fix: decode authorization util and prefix errors (#8656)

## Explanation

### Current

EIP-7702 production failures across mobile and extension are surfacing
as bare, unattributable strings in our error metrics — most prominently
`failed to decode param in array[0] invalid JSON input` from Sentinel
relay.

1. **Non-canonical RLP hex in authorization signatures.**
`signAuthorization` slices raw 32-byte signature halves into `r` and `s`
without canonicalizing.
2. **Bare error strings with no failure-surface attribution.** When a
7702 transaction fails, the same generic message can come from any of:
core's `eth_sendRawTransaction`, the Relay strategy's `/execute` POST,
the non-execute relay deposit path, or the Pay publish hook. Metrics
can't distinguish them, and Relay's actual server error (`{ message:
"Insufficient liquidity" }`) is discarded by `successfulFetch` in favour
of a generic URL-leaking template.

### Solution

**Canonicalize once, in core.** A new exported
`decodeAuthorizationSignature(signature)` utility in
`@metamask/transaction-controller` decodes a 65-byte EIP-7702
authorization signature into RLP-canonical `r`, `s`, and `yParity`.
`signAuthorizationList` is refactored to use it, so every signed
authorization tuple emitted by the controller is canonical out of the
box. Mobile/extension can read straight off
`txMeta.txParams.authorizationList` and submit to any backend without
their own strip helpers.

**Layered submission error prefixes.** Four prefixes, each applied at
the lowest sensible layer, that cascade up the call stack to attribute
every failure surface in metrics:

| Layer | Prefix | Wraps |
|---|---|---|
| Core RPC | `RPC submit:` | `eth_sendRawTransaction` failures |
| Relay strategy | `Relay submit:` | the entire `submitRelayQuotes` body
|
| Inner relay execute | `Relay execute:` | Relay `/execute` POST
failures (cascades inside `Relay submit:`) |
| Pay hook | `MetaMask Pay:` | the entire
`TransactionPayPublishHook.#hookWrapper` |

A private `relayFetch` helper in `relay-api.ts` replaces
`successfulFetch` for Relay endpoints. On non-OK responses it surfaces
the response body's `message` or `error` field as `<status> -
<message>`, falling back to `<status>` alone — no URL leakage, server's
actual reason preserved when present.

### Example errors as they appear in metrics

```
MetaMask Pay: Relay submit: Relay execute: 422 - Insufficient liquidity
MetaMask Pay: Relay submit: RPC submit: nonce too low
MetaMask Pay: Insufficient source token balance for relay deposit
MetaMask Pay: Relay submit: Relay execute: 500
MetaMask Pay: Relay submit: Relay execute: 400 - failed to decode param in array[0] invalid JSON input
RPC submit: replacement transaction underpriced
```

## References

- [CONF-1133](https://consensyssoftware.atlassian.net/browse/CONF-1133)

## Checklist

- [x] I've updated the test suite for new or updated code as appropriate
- [x] I've updated documentation (JSDoc, Markdown, etc.) for new or
updated code as appropriate
- [x] I've communicated my changes to consumers by [updating changelogs
for packages I've
changed](https://github.com/MetaMask/core/tree/main/docs/processes/updating-changelogs.md)
- [x] I've introduced [breaking
changes](https://github.com/MetaMask/core/tree/main/docs/processes/breaking-changes.md)
in this PR and have prepared draft pull requests for clients and
consumer packages to resolve them


[CONF-1133]:
https://consensyssoftware.atlassian.net/browse/CONF-1133?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Changes transaction submission error handling and EIP-7702 signature
decoding, which can affect downstream clients’ ability to submit
transactions and how failures are reported. Main risk is altered error
strings/prefixes and canonicalization behavior impacting
integrations/tests.
> 
> **Overview**
> Adds a new exported `decodeAuthorizationSignature` helper for EIP-7702
that canonicalizes `r`/`s` (strips leading zeroes, uses `0x0` for zero)
and derives `yParity`, and refactors authorization signing to use it.
> 
> Standardizes failure-surface attribution by wrapping submission errors
with layered prefixes: **`RPC submit:`** for `eth_sendRawTransaction`
failures (including nested `data.message`), **`Relay submit:`** for
Relay strategy execution, **`Relay execute:`** for Relay `/execute` POST
failures, and **`MetaMask Pay:`** for Pay publish hook failures.
> 
> Replaces Relay’s `successfulFetch` usage with a local `relayFetch`
that preserves server-provided non-OK details (`<status> -
<message|error>` or `<status>`) without leaking request URLs, and
updates tests/changelogs accordingly.
> 
> <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit
1eb9b8c. Bugbot is set up for automated
code reviews on this repo. Configure
[here](https://www.cursor.com/dashboard/bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: matthewwalsh0

packages/transaction-controller/CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Export `decodeAuthorizationSignature` utility that decodes a 65-byte EIP-7702 authorization signature into RLP-canonical `r`, `s`, and `yParity` ([#8656](https://github.com/MetaMask/core/pull/8656))
+  - All `eth_sendRawTransaction` failures are prefixed `RPC submit:` for failure-surface attribution in error metrics
+
 ### Changed
 
 - Bump `@metamask/messenger` from `^1.1.1` to `^1.2.0` ([#8632](https://github.com/MetaMask/core/pull/8632))

packages/transaction-controller/src/TransactionController.test.ts

@@ -3924,7 +3924,9 @@ describe('TransactionController', () => {
 
       rpcRequestMock.mockRejectedValueOnce(error);
 
-      await expect(controller.stopTransaction('2')).rejects.toThrow(error);
+      await expect(controller.stopTransaction('2')).rejects.toThrow(
+        'RPC submit: Another reason',
+      );
 
       const sendRawTransactionCalls = rpcRequestMock.mock.calls.filter(
         ([request]) => request.method === 'eth_sendRawTransaction',
@@ -4276,7 +4278,9 @@ describe('TransactionController', () => {
 
       rpcRequestMock.mockRejectedValueOnce(error);
 
-      await expect(controller.speedUpTransaction('2')).rejects.toThrow(error);
+      await expect(controller.speedUpTransaction('2')).rejects.toThrow(
+        'RPC submit: Another reason',
+      );
 
       const sendRawTransactionCalls = rpcRequestMock.mock.calls.filter(
         ([request]) => request.method === 'eth_sendRawTransaction',
@@ -4285,6 +4289,39 @@ describe('TransactionController', () => {
       expect(controller.state.transactions).toHaveLength(1);
     });
 
+    it('extracts nested data.message and prefixes it with RPC submit', async () => {
+      const error = {
+        message: 'Outer message',
+        data: { message: 'Nested rpc error message' },
+      };
+      const { controller } = setupController({
+        options: {
+          state: {
+            transactions: [
+              {
+                id: '2',
+                chainId: toHex(5),
+                networkClientId: NETWORK_CLIENT_ID_MOCK,
+                status: TransactionStatus.submitted,
+                type: TransactionType.retry,
+                time: 123456789,
+                txParams: {
+                  from: ACCOUNT_MOCK,
+                  gasPrice: '0x1',
+                },
+              },
+            ],
+          },
+        },
+      });
+
+      rpcRequestMock.mockRejectedValueOnce(error);
+
+      await expect(controller.speedUpTransaction('2')).rejects.toThrow(
+        'RPC submit: Nested rpc error message',
+      );
+    });
+
     it('creates additional transaction with increased gas', async () => {
       const { controller } = setupController({
         network: MOCK_LINEA_MAINNET_NETWORK,

packages/transaction-controller/src/TransactionController.ts

@@ -3372,7 +3372,7 @@ export class TransactionController extends BaseController<
       const errorMessage =
         errorObject?.data?.message ?? errorObject?.message ?? String(error);
 
-      throw new Error(errorMessage);
+      throw new Error(`RPC submit: ${errorMessage}`);
     }
   }
 

packages/transaction-controller/src/index.ts

@@ -129,6 +129,7 @@ export {
   WalletDevice,
 } from './types';
 export { mergeGasFeeEstimates } from './utils/gas-flow';
+export { decodeAuthorizationSignature } from './utils/eip7702';
 export {
   isEIP1559Transaction,
   normalizeTransactionParams,

packages/transaction-controller/src/utils/eip7702.test.ts

@@ -18,6 +18,7 @@ import type { AuthorizationList } from '../types';
 import type { TransactionMeta } from '../types';
 import {
   DELEGATION_PREFIX,
+  decodeAuthorizationSignature,
   doesAccountSupportEIP7702,
   doesChainSupportEIP7702,
   generateEIP7702BatchTransaction,
@@ -257,6 +258,93 @@ describe('EIP-7702 Utils', () => {
       expect(result?.[1]?.nonce).toBe('0x125');
       expect(result?.[2]?.nonce).toBe('0x126');
     });
+
+    it('strips leading zeroes from signature r and s to produce RLP-canonical hex', async () => {
+      const signatureWithLeadingZeros =
+        `0x0abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456781122334455667788990011223344556677889900112233445566778899001122${'1c'}` as Hex;
+
+      signAuthorizationMock
+        .mockReset()
+        .mockResolvedValueOnce(signatureWithLeadingZeros);
+
+      const result = await signAuthorizationList({
+        authorizationList: AUTHORIZATION_LIST_MOCK,
+        messenger: controllerMessenger,
+        transactionMeta: TRANSACTION_META_MOCK,
+      });
+
+      expect(result?.[0]?.r).toBe(
+        '0xabcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678',
+      );
+      expect(result?.[0]?.s).toBe(
+        '0x1122334455667788990011223344556677889900112233445566778899001122',
+      );
+      expect(result?.[0]?.yParity).toBe('0x1');
+    });
+  });
+
+  describe('decodeAuthorizationSignature', () => {
+    it('decodes a signature with no leading zeros into r, s, and yParity', () => {
+      const result = decodeAuthorizationSignature(AUTHORIZATION_SIGNATURE_MOCK);
+
+      expect(result).toStrictEqual({
+        r: '0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292',
+        s: '0xda533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf',
+        yParity: '0x1',
+      });
+    });
+
+    it('strips a single leading zero nibble from r', () => {
+      const signature =
+        `0x0abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe(
+        '0xabcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678',
+      );
+      expect(result.s).toBe(
+        '0x1122334455667788990011223344556677889900112233445566778899001122',
+      );
+    });
+
+    it('strips multiple leading zero bytes from r', () => {
+      const signature =
+        `0x000000abcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe(
+        '0xabcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd',
+      );
+    });
+
+    it('returns 0x0 when r is all zeroes (canonical zero)', () => {
+      const signature =
+        `0x0000000000000000000000000000000000000000000000000000000000000000${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe('0x0');
+    });
+
+    it('returns yParity 0x0 when v is 27', () => {
+      const signature =
+        `0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292da533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.yParity).toBe('0x0');
+    });
+
+    it('returns yParity 0x1 when v is 28', () => {
+      const signature =
+        `0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292da533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf1c` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.yParity).toBe('0x1');
+    });
   });
 
   describe('doesChainSupportEIP7702', () => {

packages/transaction-controller/src/utils/eip7702.ts

@@ -247,6 +247,43 @@ export async function signAuthorizationList({
   return signedAuthorizationList;
 }
 
+/**
+ * Decode a 65-byte EIP-7702 authorization signature into RLP-canonical
+ * `r`, `s`, and `yParity` (no leading zero nibbles, `0x0` for zero).
+ *
+ * @param signature - The 65-byte signature.
+ * @returns The decoded authorization fields.
+ */
+export function decodeAuthorizationSignature(signature: Hex): {
+  r: Hex;
+  s: Hex;
+  yParity: Hex;
+} {
+  // eslint-disable-next-line id-length
+  const r = toCanonicalHex(signature.slice(0, 66));
+  // eslint-disable-next-line id-length
+  const s = toCanonicalHex(signature.slice(66, 130));
+  // eslint-disable-next-line id-length
+  const v = parseInt(signature.slice(130, 132), 16);
+  const yParity = toCanonicalHex(toHex(v - 27 === 0 ? 0 : 1));
+
+  return { r, s, yParity };
+}
+
+/**
+ * Strip leading zero nibbles from a hex string to produce its RLP-canonical
+ * form. Accepts input with or without a `0x` prefix; always returns
+ * `0x`-prefixed. An all-zero input is preserved as `0x0`.
+ *
+ * @param value - Hex string with or without a `0x` prefix.
+ * @returns The canonical `0x`-prefixed hex string.
+ */
+function toCanonicalHex(value: string): Hex {
+  const raw = value.startsWith('0x') ? value.slice(2) : value;
+  const stripped = raw.replace(/^0+/u, '');
+  return stripped.length === 0 ? '0x0' : `0x${stripped}`;
+}
+
 /**
  * Signs an authorization.
  *
@@ -284,13 +321,7 @@ async function signAuthorization(
     },
   );
 
-  // eslint-disable-next-line id-length
-  const r = signature.slice(0, 66) as Hex;
-  // eslint-disable-next-line id-length
-  const s = add0x(signature.slice(66, 130));
-  // eslint-disable-next-line id-length
-  const v = parseInt(signature.slice(130, 132), 16);
-  const yParity = toHex(v - 27 === 0 ? 0 : 1);
+  const { r, s, yParity } = decodeAuthorizationSignature(signature as Hex);
 
   const result: Required<Authorization> = {
     address,

packages/transaction-pay-controller/CHANGELOG.md

@@ -10,6 +10,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Stop synthesising a native gas-fee required token in `parseRequiredTokens`, only token-transfer assets are returned now ([#8554](https://github.com/MetaMask/core/pull/8554))
+- Add layered submission error prefixes for failure-surface attribution in error metrics ([#8656](https://github.com/MetaMask/core/pull/8656))
+  - `MetaMask Pay:` wraps all errors from the Pay publish hook
+  - `Relay submit:` wraps all errors from the relay strategy
+  - `Relay execute:` cascades inside `Relay submit:` for `/execute` POST failures
+  - Relay non-OK responses now surface as `<status> - <body message or error>` (or just `<status>`), replacing the previous URL-leaking generic fetch failure message
 
 ## [20.1.0]
 

packages/transaction-pay-controller/src/helpers/TransactionPayPublishHook.test.ts

@@ -190,9 +190,25 @@ describe('TransactionPayPublishHook', () => {
     );
   });
 
-  it('throws errors from submit', async () => {
+  it('throws errors from submit prefixed with MetaMask Pay', async () => {
     executeMock.mockRejectedValue(new Error('Test error'));
 
-    await expect(runHook()).rejects.toThrow('Test error');
+    await expect(runHook()).rejects.toThrow('MetaMask Pay: Test error');
+  });
+
+  it('cascades MetaMask Pay prefix on top of strategy-level prefixes', async () => {
+    executeMock.mockRejectedValue(
+      new Error('Relay submit: Relay execute: backend boom'),
+    );
+
+    await expect(runHook()).rejects.toThrow(
+      'MetaMask Pay: Relay submit: Relay execute: backend boom',
+    );
+  });
+
+  it('wraps non-Error throws with the MetaMask Pay prefix', async () => {
+    executeMock.mockRejectedValue('boom');
+
+    await expect(runHook()).rejects.toThrow('MetaMask Pay: boom');
   });
 });

packages/transaction-pay-controller/src/helpers/TransactionPayPublishHook.ts

@@ -47,7 +47,8 @@ export class TransactionPayPublishHook {
       return await this.#publishHook(transactionMeta, _signedTx);
     } catch (error) {
       log('Error', error);
-      throw error;
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`MetaMask Pay: ${message}`);
     }
   }
 

packages/transaction-pay-controller/src/strategy/relay/RelayStrategy.test.ts

@@ -108,4 +108,38 @@ describe('RelayStrategy', () => {
     });
     expect(submitRelayQuotesMock).toHaveBeenCalledWith(executeRequest);
   });
+
+  it('wraps execute errors with the Relay submit prefix', async () => {
+    const executeRequest = {
+      messenger,
+      quotes: [],
+      transaction: request.transaction,
+      isSmartTransaction: jest.fn(),
+    } as PayStrategyExecuteRequest<RelayQuote>;
+
+    submitRelayQuotesMock.mockRejectedValue(
+      new Error('Relay execute: 422 - Insufficient liquidity'),
+    );
+
+    const strategy = new RelayStrategy();
+    await expect(strategy.execute(executeRequest)).rejects.toThrow(
+      'Relay submit: Relay execute: 422 - Insufficient liquidity',
+    );
+  });
+
+  it('wraps non-Error throws with the Relay submit prefix', async () => {
+    const executeRequest = {
+      messenger,
+      quotes: [],
+      transaction: request.transaction,
+      isSmartTransaction: jest.fn(),
+    } as PayStrategyExecuteRequest<RelayQuote>;
+
+    submitRelayQuotesMock.mockRejectedValue('boom');
+
+    const strategy = new RelayStrategy();
+    await expect(strategy.execute(executeRequest)).rejects.toThrow(
+      'Relay submit: boom',
+    );
+  });
 });