead of the fee payer when submitting fee-sponsored
+transactions. Previously, `sendFeePayerTx` used the fee payer as both
+sender and gas sponsor, causing the escrow contract to revert with
+`NotPayee()`. Added `account` option to `tempo.settle()` so callers can
+specify the signing account separately from the fee payer.

src/tempo/server/Session.ts

@@ -341,6 +341,7 @@ export async function settle(
   options?: {
     escrowContract?: Address | undefined
     feePayer?: viem_Account | undefined
+    account?: viem_Account | undefined
   },
 ): Promise<Hex> {
   const channel = await store.getChannel(channelId)
@@ -359,6 +360,7 @@ export async function settle(
     resolvedEscrow,
     channel.highestVoucher,
     options?.feePayer,
+    options?.account,
   )
 
   await store.updateChannel(channelId, (current) => {

src/tempo/session/Chain.test.ts

@@ -730,7 +730,10 @@ describe.runIf(isLocalnet)('on-chain', () => {
       expect(channel.finalized).toBe(false)
     })
 
-    test('settles a channel with fee payer', async () => {
+    // TODO: add on-chain test with distinct feePayer != account once localnet
+    // supports fee-sponsored settle (currently msg.sender resolves to feePayer).
+
+    test('settles with explicit account (no fee payer)', async () => {
       const salt = nextSalt()
       const deposit = 10_000_000n
       const settleAmount = 5_000_000n
@@ -752,6 +755,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
         chain.id,
       )
 
+      // Pass account explicitly — should use it as sender instead of client.account
       const txHash = await settleOnChain(
         client,
         escrowContract,
@@ -760,6 +764,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
           cumulativeAmount: settleAmount,
           signature,
         },
+        undefined,
         accounts[0],
       )
 
@@ -769,6 +774,21 @@ describe.runIf(isLocalnet)('on-chain', () => {
       expect(channel.settled).toBe(settleAmount)
       expect(channel.finalized).toBe(false)
     })
+
+    test('throws when no account available', async () => {
+      const noAccountClient = { chain: { id: 42431 } } as any
+      const dummyEscrow = '0x0000000000000000000000000000000000000001' as Address
+      const dummyChannelId =
+        '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex
+
+      await expect(
+        settleOnChain(noAccountClient, dummyEscrow, {
+          channelId: dummyChannelId,
+          cumulativeAmount: 1_000_000n,
+          signature: '0xsig' as Hex,
+        }),
+      ).rejects.toThrow('no account available')
+    })
   })
 
   describe('closeOnChain', () => {
@@ -806,7 +826,10 @@ describe.runIf(isLocalnet)('on-chain', () => {
       expect(channel.finalized).toBe(true)
     })
 
-    test('closes a channel with fee payer', async () => {
+    // TODO: add on-chain test with distinct feePayer != account once localnet
+    // supports fee-sponsored close (currently msg.sender resolves to feePayer).
+
+    test('closes with explicit account (no fee payer)', async () => {
       const salt = nextSalt()
       const deposit = 10_000_000n
       const closeAmount = 5_000_000n
@@ -828,6 +851,7 @@ describe.runIf(isLocalnet)('on-chain', () => {
         chain.id,
       )
 
+      // Pass account explicitly — should use it as sender instead of client.account
       const txHash = await closeOnChain(
         client,
         escrowContract,
@@ -836,7 +860,6 @@ describe.runIf(isLocalnet)('on-chain', () => {
           cumulativeAmount: closeAmount,
           signature,
         },
-        undefined,
         accounts[0],
       )
 

src/tempo/session/Chain.ts

@@ -101,15 +101,21 @@ export async function settleOnChain(
   escrowContract: Address,
   voucher: SignedVoucher,
   feePayer?: Account | undefined,
+  account?: Account | undefined,
 ): Promise<Hex> {
   assertUint128(voucher.cumulativeAmount)
+  const resolved = account ?? client.account
+  if (!resolved)
+    throw new Error(
+      'Cannot settle channel: no account available. Pass an `account` to tempo.settle(), or provide a `getClient` that returns an account-bearing client.',
+    )
   const args = [voucher.channelId, voucher.cumulativeAmount, voucher.signature] as const
   if (feePayer) {
     const data = encodeFunctionData({ abi: escrowAbi, functionName: 'settle', args })
-    return sendFeePayerTx(client, feePayer, escrowContract, data, 'settle')
+    return sendFeePayerTx(client, resolved, feePayer, escrowContract, data, 'settle')
   }
   return writeContract(client, {
-    account: client.account!,
+    account: resolved,
     chain: client.chain,
     address: escrowContract,
     abi: escrowAbi,
@@ -137,7 +143,7 @@ export async function closeOnChain(
   const args = [voucher.channelId, voucher.cumulativeAmount, voucher.signature] as const
   if (feePayer) {
     const data = encodeFunctionData({ abi: escrowAbi, functionName: 'close', args })
-    return sendFeePayerTx(client, feePayer, escrowContract, data, 'close')
+    return sendFeePayerTx(client, resolved, feePayer, escrowContract, data, 'close')
   }
   return writeContract(client, {
     account: resolved,
@@ -155,9 +161,13 @@ export async function closeOnChain(
  * Follows the same signTransaction + sendRawTransactionSync pattern used
  * by broadcastOpenTransaction / broadcastTopUpTransaction, but originates
  * the transaction server-side (estimating gas and fees first).
+ *
+ * @param account - The logical sender / msg.sender (e.g. the payee).
+ * @param feePayer - The gas sponsor — only co-signs to cover fees.
  */
 async function sendFeePayerTx(
   client: Client,
+  account: Account,
   feePayer: Account,
   to: Address,
   data: Hex,
@@ -167,20 +177,18 @@ async function sendFeePayerTx(
   // token.  `feePayer: true` tells the prepare hook to use expiring nonces but
   // does NOT set feeToken automatically, so we must provide it explicitly.
   const chainId = client.chain?.id
-  const feeToken = chainId
-    ? defaults.currency[chainId as keyof typeof defaults.currency]
-    : undefined
+  const feeToken = chainId ? defaults.resolveCurrency({ chainId }) : undefined
 
   const prepared = await prepareTransactionRequest(client, {
-    account: feePayer,
+    account,
     calls: [{ to, data }],
     feePayer: true,
     ...(feeToken ? { feeToken } : {}),
   } as never)
 
   const serialized = (await signTransaction(client, {
     ...prepared,
-    account: feePayer,
+    account,
     feePayer,
   } as never)) as Hex