h-22 fix: reject unsupported intent assets before fill simulation

[nahimterrazas]

Summary

Testing Process

Checklist

• Add a reference to related issues in the PR description.
• Add unit tests if applicable.

Summary by CodeRabbit

• New Features

  • Added pre-simulation validation for orders that checks token metadata resolution, callback policies, and configuration constraints before running fill simulations to improve efficiency.

• Tests

  • Added tests to verify invalid orders are properly rejected during validation and skipped before expensive simulation operations.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds a pre-fill simulation validation gate to the cost-profit service and integrates it into the intent handler. The new validate_before_fill_simulation method performs cheap local checks (token metadata resolution, callback calldata format, and callback recipient whitelist enforcement) before any expensive fill-transaction generation, rejecting invalid orders early.

Changes

Pre-fill validation and integration

Layer / File(s)	Summary
Validation implementation in CostProfitService crates/solver-core/src/engine/cost_profit.rs	CostProfitService::validate_before_fill_simulation parses order inputs and outputs, verifies token metadata resolution via token_manager, validates callback calldata hex constraints, and enforces callback policy (requires simulation flag when callbacks present and checks recipient whitelist).
Handler integration and validation tests crates/solver-core/src/handlers/intent.rs	IntentHandler::handle calls the validation before fill-transaction generation; on failure publishes OrderEvent::Skipped and returns early. Test helpers create invalid orders (unsupported token, oversized callback), and two new tests verify early rejection with correct skip reasons before any execution strategy invocation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A validator hops before the fill,
Checking tokens, whitelists with skilled will,
Callbacks must behave and play by rules true,
Cheap checks first—no wasted work to brew! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is largely empty with only template headings present and no substantive content about the changes, rationale, testing process, or issue references.	Fill in the Summary section with the change details, describe the Testing Process, and add a reference to the related issue (h-22) in the PR description.
Docstring Coverage	⚠️ Warning	Docstring coverage is 73.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: rejecting unsupported intent assets before fill simulation, which aligns with the core objective of adding pre-simulation validation.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch h-22-cheap-intent-rejects-before-estimate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pepebndc]

Validated against scan finding H-22 — fully fixed.

New CostProfitService::validate_before_fill_simulation runs in IntentHandler::handle immediately before generate_fill_transaction/simulate_callback_and_estimate_gas, performing only cheap local checks (token allowlist via in-memory get_token_info, callback calldata hex/size cap, callback-whitelist policy) and emitting OrderEvent::Skipped on failure — so unsupported assets never reach eth_estimateGas. Tests assert generate_fill_transaction.times(0).

Minor follow-up (out of scope, default-off): the quote-path try_live_fill_estimate lacks an equivalent pre-check and fails open on token lookup, but is gated behind live_fill_estimate_enabled=false. Independently verified. LGTM.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/solver-core/src/engine/cost_profit.rs`:
- Around line 1261-1281: The code currently treats an empty callback whitelist
as deny-all because is_whitelisted uses any(...) over callback_whitelist; change
the logic to short-circuit: if config.order.callback_whitelist.is_empty() then
treat the recipient as allowed, otherwise perform the existing comparison
against recipient_interop_hex (keep the existing CostProfitError path when not
allowed). Apply the same helper/logic in simulate_callback_and_estimate_gas so
both paths use the identical check (i.e., centralize the "is recipient allowed"
logic and call it from where recipient_interop_hex, output_chain_id,
recipient_eth_address and is_whitelisted are used).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1a695f41-1665-40b1-8585-9313b44681cd

📥 Commits

Reviewing files that changed from the base of the PR and between e166530 and 97af4c7.

📒 Files selected for processing (2)

• crates/solver-core/src/engine/cost_profit.rs
• crates/solver-core/src/handlers/intent.rs

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve the repo's "empty whitelist = allow all" contract.

This branch rejects every callback when config.order.callback_whitelist is empty, because any(...) returns false on []. That diverges from crates/solver-service/src/apis/quote/validation.rs, which explicitly treats an empty whitelist as allow-all, so an order can pass quote-time validation and then be skipped here. Please short-circuit on callback_whitelist.is_empty() before the whitelist comparison, and have simulate_callback_and_estimate_gas reuse the same helper so the later path does not keep the old semantics.

Suggested fix

 			if !config.order.simulate_callbacks {
 				return Err(CostProfitError::Config(
 					"Order has callback data but callback simulation is disabled. \
 					Callbacks are not supported when simulate_callbacks = false in config."
 						.to_string(),
 				));
 			}
+
+			if config.order.callback_whitelist.is_empty() {
+				continue;
+			}
 
 			let recipient_interop_hex = output.receiver.to_hex().to_lowercase();
 			let output_chain_id = output.receiver.ethereum_chain_id().map_err(|e| {
 				CostProfitError::Config(format!("Failed to extract chain ID from recipient: {e}"))
 			})?;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/solver-core/src/engine/cost_profit.rs` around lines 1261 - 1281, The
code currently treats an empty callback whitelist as deny-all because
is_whitelisted uses any(...) over callback_whitelist; change the logic to
short-circuit: if config.order.callback_whitelist.is_empty() then treat the
recipient as allowed, otherwise perform the existing comparison against
recipient_interop_hex (keep the existing CostProfitError path when not allowed).
Apply the same helper/logic in simulate_callback_and_estimate_gas so both paths
use the identical check (i.e., centralize the "is recipient allowed" logic and
call it from where recipient_interop_hex, output_chain_id, recipient_eth_address
and is_whitelisted are used).

[codecov]

Codecov Report

❌ Patch coverage is 81.53846% with 48 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/solver-core/src/engine/cost_profit.rs	52.4%	48 Missing ⚠️

📢 Thoughts on this report? Let us know!