While performing integration of the native token in the front-end during Beta testing, it was identified that there was a broken step to facilitate wrapping and unwrapping of the native assets while attempting to then perform further operations.
In the case of DEPOSIT_ETH + X_CALL_WITHCALLDATA, we should set the sender to be the router and then that should skip pulling the wnative from the user. This would be similar to how is done in BRIDGE + DEPOSIT. In such case the sender in the deposit action is again the router. In both instances described previously we don't need to pull anything from the user as the assets are already in the router.
In discussion it was suggested that we include a sender param when decoding args in function _crossTransferWithCalldata so that it's similar to function function _crossTransfer. This won't have any security impacts bc in function _safePullTokenFrom we can pull only if sender == msg.sender
While performing integration of the native token in the front-end during Beta testing, it was identified that there was a broken step to facilitate wrapping and unwrapping of the native assets while attempting to then perform further operations.
In the case of DEPOSIT_ETH + X_CALL_WITHCALLDATA, we should set the sender to be the router and then that should skip pulling the wnative from the user. This would be similar to how is done in BRIDGE + DEPOSIT. In such case the sender in the deposit action is again the router. In both instances described previously we don't need to pull anything from the user as the assets are already in the router.
In discussion it was suggested that we include a sender param when decoding args in function _crossTransferWithCalldata so that it's similar to function function _crossTransfer. This won't have any security impacts bc in function _safePullTokenFrom we can pull only if sender == msg.sender
Change as follows: