Skip to content

feat: use latest initiad & initia.js #1783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
beer-1 wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat: use latest initiad & initia.js #1783

beer-1 wants to merge 17 commits into from

Conversation

@beer-1
Copy link

@beer-1 beer-1 commented Nov 3, 2025
edited
Loading

Summary of Changes

  • Allow usage with the latest Initiad release
  • Update dependency to the latest initia.js
  • Fix to correctly pass local decimal values when creating MoveOFTAdapter on Initia
    • In many cases, tokens on Initia have 0 decimals because the IBC transfer module does not support transmitting decimal metadata

@St0rmBr3w St0rmBr3w requested a review from shankars99 November 8, 2025 01:15
@socket-security
Copy link

socket-security bot commented Nov 15, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​rimraf@​6.0.1 ⏵ 6.1.099 +110010085 +4100

View full report

@cursor
Copy link

cursor bot commented Jan 15, 2026
edited
Loading

PR Summary

Updates Initia support and OFT tooling, plus minor configs/docs.

  • Move VM: oft_adapter_fa::initialize now accepts local_decimals (optional); computes from FA metadata if not provided. All tests and SDKs (IOFT, aptosOFT, initiaOFT) updated to pass localDecimals. New CLI path init-fa-adapter wires this through, and example READMEs/scripts show localDecimals usage
  • Initia tooling: upgrade to @initia/initia.js@^1.0.0; drop strict Initiad version checks; add helpers to derive Initia deployer address (bech32/sequence/deploy count hashing) and centralize INITIA_RPC_URL. Deployment uses computed deployer for named addresses
  • EVM/CLI: add --native-token to evm:send and include amount in tx value when sending native; Gnosis Safe signer now constructs SafeApiKit with ethAdapter and uses getNextNonce result directly
  • Examples/config: switch example EVM networks to bsc-testnet; adjust ULN confirmations and gas options; add explicit gasLimit in MyEVMOFT deploy; docs add flags/args and minor command fixes; ignore deployments/ in examples

Written by Cursor Bugbot for commit 2fd6c64. This will update automatically on new commits. Configure here.

cursor[bot]
cursor bot reviewed Jan 15, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 26, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 27, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

packages/devtools-evm/src/signer/sdk.ts
signerOrProvider: signer,
}),
protected readonly apiKit = new SafeApiKit({ txServiceUrl: safeUrl, apiKey: safeConfig.safeApiKey, chainId }),
protected readonly apiKit = new SafeApiKit({ txServiceUrl: safeUrl, ethAdapter }),
Copy link

@cursor cursor bot Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SafeApiKit constructor uses deprecated/invalid API parameters

High Severity

The SafeApiKit constructor changed from using chainId and apiKey to using ethAdapter. However, the package uses @safe-global/api-kit version ~4.0.0, which requires chainId as a mandatory parameter and does not accept ethAdapter. The ethAdapter pattern was deprecated in SafeApiKit v2.x. This will cause the Gnosis Safe multisig functionality to fail at runtime when instantiating the GnosisOmniSignerEVM class.

Fix in Cursor Fix in Web

packages/devtools-move/cli/operations/evm-send.ts
const to = ethers.utils.hexZeroPad(args.to, 32)
const amount = args.amount
const minAmount = args.min_amount
const sendingNativeToken = args.native_token ? true : false
Copy link

@cursor cursor bot Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Boolean CLI flag incorrectly parses string "false" as true

High Severity

The --native-token CLI argument is parsed using args.native_token ? true : false, which treats the string "false" as truthy. If a user explicitly passes --native-token false, sendingNativeToken will be true because non-empty strings are truthy in JavaScript. This causes the transaction to include the token amount in the ETH value when the user explicitly tried to disable native token sending. The correct pattern used elsewhere in the codebase is args.xxx === 'true'.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@shankars99 shankars99 Awaiting requested review from shankars99

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@beer-1