fix(transaction-controller, transaction-pay-controller): canonicalize EIP-7702 authorization signatures and add layered submission error prefixes

Centralizes EIP-7702 authorization signature decoding in the transaction
controller via a new `decodeAuthorizationSignature` utility that returns
`r`, `s`, and `yParity` in RLP-canonical form (no leading zero nibbles,
`0x0` for zero). go-ethereum-style decoders (Sentinel relay, public RPCs,
Relay quote endpoints) reject non-canonical integers at decode time,
surfacing as bare `failed to decode param in array[0] invalid JSON input`
errors in production metrics. With canonical decoding centralised here,
clients consume signed authorization tuples directly without needing
their own per-field strip helpers.

Adds layered submission error prefixes that cascade up the call stack to
attribute every failure surface in error-tracking metrics:

- `RPC submit: <reason>` on `eth_sendRawTransaction` failures
- `Relay submit: <reason>` wraps every error from `submitRelayQuotes`
- `Relay execute: <reason>` wraps Relay `/execute` POST failures (cascades
  inside `Relay submit:` to distinguish the gasless-execute path from the
  non-execute deposit path)
- `MetaMask Pay: <reason>` wraps every error from the Pay publish hook,
  cascading any inner prefixes

Example cascades surfaced in metrics:
- `MetaMask Pay: Relay submit: Relay execute: Insufficient liquidity`
- `MetaMask Pay: Relay submit: RPC submit: nonce too low`
- `MetaMask Pay: Insufficient source token balance for relay deposit`

Also adds a private `relayFetch` helper in `relay-api.ts` that surfaces
the Relay server's `message` or `error` response field (or status code)
on non-OK responses, replacing the previous URL-leaking generic
`Fetch failed with status '500' for request 'https://api.relay.link/...'`
message.

Author: matthewwalsh0

packages/transaction-controller/CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Export `decodeAuthorizationSignature` utility that decodes a 65-byte EIP-7702 authorization signature into RLP-canonical `r`, `s`, and `yParity` ([#8656](https://github.com/MetaMask/core/pull/8656))
+  - All `eth_sendRawTransaction` failures are prefixed `RPC submit:` for failure-surface attribution in error metrics
+
 ### Changed
 
 - Bump `@metamask/messenger` from `^1.1.1` to `^1.2.0` ([#8632](https://github.com/MetaMask/core/pull/8632))

packages/transaction-controller/src/TransactionController.test.ts

@@ -3924,7 +3924,9 @@ describe('TransactionController', () => {
 
       rpcRequestMock.mockRejectedValueOnce(error);
 
-      await expect(controller.stopTransaction('2')).rejects.toThrow(error);
+      await expect(controller.stopTransaction('2')).rejects.toThrow(
+        'RPC submit: Another reason',
+      );
 
       const sendRawTransactionCalls = rpcRequestMock.mock.calls.filter(
         ([request]) => request.method === 'eth_sendRawTransaction',
@@ -4276,7 +4278,9 @@ describe('TransactionController', () => {
 
       rpcRequestMock.mockRejectedValueOnce(error);
 
-      await expect(controller.speedUpTransaction('2')).rejects.toThrow(error);
+      await expect(controller.speedUpTransaction('2')).rejects.toThrow(
+        'RPC submit: Another reason',
+      );
 
       const sendRawTransactionCalls = rpcRequestMock.mock.calls.filter(
         ([request]) => request.method === 'eth_sendRawTransaction',
@@ -4285,6 +4289,39 @@ describe('TransactionController', () => {
       expect(controller.state.transactions).toHaveLength(1);
     });
 
+    it('extracts nested data.message and prefixes it with RPC submit', async () => {
+      const error = {
+        message: 'Outer message',
+        data: { message: 'Nested rpc error message' },
+      };
+      const { controller } = setupController({
+        options: {
+          state: {
+            transactions: [
+              {
+                id: '2',
+                chainId: toHex(5),
+                networkClientId: NETWORK_CLIENT_ID_MOCK,
+                status: TransactionStatus.submitted,
+                type: TransactionType.retry,
+                time: 123456789,
+                txParams: {
+                  from: ACCOUNT_MOCK,
+                  gasPrice: '0x1',
+                },
+              },
+            ],
+          },
+        },
+      });
+
+      rpcRequestMock.mockRejectedValueOnce(error);
+
+      await expect(controller.speedUpTransaction('2')).rejects.toThrow(
+        'RPC submit: Nested rpc error message',
+      );
+    });
+
     it('creates additional transaction with increased gas', async () => {
       const { controller } = setupController({
         network: MOCK_LINEA_MAINNET_NETWORK,

packages/transaction-controller/src/TransactionController.ts

@@ -3372,7 +3372,7 @@ export class TransactionController extends BaseController<
       const errorMessage =
         errorObject?.data?.message ?? errorObject?.message ?? String(error);
 
-      throw new Error(errorMessage);
+      throw new Error(`RPC submit: ${errorMessage}`);
     }
   }
 

packages/transaction-controller/src/index.ts

@@ -129,6 +129,7 @@ export {
   WalletDevice,
 } from './types';
 export { mergeGasFeeEstimates } from './utils/gas-flow';
+export { decodeAuthorizationSignature } from './utils/eip7702';
 export {
   isEIP1559Transaction,
   normalizeTransactionParams,

packages/transaction-controller/src/utils/eip7702.test.ts

@@ -18,6 +18,7 @@ import type { AuthorizationList } from '../types';
 import type { TransactionMeta } from '../types';
 import {
   DELEGATION_PREFIX,
+  decodeAuthorizationSignature,
   doesAccountSupportEIP7702,
   doesChainSupportEIP7702,
   generateEIP7702BatchTransaction,
@@ -257,6 +258,93 @@ describe('EIP-7702 Utils', () => {
       expect(result?.[1]?.nonce).toBe('0x125');
       expect(result?.[2]?.nonce).toBe('0x126');
     });
+
+    it('strips leading zeroes from signature r and s to produce RLP-canonical hex', async () => {
+      const signatureWithLeadingZeros =
+        `0x0abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456781122334455667788990011223344556677889900112233445566778899001122${'1c'}` as Hex;
+
+      signAuthorizationMock
+        .mockReset()
+        .mockResolvedValueOnce(signatureWithLeadingZeros);
+
+      const result = await signAuthorizationList({
+        authorizationList: AUTHORIZATION_LIST_MOCK,
+        messenger: controllerMessenger,
+        transactionMeta: TRANSACTION_META_MOCK,
+      });
+
+      expect(result?.[0]?.r).toBe(
+        '0xabcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678',
+      );
+      expect(result?.[0]?.s).toBe(
+        '0x1122334455667788990011223344556677889900112233445566778899001122',
+      );
+      expect(result?.[0]?.yParity).toBe('0x1');
+    });
+  });
+
+  describe('decodeAuthorizationSignature', () => {
+    it('decodes a signature with no leading zeros into r, s, and yParity', () => {
+      const result = decodeAuthorizationSignature(AUTHORIZATION_SIGNATURE_MOCK);
+
+      expect(result).toStrictEqual({
+        r: '0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292',
+        s: '0xda533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf',
+        yParity: '0x1',
+      });
+    });
+
+    it('strips a single leading zero nibble from r', () => {
+      const signature =
+        `0x0abcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe(
+        '0xabcdef0123456789abcdef0123456789abcdef0123456789abcdef012345678',
+      );
+      expect(result.s).toBe(
+        '0x1122334455667788990011223344556677889900112233445566778899001122',
+      );
+    });
+
+    it('strips multiple leading zero bytes from r', () => {
+      const signature =
+        `0x000000abcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe(
+        '0xabcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd',
+      );
+    });
+
+    it('returns 0x0 when r is all zeroes (canonical zero)', () => {
+      const signature =
+        `0x0000000000000000000000000000000000000000000000000000000000000000${'1122334455667788990011223344556677889900112233445566778899001122'}1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.r).toBe('0x0');
+    });
+
+    it('returns yParity 0x0 when v is 27', () => {
+      const signature =
+        `0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292da533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf1b` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.yParity).toBe('0x0');
+    });
+
+    it('returns yParity 0x1 when v is 28', () => {
+      const signature =
+        `0xf85c827a6994663f3ad617193148711d28f5334ee4ed070166028080a040e292da533253143f134643a03405f1af1de1d305526f44ed27e62061368d4ea051cf1c` as Hex;
+
+      const result = decodeAuthorizationSignature(signature);
+
+      expect(result.yParity).toBe('0x1');
+    });
   });
 
   describe('doesChainSupportEIP7702', () => {

packages/transaction-controller/src/utils/eip7702.ts

@@ -247,6 +247,43 @@ export async function signAuthorizationList({
   return signedAuthorizationList;
 }
 
+/**
+ * Decode a 65-byte EIP-7702 authorization signature into RLP-canonical
+ * `r`, `s`, and `yParity` (no leading zero nibbles, `0x0` for zero).
+ *
+ * @param signature - The 65-byte signature.
+ * @returns The decoded authorization fields.
+ */
+export function decodeAuthorizationSignature(signature: Hex): {
+  r: Hex;
+  s: Hex;
+  yParity: Hex;
+} {
+  // eslint-disable-next-line id-length
+  const r = toCanonicalHex(signature.slice(0, 66));
+  // eslint-disable-next-line id-length
+  const s = toCanonicalHex(signature.slice(66, 130));
+  // eslint-disable-next-line id-length
+  const v = parseInt(signature.slice(130, 132), 16);
+  const yParity = toCanonicalHex(toHex(v - 27 === 0 ? 0 : 1));
+
+  return { r, s, yParity };
+}
+
+/**
+ * Strip leading zero nibbles from a hex string to produce its RLP-canonical
+ * form. Accepts input with or without a `0x` prefix; always returns
+ * `0x`-prefixed. An all-zero input is preserved as `0x0`.
+ *
+ * @param value - Hex string with or without a `0x` prefix.
+ * @returns The canonical `0x`-prefixed hex string.
+ */
+function toCanonicalHex(value: string): Hex {
+  const raw = value.startsWith('0x') ? value.slice(2) : value;
+  const stripped = raw.replace(/^0+/u, '');
+  return stripped.length === 0 ? '0x0' : `0x${stripped}`;
+}
+
 /**
  * Signs an authorization.
  *
@@ -284,13 +321,7 @@ async function signAuthorization(
     },
   );
 
-  // eslint-disable-next-line id-length
-  const r = signature.slice(0, 66) as Hex;
-  // eslint-disable-next-line id-length
-  const s = add0x(signature.slice(66, 130));
-  // eslint-disable-next-line id-length
-  const v = parseInt(signature.slice(130, 132), 16);
-  const yParity = toHex(v - 27 === 0 ? 0 : 1);
+  const { r, s, yParity } = decodeAuthorizationSignature(signature as Hex);
 
   const result: Required<Authorization> = {
     address,

packages/transaction-pay-controller/CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Add layered submission error prefixes for failure-surface attribution in error metrics ([#8656](https://github.com/MetaMask/core/pull/8656))
+  - `MetaMask Pay:` wraps all errors from the Pay publish hook
+  - `Relay submit:` wraps all errors from the relay strategy
+  - `Relay execute:` cascades inside `Relay submit:` for `/execute` POST failures
+  - Relay non-OK responses now surface as `<status> - <body message or error>` (or just `<status>`), replacing the previous URL-leaking generic fetch failure message
+
 ## [20.1.0]
 
 ### Added

packages/transaction-pay-controller/src/helpers/TransactionPayPublishHook.test.ts

@@ -190,9 +190,19 @@ describe('TransactionPayPublishHook', () => {
     );
   });
 
-  it('throws errors from submit', async () => {
+  it('throws errors from submit prefixed with MetaMask Pay', async () => {
     executeMock.mockRejectedValue(new Error('Test error'));
 
-    await expect(runHook()).rejects.toThrow('Test error');
+    await expect(runHook()).rejects.toThrow('MetaMask Pay: Test error');
+  });
+
+  it('cascades MetaMask Pay prefix on top of strategy-level prefixes', async () => {
+    executeMock.mockRejectedValue(
+      new Error('Relay submit: Relay execute: backend boom'),
+    );
+
+    await expect(runHook()).rejects.toThrow(
+      'MetaMask Pay: Relay submit: Relay execute: backend boom',
+    );
   });
 });

packages/transaction-pay-controller/src/helpers/TransactionPayPublishHook.ts

@@ -47,7 +47,8 @@ export class TransactionPayPublishHook {
       return await this.#publishHook(transactionMeta, _signedTx);
     } catch (error) {
       log('Error', error);
-      throw error;
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(`MetaMask Pay: ${message}`);
     }
   }
 

packages/transaction-pay-controller/src/strategy/relay/RelayStrategy.test.ts

@@ -108,4 +108,38 @@ describe('RelayStrategy', () => {
     });
     expect(submitRelayQuotesMock).toHaveBeenCalledWith(executeRequest);
   });
+
+  it('wraps execute errors with the Relay submit prefix', async () => {
+    const executeRequest = {
+      messenger,
+      quotes: [],
+      transaction: request.transaction,
+      isSmartTransaction: jest.fn(),
+    } as PayStrategyExecuteRequest<RelayQuote>;
+
+    submitRelayQuotesMock.mockRejectedValue(
+      new Error('Relay execute: 422 - Insufficient liquidity'),
+    );
+
+    const strategy = new RelayStrategy();
+    await expect(strategy.execute(executeRequest)).rejects.toThrow(
+      'Relay submit: Relay execute: 422 - Insufficient liquidity',
+    );
+  });
+
+  it('wraps non-Error throws with the Relay submit prefix', async () => {
+    const executeRequest = {
+      messenger,
+      quotes: [],
+      transaction: request.transaction,
+      isSmartTransaction: jest.fn(),
+    } as PayStrategyExecuteRequest<RelayQuote>;
+
+    submitRelayQuotesMock.mockRejectedValue('boom');
+
+    const strategy = new RelayStrategy();
+    await expect(strategy.execute(executeRequest)).rejects.toThrow(
+      'Relay submit: boom',
+    );
+  });
 });