Add backup transactions validation for pre-signed ephemeral transactions

[gianfra-t]

About

Adds a validation check to ensure any ephemeral-signed transaction has the required number of backup transactions, with the right nonce sequence.

Note: it does NOT validate the correctness of the data itself.

Additional fixes

Adds delays before checking balances in subsidy phases. This ensure the balance from a previous distributeFee phase is properly settled.

[netlify]

✅ Deploy Preview for vortexfi ready!

Name	Link
🔨 Latest commit	0ad6dcf
🔍 Latest deploy log	https://app.netlify.com/projects/vortexfi/deploys/6a061c42276f3d0008796554
😎 Deploy Preview	https://deploy-preview-1146--vortexfi.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for vortex-sandbox ready!

Name	Link
🔨 Latest commit	0ad6dcf
🔍 Latest deploy log	https://app.netlify.com/projects/vortex-sandbox/deploys/6a061c421e6b5200089f1ec0
😎 Deploy Preview	https://deploy-preview-1146--vortex-sandbox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Sharqiewicz]

What do you think about

 const actualNonces = Object.values(additionalTxs).map(b => b.nonce).sort((a, b) => a - b);
  const expectedNonces = Array.from({ length: EXPECTED_BACKUP_COUNT }, (_, i) => tx.nonce + 1 + i);

  if (!actualNonces.every((n, i) => n === expectedNonces[i])) {
    throw new APIError({
      message: `Transaction for phase ${tx.phase} has invalid backup nonce sequence. Expected ${expectedNonces.join(",")}, got
  ${actualNonces.join(",")}`,
      status: httpStatus.BAD_REQUEST
    });
  }

[Copilot]

Pull request overview

Adds server-side validation to ensure ephemeral-signed presigned transactions include the expected set of backup transactions (count + nonce sequencing), and introduces additional balance-settlement checks/delays in EVM-related phases to reduce race conditions between phases.

Changes:

• Centralized NUMBER_OF_PRESIGNED_TXS into @vortexfi/shared constants and updated call sites.
• Added API validation enforcing presence of backup transactions in meta.additionalTxs and sequential backup nonces for ephemeral signers.
• Added EVM balance waiting/checks in squid/nabla/subsidy phase handlers to avoid proceeding before funds are visible on-chain.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
packages/shared/src/helpers/signUnsigned.ts	Uses shared NUMBER_OF_PRESIGNED_TXS constant instead of a local magic number.
packages/shared/src/constants.ts	Introduces NUMBER_OF_PRESIGNED_TXS as a shared exported constant.
apps/api/src/api/services/transactions/validation.ts	Adds validateBackupTransactions and enforces it during presigned tx validation.
apps/api/src/api/services/transactions/validation.test.ts	Updates fixtures to include backup txs and adds negative tests for missing/invalid backups.
apps/api/src/api/services/transactions/stellar/offrampTransaction.ts	Switches to shared NUMBER_OF_PRESIGNED_TXS constant.
apps/api/src/api/services/phases/handlers/subsidize-post-swap-evm-handler.ts	Adds a fixed delay before checking EVM balances.
apps/api/src/api/services/phases/handlers/squid-router-phase-handler.ts	Adds a pre-swap EVM balance check based on quote bridge metadata.
apps/api/src/api/services/phases/handlers/nabla-swap-handler.ts	Adds a pre-swap EVM balance check for the input token on Base.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gianfra-t]

Accept the inefficiency for now.