fix: Fix hardware wallet MMPay on EIP-7702 chains by gating 7702 paths on account keyring capability

[OGPoyraz]

Explanation

Fix hardware wallet mUSD conversion on EIP-7702 chains by gating 7702 paths on account keyring capability

Summary

• Add KeyringController:accountSupports7702 messenger action that checks whether an account's keyring supports EIP-7702 signing (returns true only for HD and simple keyrings, false for hardware wallets like Ledger)
• Gate the relay quote useExecute flag on accountSupports7702, ensuring the relay API receives non-7702 requests for hardware wallets and returns quotes with proper individual gas limits
• Gate authorizationList and gasLimit7702 in relay submission on accountSupports7702, preventing 7702 batch transaction paths that would fail signEip7702Authorization on hardware keyrings
• Gate the Across is7702 flag on accountSupports7702, falling back to individual transaction submission for hardware wallet accounts
• Wire KeyringControllerAccountSupports7702Action into TransactionPayController's AllowedActions so the messenger call is available at each decision point

References

Checklist

• I've updated the test suite for new or updated code as appropriate
• I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate
• I've communicated my changes to consumers by updating changelogs for packages I've changed
• I've introduced breaking changes in this PR and have prepared draft pull requests for clients and consumer packages to resolve them

---

Note

Medium Risk
Touches quote generation and transaction submission logic for Relay/Across flows; incorrect gating could change gas estimation behavior or disable batching on EIP-7702 chains. Changes are narrowly scoped and covered by new unit tests, lowering regression risk.

Overview
Introduces KeyringController:accountSupports7702 (and accountSupports7702) to determine whether an account can sign EIP-7702 authorizations (true for HD/simple keyrings, false otherwise).

Updates MMPay Relay and Across strategies to gate all 7702-only behaviors on that capability: Relay quote requests only enable execute/origin overhead when supported; Relay submit only includes authorizationList/gasLimit7702 and otherwise disables 7702 batching; Across quotes re-estimate per-transaction gas limits when a batch estimate indicates 7702 but the account can’t use it. Adds corresponding messenger wiring and unit tests, plus changelog entries.

^{Reviewed by Cursor Bugbot for commit bce8c09. Bugbot is set up for automated code reviews on this repo. Configure here.}

[OGPoyraz]

@metamaskbot publish-preview

[github-actions]

Preview builds have been published. Learn how to use preview builds in other projects.

Expand for full list of packages and versions.

@metamask-previews/account-tree-controller@7.0.0-preview-3f6f27f
@metamask-previews/accounts-controller@37.2.0-preview-3f6f27f
@metamask-previews/address-book-controller@7.1.1-preview-3f6f27f
@metamask-previews/ai-controllers@0.6.3-preview-3f6f27f
@metamask-previews/analytics-controller@1.0.1-preview-3f6f27f
@metamask-previews/analytics-data-regulation-controller@0.0.0-preview-3f6f27f
@metamask-previews/announcement-controller@8.1.0-preview-3f6f27f
@metamask-previews/app-metadata-controller@2.0.1-preview-3f6f27f
@metamask-previews/approval-controller@9.0.1-preview-3f6f27f
@metamask-previews/assets-controller@4.0.0-preview-3f6f27f
@metamask-previews/assets-controllers@103.1.1-preview-3f6f27f
@metamask-previews/base-controller@9.0.1-preview-3f6f27f
@metamask-previews/base-data-service@0.1.1-preview-3f6f27f
@metamask-previews/bridge-controller@70.0.1-preview-3f6f27f
@metamask-previews/bridge-status-controller@70.0.5-preview-3f6f27f
@metamask-previews/build-utils@3.0.4-preview-3f6f27f
@metamask-previews/chain-agnostic-permission@1.5.0-preview-3f6f27f
@metamask-previews/claims-controller@0.5.0-preview-3f6f27f
@metamask-previews/client-controller@1.0.1-preview-3f6f27f
@metamask-previews/compliance-controller@2.0.0-preview-3f6f27f
@metamask-previews/composable-controller@12.0.1-preview-3f6f27f
@metamask-previews/config-registry-controller@0.2.0-preview-3f6f27f
@metamask-previews/connectivity-controller@0.2.0-preview-3f6f27f
@metamask-previews/controller-utils@11.20.0-preview-3f6f27f
@metamask-previews/core-backend@6.2.1-preview-3f6f27f
@metamask-previews/delegation-controller@2.1.0-preview-3f6f27f
@metamask-previews/earn-controller@11.2.1-preview-3f6f27f
@metamask-previews/eip-5792-middleware@3.0.3-preview-3f6f27f
@metamask-previews/eip-7702-internal-rpc-middleware@0.1.0-preview-3f6f27f
@metamask-previews/eip1193-permission-middleware@1.0.3-preview-3f6f27f
@metamask-previews/ens-controller@19.1.1-preview-3f6f27f
@metamask-previews/eth-block-tracker@15.0.1-preview-3f6f27f
@metamask-previews/eth-json-rpc-middleware@23.1.1-preview-3f6f27f
@metamask-previews/eth-json-rpc-provider@6.0.1-preview-3f6f27f
@metamask-previews/foundryup@1.0.1-preview-3f6f27f
@metamask-previews/gas-fee-controller@26.1.1-preview-3f6f27f
@metamask-previews/gator-permissions-controller@3.0.1-preview-3f6f27f
@metamask-previews/geolocation-controller@0.1.2-preview-3f6f27f
@metamask-previews/json-rpc-engine@10.2.4-preview-3f6f27f
@metamask-previews/json-rpc-middleware-stream@8.0.8-preview-3f6f27f
@metamask-previews/keyring-controller@25.2.0-preview-3f6f27f
@metamask-previews/logging-controller@8.0.1-preview-3f6f27f
@metamask-previews/message-manager@14.1.1-preview-3f6f27f
@metamask-previews/messenger@1.1.1-preview-3f6f27f
@metamask-previews/messenger-cli@0.1.0-preview-3f6f27f
@metamask-previews/money-account-controller@0.1.0-preview-3f6f27f
@metamask-previews/multichain-account-service@8.0.1-preview-3f6f27f
@metamask-previews/multichain-api-middleware@2.0.0-preview-3f6f27f
@metamask-previews/multichain-network-controller@3.0.6-preview-3f6f27f
@metamask-previews/multichain-transactions-controller@7.0.4-preview-3f6f27f
@metamask-previews/name-controller@9.1.1-preview-3f6f27f
@metamask-previews/network-controller@30.0.1-preview-3f6f27f
@metamask-previews/network-enablement-controller@5.0.2-preview-3f6f27f
@metamask-previews/notification-services-controller@23.0.1-preview-3f6f27f
@metamask-previews/permission-controller@12.3.0-preview-3f6f27f
@metamask-previews/permission-log-controller@5.1.0-preview-3f6f27f
@metamask-previews/perps-controller@2.0.0-preview-3f6f27f
@metamask-previews/phishing-controller@17.1.1-preview-3f6f27f
@metamask-previews/polling-controller@16.0.4-preview-3f6f27f
@metamask-previews/preferences-controller@23.1.0-preview-3f6f27f
@metamask-previews/profile-metrics-controller@3.1.3-preview-3f6f27f
@metamask-previews/profile-sync-controller@28.0.2-preview-3f6f27f
@metamask-previews/ramps-controller@13.0.0-preview-3f6f27f
@metamask-previews/rate-limit-controller@7.0.1-preview-3f6f27f
@metamask-previews/react-data-query@0.2.0-preview-3f6f27f
@metamask-previews/remote-feature-flag-controller@4.2.0-preview-3f6f27f
@metamask-previews/sample-controllers@4.0.4-preview-3f6f27f
@metamask-previews/seedless-onboarding-controller@9.1.0-preview-3f6f27f
@metamask-previews/selected-network-controller@26.1.0-preview-3f6f27f
@metamask-previews/shield-controller@5.1.1-preview-3f6f27f
@metamask-previews/signature-controller@39.1.2-preview-3f6f27f
@metamask-previews/social-controllers@0.1.0-preview-3f6f27f
@metamask-previews/storage-service@1.0.1-preview-3f6f27f
@metamask-previews/subscription-controller@6.1.2-preview-3f6f27f
@metamask-previews/transaction-controller@64.0.0-preview-3f6f27f
@metamask-previews/transaction-pay-controller@19.0.3-preview-3f6f27f
@metamask-previews/user-operation-controller@41.2.0-preview-3f6f27f

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit bce8c09. Configure here.}

[cursor]

Relay quotes missing gas re-estimation for hardware wallets

Medium Severity

Unlike the across-quotes path, relay-quotes doesn't re-estimate individual gas limits when estimateQuoteGasLimits returns is7702: true but the account is a hardware wallet. The quote stores is7702: true with a single combined gas limit in metamask.gasLimits. When relay-submit later disables 7702 for the hardware wallet, the first batch transaction gets the combined 7702 gas value (meant for all transactions together) and subsequent transactions get undefined gas. The across path explicitly handles this with per-transaction re-estimation, but the relay path does not.

Additional Locations (2)

• packages/transaction-pay-controller/src/strategy/across/across-quotes.ts#L425-L449
• packages/transaction-pay-controller/src/strategy/relay/relay-submit.ts#L564-L568

 

^{Reviewed by Cursor Bugbot for commit bce8c09. Configure here.}