Skip to content

docs: fix transferFrom() spending limits inconsistency (TMPO2-39) #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gakonst wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: fix transferFrom() spending limits inconsistency (TMPO2-39) #93

gakonst wants to merge 1 commit into from

Conversation

@gakonst
Copy link
Contributor

@gakonst gakonst commented Feb 9, 2026

Summary

Fixes contradictory documentation about whether transferFrom() is subject to Access Key spending limits (audit finding TMPO2-39).

Motivation

The Spending Limit Enforcement section in AccountKeychain.mdx said "approvals indirectly control transferFrom spending" — implying spending limits apply to transferFrom(). The Concepts section and the implementation both confirm transferFrom() does not deduct from spending limits.

Changes

  • Clarify that transferFrom() is NOT subject to spending limits (gated only by ERC-20 allowances)
  • Add startReward() to the Spending Limit Enforcement tracked calls list (was already listed in the Concepts section and spec, but missing here)
  • Remove misleading language about approvals "indirectly controlling transferFrom spending"

Testing

Verified against implementation in crates/precompiles/src/tip20/mod.rs_transfer_from() does not call check_and_update_spending_limit().

Thread: https://tempoxyz.slack.com/archives/C0A87C21805/p1770659716460929

@gakonst
docs: fix transferFrom() spending limits inconsistency (TMPO2-39)
6a9adf5 
The Spending Limit Enforcement section implied transferFrom is indirectly
controlled by spending limits and omitted startReward() from the tracked
calls list. The implementation confirms transferFrom() does NOT deduct
from spending limits — it is gated only by the ERC-20 allowance mechanism.

- Clarify that transferFrom() is NOT subject to spending limits
- Add startReward() to the list of tracked calls (matching concepts section)
- Remove misleading 'indirectly control transferFrom' language

Co-Authored-By: Daniel <daniel@tempo.xyz>
@vercel
Copy link

vercel bot commented Feb 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
tempo-docs Ready Ready Preview, Comment Feb 9, 2026 6:22pm

Request Review

@gakonst
Copy link
Contributor Author

gakonst commented Feb 9, 2026

Closing — PR #87 already merged the equivalent docs fix.

@gakonst gakonst closed this Feb 9, 2026
@gakonst
Copy link
Contributor Author

gakonst commented Feb 9, 2026

Reopening — PR #87 removed transferFrom from the tracked list but introduced 'approvals indirectly control transferFrom spending' language, which is what the auditor flagged as contradictory. This PR removes that misleading wording and adds the missing startReward() to the tracked calls list.

@gakonst gakonst reopened this Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gakonst